Skip to content

feat: openshell improvements#33

Merged
nv-kasikritc merged 28 commits intomainfrom
feature/openshell-improvements
Mar 15, 2026
Merged

feat: openshell improvements#33
nv-kasikritc merged 28 commits intomainfrom
feature/openshell-improvements

Conversation

@nv-kasikritc
Copy link
Copy Markdown
Collaborator

@nv-kasikritc nv-kasikritc commented Mar 15, 2026
edited
Loading

inference UX overhaul, inline API keys, partner logos, denial watcher, preview tooling

liveaverage and others added 28 commits March 13, 2026 22:05
@liveaverage
Add rebrand for welcome UI, include launch.sh script
f81e586
@liveaverage
Remove BASH_SOURCE dependency
53258bc
@liveaverage
Address silent fail on launch.sh
9842d40
@liveaverage
Add favicon, handle ghcr.io login if params present, fix logo
eb74ff4
@nv-kasikritc @liveaverage
Init LiteLLM implementation
485a94e
@nv-kasikritc @liveaverage
LiteLLM working
754c756
@liveaverage
Update welcome UI icon assets
dc1d7ac
@liveaverage
Add on-demand nemoclaw build; improve auto-pair
ce8197a
@liveaverage
Logo fixup, improve auto-approve cycle, NO_PROXY for localhost
6c319fa
@liveaverage
Bump defualt context window, set NO_PROXY widely
536e63c
@liveaverage
Extend timer for device auto approval, minimize wait
ec48954
@liveaverage
Reload dashboard once after pairing approval
7d6355f
@liveaverage
Revert nemoclaw runtime back to inference.local
e512644
@liveaverage
Keep pairing watcher alive until approval
10d871a
@liveaverage
Add proxy request tracing for sandbox launch
9483694
@liveaverage
Add override to skip nemoclaw image build
b2f361c
@liveaverage
Add revised policy and NO_PROXY
6784eae
@liveaverage
Fix unconditional chown
29720c9
@liveaverage
Added guarded reload for pairing; ensure custom policy.yaml bake-in
61e84fa
@liveaverage
Add console logging for device pairing; extend NO_PROXY
93436b0
@liveaverage
Handle context mod for inference.local
59b4389
@liveaverage
Fix k3s image import on build; force reload on first pass timeout
c35e759
@liveaverage
Revise Brev README
9ef9e78
@liveaverage
Cleanup Brev section
efeb9aa
@liveaverage
Revert policy.yaml to orig
7aa8d18
Merge origin/main into fix/branch-consolidation
77dd5cd 
- .gitignore: take main (node_modules/ + AGENTS.md)
- brev/launch.sh: take main (openclaw-nvidia image, structure)
- brev/welcome-ui/server.js: take main (proxy logging, base URL helpers)
- sandboxes/openclaw-nvidia/openclaw-nvidia-start.sh: take main (qwen model, trustedProxies, pairing comment)
- Keep sandboxes/nemoclaw/nemoclaw-ui-extension/extension/index.ts and policy-proxy.js (branch work)

Made-with: Cursor
Added policy recommender
3e100b0
nemoclaw: inference UX overhaul, inline API keys, partner logos, deni…
2dda533 
…al watcher, preview tooling

Made-with: Cursor
@nv-kasikritc nv-kasikritc merged commit 88eb9a0 into main Mar 15, 2026
4 checks passed
factory-octavian pushed a commit to factory-octavian/OpenShell-Community that referenced this pull request Apr 1, 2026
@johntmyers
feat(policy): add validation layer to reject unsafe sandbox policies …
024150e 
…(#135)

* feat(policy): add validation layer to reject unsafe sandbox policies

Add policy validation that checks for root process identity, path
traversal sequences, overly broad filesystem paths, and exceeding
filesystem rule limits. Validation runs at three entry points:
disk-loaded YAML policies (fallback to restrictive default on violation),
gRPC CreateSandbox, and gRPC UpdateSandboxPolicy (returns
INVALID_ARGUMENT). Filesystem paths are normalized before storage to
collapse traversal components.

Closes NVIDIA#33

* fix(e2e): correct policy update test to match immutable field behavior

The update policy test was asserting on validation errors for fields
(process, filesystem) that are immutable on live sandboxes. The server
rejects changes to these fields before validation runs. Updated the test
to verify the immutability guard instead.

---------

Co-authored-by: John Myers <johntmyers@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nv-kasikritc @liveaverage