fix(hermes): avoid rc rewrites after capability drop

[ericksoa]

Summary

• Move Hermes runtime shell configuration and configure guard into /tmp/nemoclaw-proxy-env.sh instead of rewriting /sandbox/.bashrc and /sandbox/.profile after drop_capabilities.
• Keep Hermes rc files as static root-owned shims and lock them before startup continues.
• Add two dedicated nightly E2E lanes for full OpenClaw and Hermes onboard flows with non-root host/security-posture assertions.

Issues

• Addresses [Brev][Sandbox] NemoHermes onboard Step [7/8] times out: nemoclaw-start exits 0 silently after mktemp Permission denied in /sandbox #3891
• Addresses [Nemoclaw] [All Platforms]Hermes onboarding: sandbox build succeeds but sandbox never reaches Ready and is deleted after 180s timeout #3764

Validation

• bash -n agents/hermes/start.sh test/e2e/lib/security-posture-assertions.sh test/e2e/test-full-e2e.sh test/e2e/test-hermes-e2e.sh
• npm test -- test/validate-e2e-coverage.test.ts test/e2e-advisor-dispatch.test.ts
• npm test -- test/hermes-start.test.ts test/sandbox-init.test.ts
• npm run typecheck:cli
• git diff --check HEAD~1 HEAD

Nightly proof plan

Dispatch only the new proof lanes from this PR branch:

• openclaw-onboard-security-posture-e2e
• hermes-onboard-security-posture-e2e

Summary by CodeRabbit

• Tests

  • Added nightly E2E jobs for two agents to run security-posture checks; included in manual dispatch, failure notifications, and nightly reporting.
  • Enhanced E2E suites with optional security-posture regression phases, reusable sandbox assertion helpers, and unit tests validating proxy-env generation and guard behavior.
  • Improved SSH readiness, instance handling, and output-capture resilience.

• Chores

  • Centralized runtime shell environment generation and simplified sandbox guard handling.

• Documentation

  • Clarified sandbox RC-file behavior in container image comments.

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 84814f9a-c144-4ca9-8b4d-7a92c9d2af9b

📥 Commits

Reviewing files that changed from the base of the PR and between f9c68e3 and 3f53a2d.

📒 Files selected for processing (3)

• .github/workflows/nightly-e2e.yaml
• test/e2e/brev-e2e.test.ts
• test/runner.test.ts

---

📝 Walkthrough

Walkthrough

Refactors Hermes startup to emit a guarded /tmp/nemoclaw-proxy-env.sh, adds a Bash security-posture assertions module and optional E2E phases, adds unit tests for the runtime env bootstrap, updates Brev E2E robustness and stdio capture, and wires two nightly E2E jobs into CI reporting.

Changes

Security posture testing and runtime environment refactor

Layer / File(s)	Summary
Hermes start.sh runtime environment refactor agents/hermes/start.sh	Removes inline rc-file rewrite helpers and install_configure_guard, adds write_runtime_shell_env() to generate /tmp/nemoclaw-proxy-env.sh (proxy/CA exports, embedded guard), emits it via emit_sandbox_sourced_file, and locks .bashrc/.profile. Removes guard-install calls from non-root and root paths.
Dockerfile comment clarifies RC ownership agents/hermes/Dockerfile.base	Rewrites comment to document that HERMES_HOME mapping produces root-owned proxy/env files (mode 444) when the entrypoint runs as root; no executable changes.
Security posture assertions helper module test/e2e/lib/security-posture-assertions.sh	Adds sandbox exec helper, capability-bit assertions, host-user non-root check, PID-1 CapBnd/CapEff/NoNewPrivs inspection, rc-file integrity checks (root-owned 444, no inline guards), proxy-env guarded-file checks with guard probe, startup-log validation, and security_posture_assertions_run orchestration.
E2E integration of security posture checks test/e2e/test-full-e2e.sh, test/e2e/test-hermes-e2e.sh	Adds optional Phase 5b/7b security posture regression checks gated by NEMOCLAW_E2E_SECURITY_POSTURE=1 that source the assertions helper and run security_posture_assertions_run for openclaw and hermes.
Unit tests for runtime shell env test/hermes-start.test.ts	Adds extractRuntimeShellEnvBlock() and runRuntimeShellEnvBootstrap() to inject and run write_runtime_shell_env() in isolation; Vitest validates generated proxy env contains guard markers and hermes setup fails with the expected sandbox modification error.
Nightly workflow job definitions and wiring .github/workflows/nightly-e2e.yaml, .coderabbit.yaml	Adds openclaw-onboard-security-posture-e2e and hermes-onboard-security-posture-e2e jobs with selective-dispatch gating and posture env flags, updates workflow header docs, extends workflow_dispatch.inputs.jobs allowlist, includes the jobs in notify-on-failure, report-to-pr, and scorecard needs lists, and updates .coderabbit.yaml path_instructions to recommend these E2E runs.

