chore: upgrade agent runtime dependencies#3832
Merged
Merged
Conversation
Contributor
📝 WalkthroughWalkthroughBumps OpenClaw/Hermes/OpenShell/WeChat plugin pins; adds WeChat plugin metadata discovery and multi-channel seeding; centralizes OpenClaw JSON payload extraction; refactors Kimi exec splitting and tool-catalog handling; updates Dockerfile patching, Slack proof, tests, and docs. ChangesUpstream Version Coordination and Plugin Overhaul
Estimated code review effort🎯 4 (Complex) | ⏱️ ~60 minutes Possibly related PRs
Suggested labels
Suggested reviewers
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Comment |
Contributor
|
🌿 Preview your docs: https://nvidia-preview-pr-3832.docs.buildwithfern.com/nemoclaw |
Contributor
E2E Advisor RecommendationRequired E2E: Dispatch hint: Auto-dispatched E2E: Full advisor summaryE2E Recommendation AdvisorBase: Required E2E
Optional E2E
New E2E recommendations
Dispatch hint
|
Contributor
Selective E2E Results — ❌ Some jobs failedRun: 26127019955
|
Contributor
Selective E2E Results — ❌ Some jobs failedRun: 26127114600
|
Contributor
There was a problem hiding this comment.
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
Dockerfile (1)
205-223:⚠️ Potential issue | 🔴 CriticalE2E test failures must be resolved before merge.
The recommended E2E workflows have been triggered on
upgrade/all-deps-2026-05-19. However, the previous run (started 2026-05-19T21:41:03Z) completed with critical failures in the exact tests specified for Dockerfile validation:
- sandbox-survival-e2e: FAILED (validates gateway restart recovery with persistent connections)
- rebuild-openclaw-e2e: FAILED (validates workspace state survives rebuild)
- cloud-e2e: FAILED (validates full onboard + cloud inference)
- hermes-e2e: Passed
A newer run started at 2026-05-19T22:01:45Z is currently in progress with all recommended jobs queued. Given that the WebSocket timeout patch directly affects OpenClaw's handshake behavior under load, and sandbox-survival-e2e tests gateway restart recovery (triggering reconnections), these failures are critical to resolve. Wait for the in-progress run to complete and confirm all recommended tests pass before merging.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@Dockerfile` around lines 205 - 223, The Dockerfile patch changes DEFAULT_PREAUTH_HANDSHAKE_TIMEOUT_MS (and thus affects OPENCLAW_HANDSHAKE_TIMEOUT_MS / OPENCLAW_CONNECT_CHALLENGE_TIMEOUT_MS) and has triggered critical E2E failures; do not merge until the in-progress CI run for upgrade/all-deps-2026-05-19 completes and all recommended workflows (especially sandbox-survival-e2e, rebuild-openclaw-e2e, cloud-e2e) pass; if they fail again, revert or adjust the change around DEFAULT_PREAUTH_HANDSHAKE_TIMEOUT_MS (the hto_files sed/grep patch in the Patch 5 block) and iterate until the full E2E matrix is green.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Outside diff comments:
In `@Dockerfile`:
- Around line 205-223: The Dockerfile patch changes
DEFAULT_PREAUTH_HANDSHAKE_TIMEOUT_MS (and thus affects
OPENCLAW_HANDSHAKE_TIMEOUT_MS / OPENCLAW_CONNECT_CHALLENGE_TIMEOUT_MS) and has
triggered critical E2E failures; do not merge until the in-progress CI run for
upgrade/all-deps-2026-05-19 completes and all recommended workflows (especially
sandbox-survival-e2e, rebuild-openclaw-e2e, cloud-e2e) pass; if they fail again,
revert or adjust the change around DEFAULT_PREAUTH_HANDSHAKE_TIMEOUT_MS (the
hto_files sed/grep patch in the Patch 5 block) and iterate until the full E2E
matrix is green.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Enterprise
Run ID: 0fd110ed-60e5-46b8-a551-f60c4b2dfefb
📒 Files selected for processing (2)
Dockerfiletest/fetch-guard-patch-regression.test.ts
Contributor
Selective E2E Results — ❌ Some jobs failedRun: 26128083363
|
Contributor
Selective E2E Results — ❌ Some jobs failedRun: 26127986697
|
Contributor
There was a problem hiding this comment.
