fix(skills): flatten catalog export and detect untracked files in refresh diff#4342
Merged
Merged
Conversation
The catalog refresh workflow's change-detection step used `git diff --quiet` against `.agents/catalog-skills.yaml` and `skills/nemoclaw`, which only inspects tracked paths. Because `skills/nemoclaw` is not yet committed on `main`, a freshly-exported catalog looks identical to the empty tracked tree and the workflow short-circuits with "No catalog skill export changes detected.", silently dropping the 43 generated files and never opening the refresh PR. Mark the export targets as intent-to-add before running `git diff --quiet` so untracked files surface as additions and the workflow proceeds to create or update the refresh PR. Signed-off-by: Julie Yaunches <jyaunches@nvidia.com>
Contributor
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Enterprise Run ID: 📒 Files selected for processing (7)
✅ Files skipped from review due to trivial changes (2)
📝 WalkthroughWalkthroughChange the catalog export root from ChangesCatalog skills export root & refresh workflow
Sequence Diagram(s)sequenceDiagram
participant Actions as GitHub Actions
participant Config as .agents/catalog-skills.yaml
participant Script as export-catalog-skills.py
participant Git as git CLI
participant PR as GitHub Pull Request
Actions->>Config: read export root (`skills/`)
Actions->>Git: checkout refresh branch (if exists) and overlay `skills/`
Actions->>Script: run regeneration -> write `skills/`
Actions->>Git: git add --intent-to-add .agents/catalog-skills.yaml skills
Git->>Git: git diff --quiet checks for changes
Actions->>PR: create or update refresh pull request with staged changes
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Possibly related issues
Possibly related PRs
Suggested labels
Suggested reviewers
Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Warning There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure. 🔧 ESLint
ESLint skipped: no ESLint configuration detected in root package.json. To enable, add Comment |
Contributor
E2E Advisor RecommendationRequired E2E: None Full advisor summaryE2E Recommendation AdvisorBase: Required E2E
Optional E2E
New E2E recommendations
|
Contributor
E2E Scenario Advisor RecommendationRequired scenario E2E: None Full scenario advisor summaryE2E Scenario AdvisorBase: Required scenario E2E
Optional scenario E2E
Relevant changed files
|
Contributor
PR Review AdvisorFindings: 0 needs attention, 4 worth checking, 0 nice ideas Review findings🛠️ Needs attention
🔎 Worth checking
🌱 Nice ideas
Since last review detailsCurrent findings:
This is an automated advisory review. A human maintainer must make the final merge decision. |
…ention
Every other onboarded NVSkills product repo (cuopt, nurec-skills,
digital-health-skills, aiq, and nvskills-ci itself with
skills/ci-smoke-test/) lays skills out at `skills/<skill-name>/SKILL.md`,
not `skills/<product>/<skill-name>/SKILL.md`. NVSkills CI's validator
(NVIDIA/nvskills-ci/scripts/validate_request.py:21-26) only checks
`path.startswith(("skills/", ...))`; the per-product subdir is not
required and is in fact unique to NemoClaw.
Drop the redundant `nemoclaw/` namespace layer so the export conforms
to the established convention:
- `.agents/catalog-skills.yaml`: `export: skills/nemoclaw` -> `skills`
- `scripts/export-catalog-skills.py`: default target updated
- `.github/workflows/catalog-skills-refresh.yaml`: all path refs updated
(preserve-overlay, change-detection, commit-add)
- `.pre-commit-config.yaml`: regex anchored to `skills/.*`
- `.github/catalog-skills-signing-flow.md`,
`.github/pr-bodies/catalog-skills-refresh.md`: prose updated
- `test/catalog-skills-export.test.ts`: fixtures updated
Verified locally: exporter writes 11 skills to flat `skills/<name>/`,
all 4 vitest cases pass, and the untracked-file diff fix from the
prior commit still flips `changed=true` against the new path.