Brev E2E resilience and stdio capture

Layer / File(s)	Summary
Brev SSH timeout, listing, and wait logic test/e2e/brev-e2e.test.ts	Adds BREV_SSH_READY_TIMEOUT_SECONDS/MS, normalizes brev ls output with JSON + fallback parsing, changes deleteBrevInstance to return whether deletion was requested, and rewrites waitForSsh to a deadline-based loop with improved retries and richer error reporting.
Brev stdio capture & test assertions test/e2e/brev-e2e.test.ts, test/runner.test.ts	Introduces CAPTURE_OUTPUT_STDIO, switches brev search GPU/CPU commands to use it, and adds a Vitest assertion that CPU candidates are captured with CAPTURE_OUTPUT_STDIO and piped into create with PIPE_INPUT_STDIO.

Sequence Diagram

sequenceDiagram
  participant Nightly as Nightly Workflow
  participant E2E as E2E Test Runner
  participant Hermes as agents/hermes/start.sh
  participant Sandbox as Sandbox (PID 1)
  participant Assertions as security_posture_assertions.sh

  Nightly->>E2E: dispatch job with NEMOCLAW_E2E_SECURITY_POSTURE=1
  E2E->>Hermes: invoke start.sh (write_runtime_shell_env)
  Hermes->>Sandbox: emit /tmp/nemoclaw-proxy-env.sh (guarded)
  Hermes->>Sandbox: lock /sandbox/.bashrc and /sandbox/.profile (mode 444)
  E2E->>Assertions: run security_posture_assertions_run(sandbox, agent)
  Assertions->>Sandbox: inspect /proc/1 (Uid, CapBnd, CapEff, NoNewPrivs)
  Assertions->>Sandbox: verify /sandbox/.bashrc & /sandbox/.profile (root:root 444, no inline guard)
  Assertions->>Sandbox: verify /tmp/nemoclaw-proxy-env.sh (guard markers, guard function)
  Assertions->>Sandbox: source proxy env and probe guard (expect configure-block message)
  Assertions-->>E2E: return posture check results
  E2E-->>Nightly: report job pass/fail

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• NVIDIA/NemoClaw#3735: Related scorecard/aggregation wiring and selective-dispatch handling.
• NVIDIA/NemoClaw#3723: Related CI/nightly job integration and coverage assertions.
• NVIDIA/NemoClaw#3401: Related Brev E2E harness changes (instance parsing, SSH readiness).

Suggested labels

fix, E2E, CI/CD

Suggested reviewers

• cv
• jyaunches

Poem

🐰 I hop through logs where proxy scripts hide,
I tuck guard lines where rc files once lied,
A file sits guarded, perms set to four-four-four,
Tests peek inside sandboxes to knock on the door,
Nightly runs hum — posture checks ask for more.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 20.69% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: moving Hermes runtime shell configuration away from rc file rewrites (which occur after capability drop) into a centralized proxy environment file.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/hermes-start-proxy-env-guard

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

ESLint skipped: no ESLint configuration detected in root package.json. To enable, add eslint to devDependencies.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

PR Review Advisor

Recommendation: info only
Confidence: low
Analyzed HEAD: 3f53a2ddca3f00c10a965f91b37745e18ce48629
Findings: 0 blocker(s), 1 warning(s), 0 suggestion(s)

This is an automated advisory review. A human maintainer must make the final merge decision.