Actionable comments posted: 4
🧹 Nitpick comments (1)
scripts/seed-wechat-accounts.py (1)
145-155: ⚡ Quick winMake metadata discovery order deterministic.
os.walk()does not guarantee directory or file order, and_dedupe()preserves first-seen order. That means the patched channel-id order inopenclaw.jsonand the"registered ..."log can vary across environments once multiple metadata files are present.Suggested fix
matches: list[pathlib.Path] = [] for root, dirs, files in os.walk(extensions_dir): - dirs[:] = [ + dirs[:] = sorted( + [ item for item in dirs if item not in {"node_modules", "plugin-runtime-deps", ".git"} - ] + ] + ) root_path = pathlib.Path(root) - for filename in files: + for filename in sorted(files): if filename in {"openclaw.plugin.json", "package.json"}: matches.append(root_path / filename)🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@scripts/seed-wechat-accounts.py` around lines 145 - 155, os.walk traversal is non-deterministic so the discovered metadata order (matches list) can vary; make discovery deterministic by sorting directory names and file names during the os.walk loop and then sort (or otherwise order) the resulting matches before returning. Specifically, inside the loop that iterates over os.walk(extensions_dir) where variables extensions_dir, dirs, files, root_path, filename, and matches are used, replace the implicit iteration with sorted(dirs) and sorted(files) (or sort dirs in-place with dirs.sort()) so exploration order is stable, and finally apply a deterministic ordering to matches (e.g., sort matches by path.name or full path) before return so downstream consumers and logs are stable.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@nemoclaw-blueprint/openclaw-plugins/kimi-inference-compat/index.js`:
- Around line 286-300: The bug is reusing the original deltaSplit.contentIndex
after applySafeExecSplitToMessage may have expanded/shifted combined exec
blocks; instead of trusting deltaSplit.contentIndex, compute the targetIndex by
locating the actual target command in the (possibly-rewritten)
deltaSplit.commands (e.g., use deltaSplit.commands.findIndex with a
deep-equality match to the intended command) and fall back to the clamped
contentIndex only if the find fails; then use that computed targetIndex when
selecting targetCommand, calling encodeToolCallArgumentsLike(event.delta,
targetCommand) and when assigning event.toolCall via
buildSplitToolCalls(deltaSplit.toolCall, deltaSplit.commands)[targetIndex];
ensure this change touches the block that calls
applySafeExecSplitToMessage(event.partial|event.message), uses deltaSplit,
targetIndex, targetCommand, encodeToolCallArgumentsLike, and
buildSplitToolCalls.
In `@test/e2e/test-issue-2478-crash-loop-recovery.sh`:
- Around line 275-277: The current health check uses status_output and greps for
'healthy|ready|running', which matches substrings like "not running"; update the
condition in the if that reads status_output="$(timeout 20 nemoclaw
"$SANDBOX_NAME" status 2>&1)" || true to use word-bounded matching (e.g., grep
-Eiq '\b(healthy|ready|running)\b') or use grep -wi with the exact words (grep
-Eiq 'healthy|ready|running' → grep -Eiq '\b(healthy|ready|running)\b' or grep
-wi -E 'healthy|ready|running') so only standalone statuses are accepted.
