Skip to content

feat(policies): add Ollama local inference preset #1047

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
rktm0604 wants to merge 1 commit into
base: main
Choose a base branch
from
+62 −0
Open

feat(policies): add Ollama local inference preset #1047

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
62 changes: 62 additions & 0 deletions nemoclaw-blueprint/policies/presets/ollama.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
# nemoclaw-blueprint/policies/presets/ollama.yaml
#
# Policy preset — Local Ollama inference endpoint
#
# Allows the sandboxed agent to reach a locally running Ollama instance
# for self-hosted LLM inference, as an alternative to the NVIDIA Endpoint API.
#
# Usage:
# openshell policy set ollama.yaml
#
# Prerequisites:
# Ollama must be running on the host machine:
# ollama serve
#
# Supported models (examples):
# ollama pull llama3.2:3b
# ollama pull mistral
# ollama pull gemma3
#
# Notes:
# - Ollama runs on host port 11434 by default
# - The sandbox reaches the host via host-gateway
# - Change the port if you run Ollama on a non-default port
# - This preset enables local/offline inference with no API key required
#
# Security:
# - Scoped to openclaw binary only (binaries field)
# - Only GET and POST methods allowed (list models + generate)
# - No other host access granted by this preset

version: "1"
name: ollama
Comment on lines +31 to +32
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai bot Mar 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Description: Verify the hard-coded test assertions that need updating

echo "=== Current hard-coded preset count check ==="
rg -n "expect\(presets\.length\)\.toBe\(" test/policies.test.js

echo -e "\n=== Current expected preset names ==="
rg -A 12 "const expected = \[" test/policies.test.js | head -n 15

Repository: NVIDIA/NemoClaw

Length of output: 428

🏁 Script executed:

#!/bin/bash
# Check if ollama.yaml exists in the presets directory
find . -name "ollama.yaml" -o -name "ollama.yml"

# List all .yaml files in policies/presets to see what will be discovered
echo -e "\n=== All preset files in policies/presets ==="
ls -1 nemoclaw-blueprint/policies/presets/ | grep -E '\.(yaml|yml)$'

# Show the listPresets function to understand auto-discovery
echo -e "\n=== ListPresets function implementation ==="
rg -A 10 "listPresets" test/policies.test.js | head -n 20

Repository: NVIDIA/NemoClaw

Length of output: 877

Update test assertions for new preset.

The test file test/policies.test.js has hard-coded assertions that will fail with the new ollama preset:

  • Line 12: expect(presets.length).toBe(9); must be updated to 10
  • Lines 27-37: Add "ollama" to the expected names array
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@nemoclaw-blueprint/policies/presets/ollama.yaml` around lines 31 - 32, Update
the failing test expectations to account for the new "ollama" preset: change the
assertion that checks presets.length from 9 to 10 (the variable referenced is
presets.length) and add "ollama" to the expected names array used in the test
(the array referenced around the expected names variable or literal in the test
that currently lists preset names).

description: >
Allows the sandboxed OpenClaw agent to reach a locally running Ollama
instance for self-hosted LLM inference. Use this as an alternative to
the NVIDIA Endpoint API when running models locally.

egress:
# Ollama REST API — local inference endpoint
- host: host-gateway # resolves to the Docker host from inside sandbox
ports: [11434]
methods: [GET, POST]
binaries: [openclaw]
description: >
Ollama local inference API. GET /api/tags lists available models.
POST /api/generate and POST /api/chat run inference.

# Optional: Ollama model registry (only needed if agent pulls models)
# Uncomment if you want the agent to pull models autonomously.
# Recommendation: pull models manually before sandboxing the agent.
#
# - host: registry.ollama.ai
# ports: [443]
# methods: [GET]
# binaries: [openclaw]
# description: Ollama model registry for pulling models inside sandbox.
#
# - host: ollama.com
# ports: [443]
# methods: [GET]
# binaries: [openclaw]
# description: Ollama website and model library.
Comment on lines +38 to +62
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai bot Mar 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Description: Check the structure of other preset files to confirm the expected schema

echo "=== Checking for network_policies in existing presets ==="
rg -n "^network_policies:" nemoclaw-blueprint/policies/presets/ --type yaml

echo -e "\n=== Sample structure from discord preset ==="
head -n 50 nemoclaw-blueprint/policies/presets/discord.yaml | rg -A 10 "^network_policies:"

echo -e "\n=== Sample structure from pypi preset ==="
head -n 50 nemoclaw-blueprint/policies/presets/pypi.yaml | rg -A 10 "^network_policies:"