Limitations: Advisor execution failed: Could not parse JSON from PR review advisor output; see /home/runner/work/NemoClaw/NemoClaw/artifacts/pr-review-advisor/pr-review-advisor-raw-output.txt

Workflow run

Full advisor summary

PR Review Advisor

Base: origin/main
Head: HEAD
Analyzed SHA: 3f53a2ddca3f00c10a965f91b37745e18ce48629
Recommendation: info only
Confidence: low

PR review advisor failed: Could not parse JSON from PR review advisor output; see /home/runner/work/NemoClaw/NemoClaw/artifacts/pr-review-advisor/pr-review-advisor-raw-output.txt

Gate status

• CI: pending — 10 status context(s) appear pending.
• Mergeability: fail — mergeStateStatus=BLOCKED
• Review threads: pass — 6 review thread(s), all resolved.
• Risky code tested: warning — Risky areas detected (workflow/enforcement); test files changed, but coverage still needs semantic review.

🔴 Blockers

• None.

🟡 Warnings

• PR review advisor unavailable: The automated advisor could not complete: Could not parse JSON from PR review advisor output; see /home/runner/work/NemoClaw/NemoClaw/artifacts/pr-review-advisor/pr-review-advisor-raw-output.txt
  • Recommendation: Re-run the PR Review Advisor or perform a manual review.
  • Evidence: Could not parse JSON from PR review advisor output; see /home/runner/work/NemoClaw/NemoClaw/artifacts/pr-review-advisor/pr-review-advisor-raw-output.txt

🔵 Suggestions

• None.

Acceptance coverage

• No linked acceptance clauses were analyzed.

Security review

• warning — Secrets and Credentials: Advisor unavailable; human review required.
• warning — Input Validation and Data Sanitization: Advisor unavailable; human review required.
• warning — Authentication and Authorization: Advisor unavailable; human review required.
• warning — Dependencies and Third-Party Libraries: Advisor unavailable; human review required.
• warning — Error Handling and Logging: Advisor unavailable; human review required.
• warning — Cryptography and Data Protection: Advisor unavailable; human review required.
• warning — Configuration and Security Headers: Advisor unavailable; human review required.
• warning — Security Testing: Advisor unavailable; human review required.
• warning — Holistic Security Posture: Advisor unavailable; human review required.

Test / E2E status

• Test depth: e2e_required — Runtime/sandbox/infrastructure paths need real execution coverage: .coderabbit.yaml, .github/workflows/nightly-e2e.yaml, agents/hermes/Dockerfile.base, agents/hermes/start.sh.
• E2E Advisor: not_found (not found)

✅ What looks good

• No positives were identified by the advisor.

Review completeness

• Advisor execution failed: Could not parse JSON from PR review advisor output; see /home/runner/work/NemoClaw/NemoClaw/artifacts/pr-review-advisor/pr-review-advisor-raw-output.txt
• Human maintainer review required: yes

[github-actions]

E2E Advisor Recommendation

Required E2E: hermes-onboard-security-posture-e2e, hermes-e2e, openclaw-onboard-security-posture-e2e
Optional E2E: hermes-inference-switch-e2e, hermes-slack-e2e, rebuild-hermes-e2e, rebuild-hermes-stale-base-e2e

Dispatch hint: hermes-onboard-security-posture-e2e,hermes-e2e,openclaw-onboard-security-posture-e2e

Auto-dispatched E2E: hermes-e2e via nightly-e2e.yaml at 3f53a2ddca3f00c10a965f91b37745e18ce48629 — nightly run

Workflow run

Full advisor summary

E2E Recommendation Advisor

Base: origin/main
Head: HEAD
Confidence: high

Required E2E

• hermes-onboard-security-posture-e2e (high): Direct regression target for the Hermes start.sh change: full Hermes onboard/health/inference under non-root host posture plus assertions that rc files remain static root-owned 444 shims and the Hermes configure guard lives in the runtime proxy-env file.
• hermes-e2e (high): Hermes Dockerfile.base and start.sh affect the normal Hermes onboard path, gateway startup, health probe, proxy environment, and live inference. Run the baseline Hermes E2E in addition to the posture-specific lane to catch regressions outside the special security-posture env path.
• openclaw-onboard-security-posture-e2e (high): The shared security-posture assertion helper and test-full-e2e.sh integration are new/changed. This validates the OpenClaw full onboard path and proves the new workflow job is correctly dispatchable and reports results.