- Line 111: The current ps|awk pipeline can pick the first "openclaw" process (a
launcher) instead of the gateway; change the pipeline so it deterministically
selects the gateway PID by first filtering processes whose command/args contain
"gateway" and choosing the lowest PID, with an explicit fallback to a plain
"openclaw" process only if no gateway is found. Update the existing pipeline
(the ps -eo ... | awk '\$2 == "openclaw" || \$0 ~ /openclaw[ -]gateway/ { print
\$1; exit }' | tr -d '[:space:]' line) to: 1) prefer matches of /gateway/ (e.g.
awk '\$0 ~ /[ -]gateway/ { print \$1 }' piped to sort -n | head -n1), and 2)
only if that yields nothing, run the plain "openclaw" selection; ensure the
final result is deterministic (sorted by PID) and still trimmed with tr -d
'[:space:]'.
In `@test/policies.test.ts`:
- Line 407: The test is incorrectly checking array membership for a literal
backtick (expect(hosts).not.toContain("`")) instead of validating each host
string for embedded backticks; update the assertion to iterate or otherwise
inspect each host string returned by hosts (e.g., in the test that defines/uses
the hosts variable and the related test block) and assert that no individual
host contains a backtick (for example, use hosts.forEach or a join+regex check)
so the test fails if any host string includes the ` character.
---
Nitpick comments:
In `@scripts/seed-wechat-accounts.py`:
- Around line 145-155: os.walk traversal is non-deterministic so the discovered
metadata order (matches list) can vary; make discovery deterministic by sorting
directory names and file names during the os.walk loop and then sort (or
otherwise order) the resulting matches before returning. Specifically, inside
the loop that iterates over os.walk(extensions_dir) where variables
extensions_dir, dirs, files, root_path, filename, and matches are used, replace
the implicit iteration with sorted(dirs) and sorted(files) (or sort dirs
in-place with dirs.sort()) so exploration order is stable, and finally apply a
deterministic ordering to matches (e.g., sort matches by path.name or full path)
before return so downstream consumers and logs are stable.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Enterprise
Run ID: a4ae8b62-f2a0-4a9b-96c6-93325c74d834
📒 Files selected for processing (19)
nemoclaw-blueprint/openclaw-plugins/kimi-inference-compat/index.jsscripts/generate-openclaw-config.pyscripts/seed-wechat-accounts.pysrc/lib/policy/index.tstest/e2e/lib/openclaw-agent-json.pytest/e2e/lib/slack-api-proof.shtest/e2e/test-bedrock-runtime-compatible-anthropic.shtest/e2e/test-brave-search-e2e.shtest/e2e/test-full-e2e.shtest/e2e/test-issue-2478-crash-loop-recovery.shtest/e2e/test-launchable-smoke.shtest/e2e/test-messaging-compatible-endpoint.shtest/e2e/test-openclaw-inference-switch.shtest/e2e/test-sandbox-operations.shtest/generate-openclaw-config.test.tstest/kimi-inference-compat-plugin.test.tstest/openclaw-agent-json.test.tstest/policies.test.tstest/seed-wechat-accounts.test.ts
✅ Files skipped from review due to trivial changes (1)
- test/openclaw-agent-json.test.ts
Contributor
Selective E2E Results — ❌ Some jobs failedRun: 26131407000
|
Contributor
Selective E2E Results — ✅ All requested jobs passedRun: 26131484758
|
Contributor
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@test/e2e/test-sandbox-operations.sh`:
- Around line 356-360: Update the TC-SBX-02 rationale comment block so it no
longer implies stderr is dropped: change the numbered points to state that
merged stdout/stderr is preserved for failure diagnostics and that assertions
target the JSON envelope payload text (not the merged stream), and keep the note
about relying on generated `thinkingDefault: off` for first-turn timing;
reference the existing rationale block around "Asserts on payload text..." and
the mention of "thinkingDefault: off" so the comment matches the new SSH capture
path that preserves merged output.