Signed-off-by: Julie Yaunches <jyaunches@nvidia.com>
miyoungc
approved these changes
May 27, 2026
10 tasks
jyaunches
added a commit
that referenced
this pull request
May 27, 2026
<!-- markdownlint-disable MD041 --> ## Summary Install the NVSkills CI request listener so `/nvskills-ci` comments on catalog refresh PRs actually trigger NVSkills signing. Without this listener, comments are no-ops and merged refresh PRs ship unsigned (which downstream `NVIDIA/skills` then drops on sync). ## Related Issue Follow-up to #4282 / #4342. Discovered while running the post-merge signing flow on PR #4344: the `/nvskills-ci` comment posted on that PR produced no workflow run because NemoClaw was missing the team-request listener. ## Changes - **`.github/workflows/request-nvskills-ci.yml`** (new): copied byte-for-byte from `NVIDIA/nvskills-ci/templates/team-request-workflow.yml@main`, with a NemoClaw SPDX header. Forwards `/nvskills-ci` PR comments (and `nv-skills-ci[bot]` signature pushes) to `NVIDIA/skills/.github/workflows/team-request.yml@main` via `secrets.NVSKILLS_CI_DISPATCH_TOKEN`. - **`.github/CODEOWNERS`**: add an explicit nemoclaw-maintainer rule for `/.github/workflows/request-nvskills-ci.yml` so onboarding step 4 (CODEOWNERS protection) is visibly enforced; also flatten the now-stale `/skills/nemoclaw/` rule to `/skills/` to match the post-#4342 export layout. ## Onboarding status Per [`NVIDIA/nvskills-ci/docs/team-onboarding.md`](https://github.com/NVIDIA/nvskills-ci/blob/main/docs/team-onboarding.md): | Step | What | Status | |---|---|---| | 1 | Add NemoClaw to `config/onboarded-repositories.json` | ✅ already done | | 2 | Install `templates/team-request-workflow.yml` as `.github/workflows/request-nvskills-ci.yml` | ✅ this PR | | 3 | Set `NVSKILLS_CI_DISPATCH_TOKEN` repo secret |⚠️ **manual maintainer/admin action required after merge** | | 4 | CODEOWNERS-protect the new workflow file | ✅ this PR | | 5 | Test by commenting `/nvskills-ci` on a PR | 🟡 unblocked once step 3 lands | ## Type of Change - [x] Code change (feature, bug fix, or refactor) - [ ] Code change with doc updates - [ ] Doc only (prose changes, no code sample modifications) - [ ] Doc only (includes code sample changes) ## Verification - Workflow body verified byte-identical to upstream template: ``` $ diff <(tail -n +13 .github/workflows/request-nvskills-ci.yml) \ ~/Development/nvskills-ci/templates/team-request-workflow.yml (no output — identical) ``` - Listener is inert until the `NVSKILLS_CI_DISPATCH_TOKEN` secret is set; until then `/nvskills-ci` comments will fail at the secret-injection boundary, but they will at least produce a visible failed workflow run instead of silently doing nothing. - [x] No secrets, API keys, or credentials committed - [x] Tests added or updated for new or changed behavior — N/A (single workflow file mirrored from upstream template; behavior is exercised by the next live `/nvskills-ci` comment) - [ ] Docs updated for user-facing behavior changes — N/A (CI-internal) - [ ] `npm run docs` builds without warnings — N/A - [ ] Doc pages follow the style guide — N/A - [ ] New doc pages include SPDX header and frontmatter — N/A --- Signed-off-by: Justin Yaunches <jyaunches@nvidia.com> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Chores** * Updated repository ownership mappings to reorganize responsibility for the skills subtree and simplify maintainer coverage. * Added a workflow to request NVSkills validation/signature runs: can be triggered by a specially formatted issue comment or by specific commit pushes from the CI signature actor, and securely forwards the dispatch token to the centralized validation workflow. <!-- review_stack_entry_start --> [](https://app.coderabbit.ai/change-stack/NVIDIA/NemoClaw/pull/4345?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack) <!-- review_stack_entry_end --> <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Signed-off-by: Julie Yaunches <jyaunches@nvidia.com> Co-authored-by: Carlos Villela <cvillela@nvidia.com>
cv
pushed a commit
that referenced
this pull request
May 27, 2026
## Summary - Add the v0.0.53 release notes with the user-facing onboarding, inference, policy, runtime, Hermes, and maintainer-tooling changes from the release range. - Refresh generated `nemoclaw-user-*` skills from the current Fern docs, including already-merged policy, inference, troubleshooting, and command-reference updates. - Remove skipped experimental shield wording from generated-doc source so the release-prep skip-term gate stays clean. ## Source summary - #4197 -> `docs/about/release-notes.mdx`, `docs/reference/commands.mdx`: Document pre-recreate workspace backup, abort-on-partial-backup behavior, and `NEMOCLAW_RECREATE_WITHOUT_BACKUP`. - #4273 -> `docs/about/release-notes.mdx`, `docs/reference/troubleshooting.mdx`: Document the under-provisioned runtime prompt defaulting to abort in interactive onboarding. - #4220 -> `docs/about/release-notes.mdx`, `docs/network-policy/customize-network-policy.mdx`, `docs/network-policy/integration-policy-examples.mdx`: Include the `openclaw-pricing` preset and generated skill refresh. - #4253 -> `docs/about/release-notes.mdx`, `docs/inference/use-local-inference.mdx`, `docs/inference/switch-inference-providers.mdx`: Carry the Ollama runtime context-window docs into generated skills. - #4298 -> `docs/about/release-notes.mdx`, `docs/reference/troubleshooting.mdx`: Carry WSL Docker Desktop GPU guidance into generated skills and release notes. - #4297, #4210, #4221, #4225, #4288, #4306, #4311, #4319, #4342, #4284, #3327 -> `docs/about/release-notes.mdx`: Summarize release-range fixes and maintainer tooling changes that did not need new standalone docs pages. ## Verification - `python3 scripts/docs-to-skills.py docs/ .agents/skills/ --prefix nemoclaw-user --doc-platform fern-mdx` - `rg "permissive mode|shields down|shields up|shields status|config rotate-token|rotate-token" docs .agents/skills` returned no matches outside `docs/.docs-skip`. - `npm run docs` passes with full network access. Fern reports 0 errors and one existing light-mode accent contrast warning. - `FERN_VERSION=$(node -p "require('./fern/fern.config.json').version") && (cd fern && npx --yes "fern-api@${FERN_VERSION}" check --warnings)` reports 0 errors and the same contrast warning. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Documentation** * Added v0.0.53 release notes with updates to onboarding, sandbox recreation, and gateway handling * Introduced `openclaw-pricing` preset for model pricing endpoint management * Clarified Ollama context window configuration and local model validation behavior * Updated sandbox recreation workflow documentation with backup/restore details * Enhanced interactive onboarding defaults for under-provisioned runtime warnings * Revised security guidance for configuration directory permissions and immutability verification <!-- review_stack_entry_start --> [](https://app.coderabbit.ai/change-stack/NVIDIA/NemoClaw/pull/4360?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack) <!-- review_stack_entry_end --> <!-- end of auto-generated comment: release notes by coderabbit.ai -->
This was referenced May 28, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Two related fixes to the NemoClaw catalog skills export so the
Skills / Catalog Refreshworkflow actually opens a refresh PR onmain:git diff --quietwhich only inspects tracked paths, so a freshly-exported catalog against an empty tracked tree looked unchanged and the workflow short-circuited via "Catalog skill export is already current." without ever pushing the 43 generated files.skills/nemoclaw/toskills/. Every other onboarded NVSkills product repo (cuopt,nurec-skills,digital-health-skills,aiq) — andnvskills-ciitself, withskills/ci-smoke-test/SKILL.md— usesskills/<skill-name>/SKILL.md. The per-product namespace layer in NemoClaw was redundant and didn't match anyone else's layout.Related Issue
Follow-up to #4282 / #4284 / #4334. Observed on post-merge runs 26526695773 and 26526772139: both completed
successafter exporting 11 skills, then exited viaStop after dry runwithout producing a PR because no diff was detected against the emptyskills/tree onmain.Changes
Diff fix (commit 1):
.github/workflows/catalog-skills-refresh.yaml: rungit add --intent-to-addagainst the export paths beforegit diff --quietso untracked files surface as additions.Layout flattening (commit 2):
.agents/catalog-skills.yaml:export: skills/nemoclaw→export: skillsscripts/export-catalog-skills.py: default target updated.github/workflows/catalog-skills-refresh.yaml: everyskills/nemoclawreference (preserve-overlay, change-detection, commit-add) updated toskills.pre-commit-config.yaml: hook regex now anchors toskills/.*.github/catalog-skills-signing-flow.md,.github/pr-bodies/catalog-skills-refresh.md: prose updatedtest/catalog-skills-export.test.ts: temp-fixture paths updatedWhy dropping the
nemoclaw/subdir is safeVerified directly against
NVIDIA/nvskills-ci(cloned locally):scripts/validate_request.py:21-26—WATCHED_PATH_PREFIXES = (".agents/skills/", "skills/", "team-skills/", "rules/team-rules/", "plugins/")andis_watched_path = path.startswith(WATCHED_PATH_PREFIXES). Plain prefix match — no namespacing requirement..github/workflows/team-request.yml:114mirrors the samestartswith("skills/")filter.docs/team-onboarding.md:27— "Store NVSkills content underskills/,team-skills/, ..." — no per-product subdir mentioned.nvskills-ci's own example skill is atskills/ci-smoke-test/SKILL.md.cuopt,nurec-skills,digital-health-skills,aiq).Type of Change
Verification
Reproduced and validated locally on a clean
maincheckout:Vitest:
npx prek run --all-filespassesnpm testpasses for the affected test file (4/4)npm run docsbuilds without warnings — N/ASigned-off-by: Justin Yaunches jyaunches@nvidia.com
Summary by CodeRabbit