Optional E2E

• hermes-inference-switch-e2e (high): Hermes start.sh changes the runtime shell environment and HERMES_HOME/proxy-env behavior. The switch lane gives extra confidence that a running Hermes sandbox still accepts route/config changes and live requests after the switch.
• hermes-slack-e2e (high): The runtime proxy-env file now carries CA/proxy variables and the Hermes configure guard. Hermes Slack includes Python placeholder egress through the OpenShell proxy and is useful adjacent coverage for connect-session proxy/CA behavior.
• rebuild-hermes-e2e (high): Hermes Dockerfile.base/start.sh changes can affect rebuild and upgrade behavior. Run if additional confidence is needed for Hermes image rebuilds and upgrade path compatibility.
• rebuild-hermes-stale-base-e2e (high): Because Dockerfile.base changed, this is useful optional coverage for stale cached Hermes base image rebuild behavior.

New E2E recommendations

• None.

Dispatch hint

• Workflow: nightly-e2e.yaml
• jobs input: hermes-onboard-security-posture-e2e,hermes-e2e,openclaw-onboard-security-posture-e2e

[coderabbitai]

🧹 Nitpick comments (1)

.github/workflows/nightly-e2e.yaml (1)

806-809: 💤 Low value

Optional: Add persist-credentials: false to checkout steps.

Static analysis flagged these checkout steps for not setting persist-credentials: false. While many existing jobs in this workflow also omit it, adding it prevents Git credentials from persisting into artifacts on failure. Low priority since the workflow only runs on schedule/manual dispatch.

🔒 Proposed fix

       - name: Checkout
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           ref: ${{ inputs.target_ref || github.ref }}
+          persist-credentials: false

Apply to both openclaw-onboard-security-posture-e2e (line 806) and hermes-onboard-security-posture-e2e (line 844) checkout steps.

Also applies to: 844-847

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/nightly-e2e.yaml around lines 806 - 809, The checkout
steps using actions/checkout (the steps named "Checkout" in the
openclaw-onboard-security-posture-e2e and hermes-onboard-security-posture-e2e
jobs) do not set persist-credentials and should be hardened; update each
checkout step's with block to include persist-credentials: false so Git
credentials are not persisted into artifacts on failure, ensuring the key
remains alongside the existing ref: ${{ inputs.target_ref || github.ref }}
entry.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In @.github/workflows/nightly-e2e.yaml:
- Around line 806-809: The checkout steps using actions/checkout (the steps
named "Checkout" in the openclaw-onboard-security-posture-e2e and
hermes-onboard-security-posture-e2e jobs) do not set persist-credentials and
should be hardened; update each checkout step's with block to include
persist-credentials: false so Git credentials are not persisted into artifacts
on failure, ensuring the key remains alongside the existing ref: ${{
inputs.target_ref || github.ref }} entry.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: bb7af2ab-1e2e-4ed7-9bb0-9addf07f8e67

📥 Commits

Reviewing files that changed from the base of the PR and between e88f6a4 and 18fa324.

📒 Files selected for processing (6)

• .github/workflows/nightly-e2e.yaml
• agents/hermes/start.sh
• test/e2e/lib/security-posture-assertions.sh
• test/e2e/test-full-e2e.sh
• test/e2e/test-hermes-e2e.sh
• test/hermes-start.test.ts

[github-actions]

Selective E2E Results — ❌ Some jobs failed

Run: 26180287332
Target ref: fix/hermes-start-proxy-env-guard
Requested jobs: openclaw-onboard-security-posture-e2e,hermes-onboard-security-posture-e2e
Summary: 0 passed, 1 failed, 0 skipped

Job	Result
hermes-onboard-security-posture-e2e	❌ failure
openclaw-onboard-security-posture-e2e	⚠️ cancelled

Failed jobs: hermes-onboard-security-posture-e2e. Check run artifacts for logs.

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

.github/workflows/nightly-e2e.yaml (1)

797-863: ⚠️ Potential issue | 🟠 Major

Add missing .coderabbit.yaml path_instructions entries for the new security-posture E2E jobs.