- Around line 380-381: The test currently swallows the SSH command exit status
with "|| true" which can yield false positives; modify the block that runs the
openclaw agent command (the line invoking "openclaw agent --agent main --json
--session-id '${session_id}' -m ...") to capture its exit code into a variable
(e.g., rc=$?), then assert success by requiring rc == 0 in the overall success
condition in addition to checking the output contains "42"; remove the "|| true"
suppression and make the success gate require both rc == 0 and the parsed output
match to prevent non-zero SSH exits from being treated as passes.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Enterprise
Run ID: f3881ea7-6db1-46ad-b92f-14722324448b
📒 Files selected for processing (2)
test/e2e/test-openclaw-inference-switch.shtest/e2e/test-sandbox-operations.sh
Contributor
Selective E2E Results — ✅ All requested jobs passedRun: 26131699232
|
Contributor
Selective E2E Results — ❌ Some jobs failedRun: 26131773800
|
Contributor
Selective E2E Results — ❌ Some jobs failedRun: 26132116276
|
Contributor
Selective E2E Results — ✅ All requested jobs passedRun: 26132424944
|
Contributor
Selective E2E Results — ✅ All requested jobs passedRun: 26132979480
|
Contributor
Selective E2E Results — ❌ Some jobs failedRun: 26132662112
|
Contributor
Selective E2E Results — ❌ Some jobs failedRun: 26134337857
|
Contributor
Selective E2E Results — ✅ All requested jobs passedRun: 26134434964
|
Contributor
Selective E2E Results — ✅ All requested jobs passedRun: 26135563540
|
|
|
||
| if (deltaSplit) { | ||
| if (!partialChanged) changed = applySafeExecSplitAtContentIndex(event.partial, deltaSplit) || changed; | ||
| if (!messageChanged) changed = applySafeExecSplitAtContentIndex(event.message, deltaSplit) || changed; |
Contributor
Selective E2E Results — ✅ All requested jobs passedRun: 26138952562
|
Contributor
Selective E2E Results — ❌ Some jobs failedRun: 26139099322
|
Contributor
Selective E2E Results — ❌ Some jobs failedRun: 26139491162
|
Contributor
Selective E2E Results — ✅ All requested jobs passedRun: 26139623838
|
Contributor
Author
Expanded Issue Sweep: Likely Resolved / Retest Candidates From This UpgradeI did a second pass across all 296 open NemoClaw issues, this time starting from the capability deltas in the upgraded runtimes rather than only searching package names. The relevant new surface area is larger than the pins themselves:
High-confidence likely fixed by this PR / close after a quick confirming retest
Strong retest candidates, but I would not close without targeted repro evidence
Explicit non-claims from this sweepI did not mark broader Slack issues (#1569, #2024, #2031, #3014, #3708, #3753) as resolved from the dependency upgrade alone. The PR has stronger Slack proof coverage and green messaging jobs, but those issues need live Slack token/socket/event-path repros before closure. I also did not claim #3779, #3707, #3645, or #3850: #3779 points to a separate GLM compat PR, #3707 is primarily hardware/model throughput under a heavy local Qwen agent shape, #3645 already reports Hermes Validation reference: full nightly https://github.com/NVIDIA/NemoClaw/actions/runs/26139623838 passed on PR head |
Contributor
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@test/e2e-test.sh`:
- Around line 258-261: The test is asserting a non-existent field
restored.wizard.lastRunVersion; either make the snapshot restoration produce
that field in the OpenClaw config (ensure scripts/generate-openclaw-config.py
populates wizard.lastRunVersion before snapshot) or, more simply, change the
assertion to check an actual generated field such as (restored.meta ||
{}).lastTouchedVersion === '2026.3.11' (or another stable field created by the
generator) so the test validates a real restored value instead of undefined.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Enterprise
Run ID: f0ad02e7-367f-4ae8-b4d9-44c038c22c59
📒 Files selected for processing (20)
.agents/skills/nemoclaw-user-reference/references/commands.mdDockerfiledocs/reference/commands.mdxnemoclaw-blueprint/openclaw-plugins/kimi-inference-compat/index.jsscripts/generate-openclaw-config.pyscripts/patch-openclaw-tool-catalog.jsscripts/seed-wechat-accounts.pysrc/lib/onboard.tstest/e2e-test.shtest/e2e/docs/parity-map.yamltest/e2e/lib/openclaw-agent-json.pytest/e2e/test-issue-2478-crash-loop-recovery.shtest/e2e/test-sandbox-operations.shtest/fetch-guard-patch-regression.test.tstest/generate-openclaw-config.test.tstest/kimi-inference-compat-plugin.test.tstest/openclaw-agent-json.test.tstest/openclaw-tool-catalog-patch.test.tstest/policies.test.tstest/seed-wechat-accounts.test.ts
💤 Files with no reviewable changes (3)
- test/seed-wechat-accounts.test.ts
- test/openclaw-tool-catalog-patch.test.ts
- test/policies.test.ts
✅ Files skipped from review due to trivial changes (1)
- docs/reference/commands.mdx
cv
approved these changes
May 20, 2026
Signed-off-by: Aaron Erickson <aerickson@nvidia.com>
Contributor
Selective E2E Results — ✅ All requested jobs passedRun: 26142871395
|
Signed-off-by: Aaron Erickson <aerickson@nvidia.com>
Contributor
Selective E2E Results — ❌ Some jobs failedRun: 26143011902
|
Contributor
There was a problem hiding this comment.
