Conversation
…andbox containers Allow sandboxes to operate without a pre-configured policy by supporting three resolution modes: 1. Policy provided at create time - sandbox loads from gateway (unchanged) 2. Policy null, found on disk at /etc/navigator/policy.yaml - sandbox reads from disk, syncs to gateway, reads back canonical version 3. Policy null, no disk policy - sandbox uses hardcoded restrictive default (all network blocked), syncs to gateway Key changes: - Add restrictive_default_policy() and CONTAINER_POLICY_PATH to navigator-policy - Make spec.policy optional in gateway create_sandbox - Modify UpdateSandboxPolicy to handle no-baseline case (backfill spec.policy) - Pass NEMOCLAW_SANDBOX_NAME env var to sandbox containers - Add sync_policy() gRPC client method for sandbox-to-gateway policy sync - Add disk discovery fallback in sandbox load_policy() Closes #82
Consolidate the sync + re-fetch calls during policy discovery into a single TLS channel, reducing startup from 3 separate connections to 2.
…ings, harden scripts - Add navigator-policy crate to Dockerfile.base build cache layer - Add dev-sandbox-policy.yaml to Dockerfile.base COPY step - Use exact container name matching with health checks in cluster-deploy-fast - Add navigator-policy and dev-sandbox-policy.yaml to sandbox fingerprint - Implement fail-fast for parallel image builds in cluster-deploy-fast - Collapse nested if-let in kubeconfig rewrite (clippy collapsible_if) - Backtick-quote NemoClaw in doc comment (clippy doc_markdown)
drew
force-pushed
the
82-sandbox-policy-discovery/drew
branch
from
2fc850c to
1ead5eb
Compare
Move dev-sandbox-policy.rego into crates/navigator-policy/ (the canonical policy crate) and dev-sandbox-policy.yaml into deploy/docker/sandbox/ where it is baked into the container image at /etc/navigator/policy.yaml. This eliminates loose config files from the repo root and co-locates the rego rules with the policy crate that owns them. The default policy YAML now ships inside the sandbox container so sandboxes without an explicit gateway-provided policy can discover it on disk. Updated all include_str! paths, Dockerfiles, build-script fingerprints, architecture docs, and agent skill references.
…name to sandbox Remove the compile-time embed of dev-sandbox-policy.yaml from the navigator-policy crate so the CLI and TUI no longer implicitly fall back to the dev policy. Users must now explicitly pass --policy or set NEMOCLAW_SANDBOX_POLICY; otherwise no policy is sent and the server / sandbox applies its own default (disk discovery or restrictive default). Also rename the sandbox_name parameter to sandbox throughout navigator-sandbox and update the env var from NEMOCLAW_SANDBOX_NAME to NEMOCLAW_SANDBOX.
Fix sandbox_exec TTY detection so interactive commands like claude work when launched through mise or other non-terminal wrappers. The old code relied solely on stdout.is_terminal() which returns false in many valid interactive contexts. Add explicit --tty/--no-tty overrides and default sandbox.sh to --tty since it always intends interactive use. Also fix env var mismatch (NEMOCLAW_SANDBOX_NAME -> NEMOCLAW_SANDBOX) that caused sandbox pods to crash on startup, improve deploy state tracking with container ID detection, simplify image eviction logic, and add tracing to the SSH tunnel handshake path.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #82
Summary
/etc/navigator/policy.yaml), or a hardcoded restrictive default that blocks all network accessUpdateSandboxPolicyand re-reads the canonical version, keeping the gateway as the authoritative sourceNEMOCLAW_SANDBOX_NAMEenv var to sandbox pods so the sandbox can identify itself for theUpdateSandboxPolicyRPCChanges
navigator-policy(crates/navigator-policy/src/lib.rs)restrictive_default_policy()- returns a hardcoded policy with filesystem access, landlock, process identity, but no network policies (all network blocked) and no inferenceCONTAINER_POLICY_PATHconstant (/etc/navigator/policy.yaml) - well-known path for container-shipped policiesnavigator-server(crates/navigator-server/src/grpc.rs)create_sandbox: removedspec.policy.is_none()rejection - policy is now optionalget_sandbox_policy: returnspolicy: None, version: 0when no policy is configured (instead of erroring)update_sandbox_policy: whenspec.policyis None (no baseline), skips static field/network mode validation and backfillsspec.policyon the stored sandbox so future updates can validate against itnavigator-server(crates/navigator-server/src/sandbox/mod.rs)sandbox_namethroughsandbox_to_k8s_spec→sandbox_template_to_k8s→inject_pod_template→update_container_env→build_env_list→apply_required_envNEMOCLAW_SANDBOX_NAMEenv var to the pod specnavigator-sandboxCargo.toml: Addednavigator-policydependencymain.rs: Added--sandbox-name/NEMOCLAW_SANDBOX_NAMECLI arggrpc_client.rs: Changedfetch_policyto returnOption<ProtoSandboxPolicy>(None = no policy configured); addedsync_policy()methodlib.rs: Addedsandbox_nameparam torun_sandboxandload_policy; newdiscover_policy_from_disk_or_default(),discover_policy_from_path(),sync_discovered_policy()functions; 4 new testsPolicy Resolution Flow
Test Plan
mise run pre-commitpasses (format, lint, tests, license checks)