The PR adds two new E2E jobs (openclaw-onboard-security-posture-e2e and hermes-onboard-security-posture-e2e) but does not include corresponding path_instructions entries in .coderabbit.yaml. Per the coding guidelines, new E2E jobs require matching path_instructions for their source paths.

Missing or incomplete entries:

• No entry for test/e2e/test-full-e2e.sh (run by openclaw-onboard-security-posture-e2e)
• No entry for test/e2e/test-hermes-e2e.sh (run by hermes-onboard-security-posture-e2e)
• agents/hermes/** entry exists but does not reference the new hermes-onboard-security-posture-e2e job in its recommendation list

Add these entries to .coderabbit.yaml with instructions pointing reviewers to run the new security-posture lanes when those paths are modified.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/nightly-e2e.yaml around lines 797 - 863, The
.coderabbit.yaml is missing path_instructions for the two new E2E jobs: add
entries for the scripts "test/e2e/test-full-e2e.sh" (used by
openclaw-onboard-security-posture-e2e) and "test/e2e/test-hermes-e2e.sh" (used
by hermes-onboard-security-posture-e2e) that instruct reviewers to run the
corresponding security-posture lanes, and update the existing agents/hermes/**
path_instructions recommendation list to include the new
hermes-onboard-security-posture-e2e job name so changes under agents/hermes/**
surface the new lane to reviewers.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@test/e2e/lib/security-posture-assertions.sh`:
- Around line 157-160: The check currently treats the case that echoes
"NON_ROOT_PROXY_ENV_OWNER" as acceptable; modify the in-sandbox validation (the
shell snippet executed by security_posture_sandbox_exec that inspects
/tmp/nemoclaw-proxy-env.sh) so that when owner matches "$current_owner" it sets
bad=1 and exits non-zero (i.e., treat NON_ROOT_PROXY_ENV_OWNER as a failure just
like BAD_PROXY_ENV_OWNER). Locate the case block that emits
NON_ROOT_PROXY_ENV_OWNER in the long command string (it references variables f,
meta, mode, owner, current_owner and echoes NON_ROOT_PROXY_ENV_OWNER) and add
bad=1 (and/or an exit non-zero) in that branch so the overall check fails when
the file is not root-owned.

---

Outside diff comments:
In @.github/workflows/nightly-e2e.yaml:
- Around line 797-863: The .coderabbit.yaml is missing path_instructions for the
two new E2E jobs: add entries for the scripts "test/e2e/test-full-e2e.sh" (used
by openclaw-onboard-security-posture-e2e) and "test/e2e/test-hermes-e2e.sh"
(used by hermes-onboard-security-posture-e2e) that instruct reviewers to run the
corresponding security-posture lanes, and update the existing agents/hermes/**
path_instructions recommendation list to include the new
hermes-onboard-security-posture-e2e job name so changes under agents/hermes/**
surface the new lane to reviewers.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: e487dee4-6ccf-4d22-aa99-6ae72678a353

📥 Commits

Reviewing files that changed from the base of the PR and between 18fa324 and eda0fe9.

📒 Files selected for processing (4)

• .github/workflows/nightly-e2e.yaml
• agents/hermes/Dockerfile.base
• agents/hermes/start.sh
• test/e2e/lib/security-posture-assertions.sh

✅ Files skipped from review due to trivial changes (1)

• agents/hermes/Dockerfile.base

[github-actions]

Selective E2E Results — ✅ All requested jobs passed

Run: 26180794094
Target ref: eda0fe91b49fcc5f68878060f96086418fef115c
Workflow ref: main
Requested jobs: hermes-e2e
Summary: 1 passed, 0 failed, 0 skipped

Job	Result
hermes-e2e	✅ success

[github-actions]

Selective E2E Results — ❌ Some jobs failed

Run: 26180718921
Target ref: fix/hermes-start-proxy-env-guard
Requested jobs: openclaw-onboard-security-posture-e2e,hermes-onboard-security-posture-e2e
Summary: 0 passed, 1 failed, 0 skipped

Job	Result
hermes-onboard-security-posture-e2e	❌ failure
openclaw-onboard-security-posture-e2e	⚠️ cancelled

Failed jobs: hermes-onboard-security-posture-e2e. Check run artifacts for logs.