🧹 Nitpick comments (1)
test/e2e/test-openshell-gateway-upgrade.sh (1)
148-148: ⚡ Quick winConsider using the
CURRENT_OPENSHELL_VERSIONvariable in mock version strings.The hardcoded version strings in the fake
openshellbinaries could become inconsistent if the defaultCURRENT_OPENSHELL_VERSIONis updated but these mocks are not. Using the variable would ensure they stay synchronized and prevent misleading test output.♻️ Suggested refactor to use variable expansion
For the first mock (around line 143):
- cat >"$fake_bin/openshell" <<'EOF' + cat >"$fake_bin/openshell" <<EOF #!/usr/bin/env bash # request-body-credential-rewrite # websocket-credential-rewrite -if [ "${1:-}" = "--version" ]; then - printf 'openshell 0.0.44\n' +if [ "\${1:-}" = "--version" ]; then + printf 'openshell ${CURRENT_OPENSHELL_VERSION}\n' exit 0 fi exit 99Apply the same pattern to the second mock (around line 233):
- cat >"$fake_bin/openshell" <<'EOF' + cat >"$fake_bin/openshell" <<EOF #!/usr/bin/env bash # request-body-credential-rewrite # websocket-credential-rewrite -if [ "${1:-}" = "--version" ]; then - printf 'openshell 0.0.44\n' +if [ "\${1:-}" = "--version" ]; then + printf 'openshell ${CURRENT_OPENSHELL_VERSION}\n' exit 0 fi exit 99Note: Change heredoc delimiter from
<<'EOF'to<<EOFto enable variable expansion, and escape literal$in the generated script with\$.Also applies to: 238-238
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@test/e2e/test-openshell-gateway-upgrade.sh` at line 148, Replace hardcoded mock version strings with the CURRENT_OPENSHELL_VERSION variable: update the printf call(s) that currently print 'openshell 0.0.44' to use printf "openshell $CURRENT_OPENSHELL_VERSION\n" (or equivalent double-quoted expansion) and change any surrounding heredoc delimiters from <<'EOF' to <<EOF so variable expansion occurs; where the mock generates scripts that must contain literal dollar signs, escape them as \$ to avoid unintended expansion. Target the mock generator blocks that produce the fake openshell binaries and the printf lines (search for printf 'openshell 0.0.44' and the heredoc blocks around them) and make these substitutions to keep mocks in sync with CURRENT_OPENSHELL_VERSION.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Nitpick comments:
In `@test/e2e/test-openshell-gateway-upgrade.sh`:
- Line 148: Replace hardcoded mock version strings with the
CURRENT_OPENSHELL_VERSION variable: update the printf call(s) that currently
print 'openshell 0.0.44' to use printf "openshell $CURRENT_OPENSHELL_VERSION\n"
(or equivalent double-quoted expansion) and change any surrounding heredoc
delimiters from <<'EOF' to <<EOF so variable expansion occurs; where the mock
generates scripts that must contain literal dollar signs, escape them as \$ to
avoid unintended expansion. Target the mock generator blocks that produce the
fake openshell binaries and the printf lines (search for printf 'openshell
0.0.44' and the heredoc blocks around them) and make these substitutions to keep
mocks in sync with CURRENT_OPENSHELL_VERSION.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Enterprise
Run ID: 4999ea9e-c2a9-4d7d-ad5e-d33341c4e5b3
