docs(network-policy): clarify Homebrew is preinstalled after #3916#3946
Merged
ericksoa merged 3 commits intoMay 21, 2026
Merged
Conversation
Contributor
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Enterprise Run ID: 📒 Files selected for processing (5)
✅ Files skipped from review due to trivial changes (4)
📝 WalkthroughWalkthroughThis PR clarifies that Homebrew is preinstalled in the NemoClaw sandbox, expands the ChangesHomebrew preset documentation clarification
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Possibly related issues
Suggested labels
Suggested reviewers
Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Warning There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure. 🔧 ESLint
ESLint skipped: no ESLint configuration detected in root package.json. To enable, add Comment |
Contributor
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In
@.agents/skills/nemoclaw-user-manage-policy/references/integration-policy-examples.md:
- Around line 216-217: Rewrite the two passive sentences into active voice:
change "Homebrew (Linuxbrew) is preinstalled in the sandbox base image" to an
active construction that names the actor (e.g., "The sandbox base image includes
Homebrew (Linuxbrew)") and change "The `brew` entry point is symlinked into
`/usr/local/bin`, which is already on the sandbox `PATH`" to an active form that
names who performed the action or states the fact directly (e.g., "We/The image
symlinked the `brew` entry point into `/usr/local/bin`, which is already on the
sandbox `PATH`"), keeping the rest of the explanation about running `brew
install <formula>` unchanged and preserving references to `brew`,
`/usr/local/bin`, and `PATH`.
In `@docs/network-policy/integration-policy-examples.mdx`:
- Around line 231-232: Rewrite the two passive sentences into active voice:
replace "Homebrew (Linuxbrew) is preinstalled in the sandbox base image" with an
active construction like "The sandbox base image includes Homebrew (Linuxbrew)"
and replace "The `brew` entry point is symlinked into `/usr/local/bin`, which is
already on the sandbox `PATH`" with an active construction like "We symlink the
`brew` entry point into `/usr/local/bin`, which is already on the sandbox
`PATH`" (or similar active phrasing) so the paragraph reads actively and still
conveys that applying the `brew` preset is the only step and that the agent can
run `brew install <formula>` directly.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Enterprise
Run ID: 54d209a4-f8f5-4739-a155-daf69fcad8ac
📒 Files selected for processing (5)
.agents/skills/nemoclaw-user-configure-security/references/best-practices.md.agents/skills/nemoclaw-user-manage-policy/references/integration-policy-examples.mddocs/network-policy/integration-policy-examples.mdxdocs/security/best-practices.mdxnemoclaw-blueprint/policies/presets/brew.yaml
After NVIDIA#3916 baked Homebrew (Linuxbrew) into the sandbox base image, the brew preset is the only step needed before installing a formula. Update the integration policy examples, the security best-practices preset table, and the brew preset description to reflect the new flow so users no longer expect a separate Homebrew bootstrap. Signed-off-by: latenighthackathon <latenighthackathon@users.noreply.github.com>
Rewrites the two passive sentences flagged by review in the new Homebrew Specifics subsection and the brew preset row of the security best-practices table, and regenerates the matching agent skill mirrors. No content change beyond voice; the post-NVIDIA#3916 flow (apply preset, then brew install) is unchanged. Signed-off-by: latenighthackathon <latenighthackathon@users.noreply.github.com>
dcd5a82 to
78d69a6
Compare
ericksoa
approved these changes
May 21, 2026
ericksoa
left a comment
Contributor
There was a problem hiding this comment.
Reviewed against current main. No blockers found: the Homebrew docs match the post-#3916 base-image state, the /usr/local/bin/brew shim is present in Dockerfile.base, the brew preset allows that entry point, the changed skill mirrors match the source docs, and the visible CI checks are green.