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

.github/workflows/nightly-e2e.yaml (1)

797-802: ⚠️ Potential issue | 🔴 Critical

Add missing path_instructions entries in .coderabbit.yaml for new E2E jobs.

Per coding guidelines, new E2E jobs must have corresponding path_instructions entries in .coderabbit.yaml. The two new security posture jobs are missing entries:

• openclaw-onboard-security-posture-e2e runs test/e2e/test-full-e2e.sh (not in .coderabbit.yaml)
• hermes-onboard-security-posture-e2e runs test/e2e/test-hermes-e2e.sh (not in .coderabbit.yaml)

Also add test/e2e/lib/security-posture-assertions.sh to .coderabbit.yaml since both scripts source it.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/nightly-e2e.yaml around lines 797 - 802, Add missing
path_instructions in .coderabbit.yaml for the two new E2E jobs and their shared
helper: add entries mapping openclaw-onboard-security-posture-e2e to
test/e2e/test-full-e2e.sh and hermes-onboard-security-posture-e2e to
test/e2e/test-hermes-e2e.sh, and also add
test/e2e/lib/security-posture-assertions.sh (since both scripts source it);
ensure the keys match the job names openclaw-onboard-security-posture-e2e and
hermes-onboard-security-posture-e2e and that the path_instructions format
matches existing entries in .coderabbit.yaml.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In @.github/workflows/nightly-e2e.yaml:
- Around line 797-802: Add missing path_instructions in .coderabbit.yaml for the
two new E2E jobs and their shared helper: add entries mapping
openclaw-onboard-security-posture-e2e to test/e2e/test-full-e2e.sh and
hermes-onboard-security-posture-e2e to test/e2e/test-hermes-e2e.sh, and also add
test/e2e/lib/security-posture-assertions.sh (since both scripts source it);
ensure the keys match the job names openclaw-onboard-security-posture-e2e and
hermes-onboard-security-posture-e2e and that the path_instructions format
matches existing entries in .coderabbit.yaml.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: af84991d-df50-45ee-8111-d1cb82fe9c37

📥 Commits

Reviewing files that changed from the base of the PR and between eda0fe9 and fc292ed.

📒 Files selected for processing (1)

• .github/workflows/nightly-e2e.yaml

[github-actions]

Selective E2E Results — ❌ Some jobs failed

Run: 26180979975
Target ref: fix/hermes-start-proxy-env-guard
Requested jobs: openclaw-onboard-security-posture-e2e,hermes-onboard-security-posture-e2e
Summary: 1 passed, 1 failed, 0 skipped

Job	Result
hermes-onboard-security-posture-e2e	✅ success
openclaw-onboard-security-posture-e2e	❌ failure

Failed jobs: openclaw-onboard-security-posture-e2e. Check run artifacts for logs.

[github-actions]

Selective E2E Results — ✅ All requested jobs passed

Run: 26181521660
Target ref: fix/hermes-start-proxy-env-guard
Requested jobs: openclaw-onboard-security-posture-e2e
Summary: 1 passed, 0 failed, 0 skipped

Job	Result
openclaw-onboard-security-posture-e2e	✅ success

[github-actions]

Selective E2E Results — ✅ All requested jobs passed

Run: 26182053633
Target ref: fix/hermes-start-proxy-env-guard
Requested jobs: openclaw-onboard-security-posture-e2e,hermes-onboard-security-posture-e2e
Summary: 2 passed, 0 failed, 0 skipped

Job	Result
hermes-onboard-security-posture-e2e	✅ success
openclaw-onboard-security-posture-e2e	✅ success

[github-actions]

Selective E2E Results — ✅ All requested jobs passed

Run: 26182621536
Target ref: 3e283c3b5df210478aa94bcb3dadbe5b483844e9
Workflow ref: main
Requested jobs: hermes-e2e
Summary: 1 passed, 0 failed, 0 skipped

Job	Result
hermes-e2e	✅ success

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@test/hermes-start.test.ts`:
- Around line 155-156: The test in test/hermes-start.test.ts is only checking a
prefix so expect(run.envFileContent).toContain("export SSL_CERT_FILE=") will
pass when the variable is non-empty; change the assertion to verify an empty
assignment exactly by using a line-anchored check (e.g., a multiline regex
match) against the literal "export SSL_CERT_FILE=" on its own line so
run.envFileContent must contain an exact empty assignment; update the assertion
that currently references run.envFileContent and "export SSL_CERT_FILE="
accordingly.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 20270730-f9b1-4793-ba66-786567169223

📥 Commits

Reviewing files that changed from the base of the PR and between 60b59a4 and 3e283c3.