📒 Files selected for processing (1)
test/e2e/test-openshell-gateway-upgrade.sh
Contributor
Selective E2E Results — ✅ All requested jobs passedRun: 26143909397
|
Contributor
Selective E2E Results — ✅ All requested jobs passedRun: 26144040521
|
ericksoa
added a commit
that referenced
this pull request
May 20, 2026
## Summary - Reverts the squash commit from PR #3832 exactly: b7deb55 - Restores dependency/runtime versions and OpenClaw remediation files to the pre-#3832 state while preserving the later main commit fix(snapshot): use gateway metadata for VM-driver health checks (#3784) ## Verification - git revert --signoff --no-edit b7deb55 applied cleanly from current origin/main - git diff --check HEAD^ HEAD Note: This PR intentionally undoes the merged dependency upgrade. It has not been merged. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit ## Release Notes * **Chores** * Updated OpenClaw to version 2026.4.24, OpenShell to 0.0.39, and Hermes to 2026.4.23. * Updated WeChat plugin dependency from 2.4.3 to 2.4.2. * Streamlined WeChat account configuration logic and refined tool-call handling in Kimi inference compatibility. * Updated internal test suites and validation scripts. <!-- review_stack_entry_start --> [](https://app.coderabbit.ai/change-stack/NVIDIA/NemoClaw/pull/3924?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack) <!-- review_stack_entry_end --> <!-- end of auto-generated comment: release notes by coderabbit.ai --> Signed-off-by: Aaron Erickson <aerickson@nvidia.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
2026.5.18v0.0.44v2026.5.16/ Hermes Agent v0.14.0 with the verified tarball SHA-256@tencent-weixin/openclaw-weixin, from2.4.2to2.4.3; the host iLink client version is documented as lockstep with that sandbox pluginValidation
npm run build:clinpx vitest run test/validate-blueprint.test.ts test/generate-openclaw-config.test.ts test/install-openshell-version-check.test.ts test/onboard-gateway-runtime.test.ts test/onboard-openshell-version.test.ts src/lib/onboard/docker-driver-gateway-runtime-marker.test.ts src/lib/sandbox/version.test.ts src/lib/verify-deployment.test.ts src/ext/wechat/qr.test.ts src/ext/wechat/login.test.ts test/seed-wechat-accounts.test.ts test/generate-hermes-config.test.ts test/hermes-plugin-handlers.test.ts test/hermes-provider-foundation.test.ts test/hermes-sandbox-workflow.test.ts test/hermes-share-mount-deps.test.ts test/hermes-start.test.ts test/hermes-tool-gateway-broker.test.ts test/nemohermes-alias.test.ts src/lib/hermes-provider-auth.test.ts --testTimeout 60000cd nemoclaw && npm test -- src/package-metadata.test.tsnpm run validate:configsnpm run source-shape:checknpm run checksnpx tsx scripts/e2e/check-parity-map.ts --strictnpx tsx scripts/e2e/lint-conventions.tsgit diff --checkbash -n scripts/install-openshell.sh scripts/brev-launchable-ci-cpu.sh test/e2e/test-openshell-version-pin.sh test/e2e/test-openshell-gateway-upgrade.shshellcheck scripts/install-openshell.sh scripts/brev-launchable-ci-cpu.sh test/e2e/test-openshell-version-pin.sh test/e2e/test-openshell-gateway-upgrade.shSummary by CodeRabbit
New Features
Bug Fixes
Chores