fix(presets): add missing binaries to communication presets

[cortexj]

Summary

Communication presets (Telegram, Discord, Slack) only allowlist /usr/local/bin/node in the binaries field. On Debian/Ubuntu where Node.js installs to /usr/bin/node, and for skills using curl or bash scripts, the OpenShell proxy returns HTTP 403 on all outbound HTTPS from the sandbox.

Related Issue

Fixes #481

Changes

• Added /usr/bin/node to telegram, discord, and slack presets (Debian/Ubuntu default Node.js path)
• Added /usr/bin/curl to all three presets (HTTP client used by skills for API calls)
• Added /usr/bin/bash to all three presets (required for shell script execution inside sandbox)

Type of Change

• Code change for a new feature, bug fix, or refactor.
• Code change with doc updates.
• Doc only. Prose changes without code sample modifications.
• Doc only. Includes code sample changes.

Testing

• npx prek run --all-files passes (or equivalently make check).
• npm test passes.
• make docs builds without warnings. (for doc-only changes)

Manual testing:

• Confirmed on Pop!_OS 22.04 / OpenShell 0.0.13 / RTX 4090 16GB / NVIDIA Driver 580.82.07
• Telegram bot successfully makes outbound HTTPS after applying patched preset
• curl and bash-based skills no longer receive 403 from proxy at 10.200.0.1:3128
• YAML checks pass in prek; TypeScript type-check failures are pre-existing and unrelated to this change

Checklist

General

• I have read and followed the contributing guide.

Code Changes

• Formatters applied — npx prek run --all-files auto-fixes formatting (or make format for targeted runs).
• Tests added or updated for new or changed behavior.
• No secrets, API keys, or credentials committed.
• Doc pages updated for any user-facing behavior changes (new commands, changed defaults, new features, bug fixes that contradict existing docs).

Summary by CodeRabbit

• Updates
  • Discord integration: Network policies expanded to allow additional common system executables, improving compatibility with varied runtime environments.
  • Slack integration: Binary allowlist broadened to support more system-level executable paths for better connector reliability.
  • Telegram integration: Network policy updated to include more common executables, enhancing integration flexibility and connection stability.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: b3b4e425-6462-42c2-9025-e0f9cb627ebd

📥 Commits

Reviewing files that changed from the base of the PR and between ee44717 and 9c93376.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (3)

• nemoclaw-blueprint/policies/presets/discord.yaml
• nemoclaw-blueprint/policies/presets/slack.yaml
• nemoclaw-blueprint/policies/presets/telegram.yaml

✅ Files skipped from review due to trivial changes (3)

• nemoclaw-blueprint/policies/presets/slack.yaml
• nemoclaw-blueprint/policies/presets/discord.yaml
• nemoclaw-blueprint/policies/presets/telegram.yaml

---

📝 Walkthrough

Walkthrough

The presets for Discord, Slack, and Telegram network policies were updated to expand each preset's binaries allowlist by adding /usr/bin/node, /usr/bin/curl, and /usr/bin/bash alongside the existing /usr/local/bin/node. No other policy fields were modified.

Changes

Cohort / File(s)	Summary
Policy Preset Binary Paths nemoclaw-blueprint/policies/presets/discord.yaml, nemoclaw-blueprint/policies/presets/slack.yaml, nemoclaw-blueprint/policies/presets/telegram.yaml	Extended each preset's network_policies.*.binaries allowlist to include { path: /usr/bin/node }, { path: /usr/bin/curl }, and { path: /usr/bin/bash } in addition to the existing { path: /usr/local/bin/node }. No other policy entries changed.

Estimated Code Review Effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 Three little paths now open wide,
Where node and curl and bash may ride,
Discord, Slack, and Telegram too,
Binaries hop — connections renew! 🌙

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'fix(presets): add missing binaries to communication presets' accurately summarizes the main change: adding binary paths to the communication preset policies.
Linked Issues check	✅ Passed	Changes add /usr/bin/node, /usr/bin/curl, and /usr/bin/bash to Discord, Slack, and Telegram presets, directly addressing issue #481's requirement to allow sandboxed processes outbound HTTPS access.
Out of Scope Changes check	✅ Passed	All changes are scoped to extending binary allowlists in three communication preset files; no extraneous modifications or unrelated changes are present.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

nemoclaw-blueprint/policies/presets/slack.yaml (1)

44-48: Optional: centralize shared communication preset binaries to reduce drift.

The same binary block now exists across Slack/Telegram/Discord. If the preset system supports it, consider a shared include/anchor to keep these lists consistent over time.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@nemoclaw-blueprint/policies/presets/slack.yaml` around lines 44 - 48, The
binaries list under the "binaries" key in the Slack preset is duplicated across
Slack/Telegram/Discord; refactor by extracting the shared array into a single
reusable item (e.g., a YAML anchor/alias or a shared preset/include) and
reference that from each communication preset (Slack, Telegram, Discord) so the
entries like "/usr/local/bin/node", "/usr/bin/node", "/usr/bin/curl",
"/usr/bin/bash" are maintained in one place rather than repeated in the
Slack/Telegram/Discord presets.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@nemoclaw-blueprint/policies/presets/slack.yaml`:
- Around line 44-48: The binaries list under the "binaries" key in the Slack
preset is duplicated across Slack/Telegram/Discord; refactor by extracting the
shared array into a single reusable item (e.g., a YAML anchor/alias or a shared
preset/include) and reference that from each communication preset (Slack,
Telegram, Discord) so the entries like "/usr/local/bin/node", "/usr/bin/node",
"/usr/bin/curl", "/usr/bin/bash" are maintained in one place rather than
repeated in the Slack/Telegram/Discord presets.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 6bff0b9f-c608-4576-bf56-a1da2ede4c34

📥 Commits

Reviewing files that changed from the base of the PR and between f59f58e and ee44717.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (3)

• nemoclaw-blueprint/policies/presets/discord.yaml
• nemoclaw-blueprint/policies/presets/slack.yaml
• nemoclaw-blueprint/policies/presets/telegram.yaml

[cortexj]

Good catch — YAML anchors only work within a single document, and these are independent preset files loaded separately. A shared binaries include mechanism would need changes to the preset loader, which is out of scope for this fix. Happy to contribute if the team wants to build that into the preset system.

[wscurran]

✨ Thanks for submitting this PR with a detailed summary, it addresses a bug with communication presets and proposes a fix to improve the integration of NemoClaw with Discord and Telegram, which could enhance the user experience.