📒 Files selected for processing (1)

• test/hermes-start.test.ts

[github-actions]

Selective E2E Results — ✅ All requested jobs passed

Run: 26182579369
Target ref: fix/hermes-start-proxy-env-guard
Requested jobs: openclaw-onboard-security-posture-e2e,hermes-onboard-security-posture-e2e
Summary: 2 passed, 0 failed, 0 skipped

Job	Result
hermes-onboard-security-posture-e2e	✅ success
openclaw-onboard-security-posture-e2e	✅ success

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@test/hermes-start.test.ts`:
- Around line 155-156: The test currently checks only the filename suffix;
instead assert that the exact generated CA path is propagated by using the test
helper's run.caFile value. Replace the loose assertion
(expect(run.envFileContent).toContain("/proxy\\ ca.pem")) with an assertion that
the env content contains the full path from run.caFile (e.g.
expect(run.envFileContent).toContain(run.caFile) or
expect(run.envFileContent).toContain(`export SSL_CERT_FILE=${run.caFile}`)),
keeping references to run, run.envFileContent and run.caFile to locate and
validate the real path.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: cf886755-cc83-4e3e-9f33-f665e67d7b29

📥 Commits

Reviewing files that changed from the base of the PR and between 60b59a4 and 3e283c3.

📒 Files selected for processing (1)

• test/hermes-start.test.ts

[coderabbitai]

🧹 Nitpick comments (1)

.coderabbit.yaml (1)

453-500: ⚡ Quick win

Add the OpenClaw security-posture lane to the shared entrypoint mapping too.

These new entries cover the helper and top-level E2E drivers, but reviewers touching scripts/nemoclaw-start.sh or scripts/lib/sandbox-init.sh still will not get a recommendation for openclaw-onboard-security-posture-e2e, even though that lane exercises the non-root boot posture those files own.

As per coding guidelines, "If a new E2E job is added, verify corresponding path_instructions entries exist in .coderabbit.yaml for the source files it covers."

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.coderabbit.yaml around lines 453 - 500, The shared entrypoint mapping in
.coderabbit.yaml is missing the openclaw-onboard-security-posture-e2e
recommendation for source files that exercise the non-root boot posture (e.g.,
scripts/nemoclaw-start.sh and scripts/lib/sandbox-init.sh); add an entry that
maps those script paths to include the openclaw-onboard-security-posture-e2e
lane just like the existing entries for
test/e2e/lib/security-posture-assertions.sh, test/e2e/test-full-e2e.sh, and
test/e2e/test-hermes-e2e.sh so reviewers touching nemoclaw-start.sh or
sandbox-init.sh will get the proper E2E recommendation.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In @.coderabbit.yaml:
- Around line 453-500: The shared entrypoint mapping in .coderabbit.yaml is
missing the openclaw-onboard-security-posture-e2e recommendation for source
files that exercise the non-root boot posture (e.g., scripts/nemoclaw-start.sh
and scripts/lib/sandbox-init.sh); add an entry that maps those script paths to
include the openclaw-onboard-security-posture-e2e lane just like the existing
entries for test/e2e/lib/security-posture-assertions.sh,
test/e2e/test-full-e2e.sh, and test/e2e/test-hermes-e2e.sh so reviewers touching
nemoclaw-start.sh or sandbox-init.sh will get the proper E2E recommendation.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 0b70bc15-3e46-47ea-8c44-0e27b19b5ac4

📥 Commits

Reviewing files that changed from the base of the PR and between 3e283c3 and 48a1e13.