Repository: NVIDIA/NemoClaw

Length of output: 1270

🏁 Script executed:

#!/bin/bash
# Check actual ollama.yaml content
echo "=== Actual ollama.yaml content ==="
cat nemoclaw-blueprint/policies/presets/ollama.yaml

echo -e "\n=== Full discord.yaml for structure comparison ==="
cat nemoclaw-blueprint/policies/presets/discord.yaml

echo -e "\n=== Full pypi.yaml for structure comparison ==="
cat nemoclaw-blueprint/policies/presets/pypi.yaml

Repository: NVIDIA/NemoClaw

Length of output: 4494

🏁 Script executed:

#!/bin/bash
# Check the test file to see what validations are performed
echo "=== Checking test validations ==="
rg -n "network_policies" nemoclaw-blueprint/test/ --type js -A 5 -B 5

echo -e "\n=== Looking for schema validation or parsing in tests ==="
rg -n "network_policies|preset|egress" nemoclaw-blueprint/test/policies.test.js -A 2 -B 2

Repository: NVIDIA/NemoClaw

Length of output: 314

🏁 Script executed:

#!/bin/bash
# Find test files
echo "=== Searching for test files ==="
find . -name "*.test.js" -o -name "*.test.ts" -o -name "*test*" -type f | grep -i test | head -20

echo -e "\n=== Searching for policies test ==="
find . -name "*policies*test*" -o -name "*test*policies*" | head -10

echo -e "\n=== Checking repository structure ==="
ls -la | head -20

Repository: NVIDIA/NemoClaw

Length of output: 2158

🏁 Script executed:

#!/bin/bash
# Read the test file to understand validations
echo "=== Content of test/policies.test.js ==="
cat test/policies.test.js

Repository: NVIDIA/NemoClaw

Length of output: 8295

🏁 Script executed:

#!/bin/bash
# Find and examine the policies implementation
echo "=== Finding policies implementation ==="
find . -name "policies.js" -o -name "policies.ts" | grep -v test

echo -e "\n=== Reading policies implementation ==="
cat bin/lib/policies.js 2>/dev/null || cat bin/lib/policies.ts 2>/dev/null || find . -path "*/bin/*" -name "policies*" -exec cat {} \;

Repository: NVIDIA/NemoClaw

Length of output: 7053

Critical: Missing network_policies: wrapper and incomplete test compatibility.

The preset structure is missing the required network_policies: top-level key. According to the test suite, every preset must have a network_policies: section. Additionally, the test expects exactly 9 presets with specific names, and "ollama" is not in that list.

Impact:

  1. Test at test/policies.test.js line 113 will fail:
it("every preset has network_policies section", () => {
  for (const p of policies.listPresets()) {
    const content = policies.loadPreset(p.name);
    expect(content.includes("network_policies:")).toBeTruthy();
  }
});
  1. Test at line 11 expects exactly 9 presets but ollama.yaml will make it 10
  2. Test at lines 27-37 expects specific preset names excluding "ollama"

Fix the schema by replacing egress: with network_policies: and indenting all rules accordingly. Additionally, update test/policies.test.js lines 11 and 27-37 to include "ollama" in the expected presets count (10) and names list.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@nemoclaw-blueprint/policies/presets/ollama.yaml` around lines 38 - 62,
Replace the top-level "egress:" key with "network_policies:" and indent the
existing Ollama rules under that key so the preset conforms to the required
schema (update the YAML in nemoclaw-blueprint/policies/presets/ollama.yaml:
change egress -> network_policies and move the nested
host/ports/methods/binaries/description under the new key). Then update the
tests that assert preset counts and names to include the new "ollama" preset:
adjust the expectation from 9 to 10 for policies.listPresets() and add "ollama"
to the expected names array used in the name-check assertions (tests that call
policies.listPresets() and policies.loadPreset()).