12 tasks
miyoungc
added a commit
that referenced
this pull request
May 21, 2026
## Summary Refreshes NemoClaw release notes for v0.0.47 and v0.0.48, then regenerates the corresponding user-skill references so agent-facing docs match the source pages. Preview: https://nvidia-preview-docs-release-notes-47-48.docs.buildwithfern.com/nemoclaw/about/release-notes ## Changes - Adds explicit v0.0.47 and v0.0.48 sections to `docs/about/release-notes.mdx`. - Documents follow-up WSL Ollama, sandbox image, share mount, and troubleshooting updates from recent release changes. - Regenerates `nemoclaw-user-*` skill references from the Fern MDX source docs. ## Source Summary - #4003 -> `docs/about/release-notes.mdx`: Notes the messaging manifest registry work as part of v0.0.48 release coverage. - #3984 -> `docs/about/release-notes.mdx`: Captures Hermes messaging policy scoping in the v0.0.48 release notes. - #3963 -> `docs/about/release-notes.mdx`: Captures DGX Spark Hermes GPU recreation startup recovery in the v0.0.48 release notes. - #3961 -> `docs/about/release-notes.mdx`: Captures Discord loopback proxy routing in the v0.0.48 release notes. - #3940 -> `docs/about/release-notes.mdx`: Captures installer prompt clarification and express-install behavior in the v0.0.48 release notes. - #3946 -> `docs/about/release-notes.mdx`: Carries forward the Homebrew preinstall clarification in release coverage. - #3937 -> `docs/about/release-notes.mdx`: Carries forward the dashboard URL command and post-install next steps coverage. - #3921 -> `docs/about/release-notes.mdx`: Carries forward managed vLLM default behavior for DGX Spark and DGX Station. - #3931 -> `docs/about/release-notes.mdx`, `docs/reference/architecture.mdx`: Documents the sandbox `python` to `python3` compatibility symlink. - #1485 -> `docs/about/release-notes.mdx`, `docs/reference/architecture.mdx`: Documents the sandbox image Docker health check. - #3784 -> `docs/about/release-notes.mdx`: Captures VM-driver snapshot health-check reliability in release notes. - #3917 -> `docs/about/release-notes.mdx`: Captures package-based workspace template resolution in release notes. - #3170 -> `docs/about/release-notes.mdx`: Captures installer checksum compatibility from preferring `sha256sum`. - #3898 -> `docs/about/release-notes.mdx`: Adds v0.0.47 release coverage for messaging provider scenario validation. - #3897 -> `docs/about/release-notes.mdx`: Adds v0.0.47 release coverage for baseline onboarding scenario validation. - #3834 -> `docs/about/release-notes.mdx`: Adds v0.0.47 release coverage for PR review advisor automation. - #3838 -> `docs/about/release-notes.mdx`: Adds v0.0.47 release coverage for CLI display registry refactoring. ## Type of Change - [ ] Code change (feature, bug fix, or refactor) - [ ] Code change with doc updates - [ ] Doc only (prose changes, no code sample modifications) - [x] Doc only (includes code sample changes) ## Verification - [x] `npx prek run --all-files` passes - [ ] `npm test` passes - [ ] Tests added or updated for new or changed behavior - [x] No secrets, API keys, or credentials committed - [x] Docs updated for user-facing behavior changes - [ ] `make docs` builds without warnings (doc changes only) - [x] Doc pages follow the [style guide](https://github.com/NVIDIA/NemoClaw/blob/main/docs/CONTRIBUTING.md) (doc changes only) - [ ] New doc pages include SPDX header and frontmatter (new pages only) `make docs` was attempted but could not complete because `npx fern-api` failed with `403 Forbidden` from `https://registry.npmjs.org/fern-api` in this environment. Pre-commit and pre-push hooks passed after refreshing the local CLI build output with `npm run build:cli`; no build artifacts were committed. --- Signed-off-by: Miyoung Choi <miyoungc@nvidia.com> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Documentation** * Added WSL onboarding notes for Windows-host Ollama detection, restart guidance, and PowerShell checks. * Clarified express-install behavior (non-interactive, sudo prompts) and default sandbox policy selection. * Added Windows preparation guidance when installer tooling is missing (winget/App Installer or Docker Desktop). * Expanded sandbox docs with Docker health checks, Homebrew/python compatibility helpers, share-mount path validation, Discord troubleshooting, and new v0.0.48/v0.0.47 release notes. * **Chores** * Improved docs preview workflow error handling. <!-- review_stack_entry_start --> [](https://app.coderabbit.ai/change-stack/NVIDIA/NemoClaw/pull/4007?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack) <!-- review_stack_entry_end --> <!-- end of auto-generated comment: release notes by coderabbit.ai -->
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Updates the network-policy docs and the brew preset description so users know that the brew binary already ships in the sandbox base image after #3916, and the brew preset is the only step needed before installing a formula.
Problem
Before #3916 landed, the brew preset only granted network egress and assumed Homebrew was already on PATH. Several pages still describe brew as a generic package-manager preset without mentioning that the binary is now baked into the image, so a new user following the integration policy examples can be left looking for a separate bootstrap step that no longer applies. This PR brings those pages and the preset description in line with the post-#3916 flow.
Changes
brew shellenvstep is required.Test plan
Signed-off-by: latenighthackathon latenighthackathon@users.noreply.github.com
Summary by CodeRabbit