📒 Files selected for processing (4)

• .coderabbit.yaml
• .github/workflows/nightly-e2e.yaml
• test/e2e/lib/security-posture-assertions.sh
• test/hermes-start.test.ts

[github-actions]

Selective E2E Results — ✅ All requested jobs passed

Run: 26183406642
Target ref: 48a1e1342c679071b074f0804618fb27188ebc8e
Workflow ref: main
Requested jobs: hermes-e2e
Summary: 1 passed, 0 failed, 0 skipped

Job	Result
hermes-e2e	✅ success

[github-actions]

Selective E2E Results — ✅ All requested jobs passed

Run: 26183311331
Target ref: fix/hermes-start-proxy-env-guard
Requested jobs: openclaw-onboard-security-posture-e2e,hermes-onboard-security-posture-e2e
Summary: 2 passed, 0 failed, 0 skipped

Job	Result
hermes-onboard-security-posture-e2e	✅ success
openclaw-onboard-security-posture-e2e	✅ success

[github-actions]

Selective E2E Results — ✅ All requested jobs passed

Run: 26183684739
Target ref: 806e951d5b6e887337a544fa950ab3bc1776c22f
Workflow ref: main
Requested jobs: hermes-e2e
Summary: 1 passed, 0 failed, 0 skipped

Job	Result
hermes-e2e	✅ success

[github-actions]

Selective E2E Results — ✅ All requested jobs passed

Run: 26183971147
Target ref: efe78a17f05265fad023acd3f37a41ba51c02dde
Workflow ref: main
Requested jobs: hermes-e2e
Summary: 1 passed, 0 failed, 0 skipped

Job	Result
hermes-e2e	✅ success

[github-actions]

❌ Brev E2E (full): FAILED on branch fix/hermes-start-proxy-env-guard — See logs

[github-actions]

❌ Brev E2E (full): FAILED on branch fix/hermes-start-proxy-env-guard — See logs

[github-actions]

Selective E2E Results — ✅ All requested jobs passed

Run: 26184964011
Target ref: efe78a17f05265fad023acd3f37a41ba51c02dde
Workflow ref: fix/hermes-start-proxy-env-guard
Requested jobs: hermes-e2e,launchable-smoke-e2e
Summary: 2 passed, 0 failed, 0 skipped

Job	Result
hermes-e2e	✅ success
launchable-smoke-e2e	✅ success

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@test/e2e/brev-e2e.test.ts`:
- Around line 170-172: The callback parameter for rawInstances.flatMap currently
has an implicit any; explicitly annotate it (e.g., change the callback to
rawInstances.flatMap((instance: unknown) => { ... }) ) so the compiler knows the
element type and the normalizeBrevInstance call receives a properly typed
argument; update any related callbacks in the same expression if present.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: d22e12e9-1a89-4227-a86d-081e8819e454

📥 Commits

Reviewing files that changed from the base of the PR and between efe78a1 and f9c68e3.

📒 Files selected for processing (2)

• test/e2e/brev-e2e.test.ts
• test/runner.test.ts

[github-actions]

Selective E2E Results — ✅ All requested jobs passed

Run: 26185995744
Target ref: f9c68e35e74caa3684db01042a426f49226f198c
Workflow ref: main
Requested jobs: hermes-e2e
Summary: 1 passed, 0 failed, 0 skipped

Job	Result
hermes-e2e	✅ success

[github-actions]

✅ Brev E2E (full): PASSED on branch fix/hermes-start-proxy-env-guard — See logs

[github-actions]

Selective E2E Results — ✅ All requested jobs passed

Run: 26187020907
Target ref: a6bc88912932e72fb568f398c547b3242d2b9beb
Workflow ref: main
Requested jobs: hermes-e2e
Summary: 1 passed, 0 failed, 0 skipped

Job	Result
hermes-e2e	✅ success

[github-actions]

✅ Brev E2E (full): PASSED on branch fix/hermes-start-proxy-env-guard — See logs

[ericksoa]

@cv could you please take a look for approval? The latest head is a6bc88912932e72fb568f398c547b3242d2b9beb; the Brev full E2E rerun passed on that head (https://github.com/NVIDIA/NemoClaw/actions/runs/26186977297), and the PR rollup is otherwise green with no failing checks. Thanks!

[github-actions]

Selective E2E Results — ✅ All requested jobs passed

Run: 26191367897
Target ref: 3f53a2ddca3f00c10a965f91b37745e18ce48629
Workflow ref: main
Requested jobs: hermes-e2e
Summary: 1 passed, 0 failed, 0 skipped

Job	Result
hermes-e2e	✅ success