docs(security): address documentation gaps for auth, credentials, and policies

[dknos]

Summary

• Fix GitHub API method restriction claims to match actual access: full policy (Documentation Claims GitHub API Method Restrictions That Don't Exist in Policy YAML - IssueFinder - SN 17 #1441)
• Document NEMOCLAW_DISABLE_DEVICE_AUTH build arg and security implications (NEMOCLAW_DISABLE_DEVICE_AUTH Build Arg Undocumented — Disables Authentication - IssueFinder - SN 19 #1443)
• Add security guidance for ~/.nemoclaw/credentials.json storage (Credential Storage at ~/.nemoclaw/credentials.json Lacks Security Documentation - IssueFinder - SN 20 #1444)

Test plan

• Review docs for accuracy against actual policy YAML and Dockerfile
• Verify new security docs render correctly

Fixes #1441, #1443, #1444

🤖 Generated with Claude Code

Summary by CodeRabbit

• Documentation
  • Added an Authentication Configuration guide describing device-auth behavior, a build-time disable switch, and security implications of disabling device auth
  • Added a Credential Storage Security guide covering plaintext on-disk storage, required secure permissions, rotation/removal guidance, and best practices
  • Expanded Network Policy docs with “access modes” and HTTP-inspection vs CONNECT-tunnel behavior; updated endpoint presets (including Discord and GitHub)
  • Updated docs index to surface the new security and deployment pages

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds two new docs pages (authentication config and credential storage), clarifies network-policy access modes and updates baseline endpoint entries (GitHub/Discord/Telegram), and updates docs index and architecture reference to include credential permission details.

Changes

Cohort / File(s)	Summary
New Security & Deployment docs docs/security/credential-storage.md, docs/deployment/authentication.md	Adds credential storage guidance (~/.nemoclaw/credentials.json, dir mode 0700, file mode 0600, plaintext storage, rotation/deletion, CI guidance) and an Authentication Configuration page documenting NEMOCLAW_DISABLE_DEVICE_AUTH build arg → dangerouslyDisableDeviceAuth (build-time, SHA256-validated, runtime-immutable) and when/when-not to disable device auth.
Network policy docs & baseline edits docs/network-policy/customize-network-policy.md, docs/reference/network-policies.md	Introduces "Access Modes" explaining protocol: rest (TLS termination + HTTP method/path inspection) vs access: full (raw CONNECT tunnel; bypasses HTTP rules). Updates baseline policies: removes github_rest_api, places api.github.com under github with access: full, adjusts npm_registry to access: full, restricts telegram binary to /usr/local/bin/node, and adds discord endpoint group (REST, WebSocket via access: full, CDN GET-only).
Docs index & architecture reference docs/index.md, docs/reference/architecture.md	Adds "Credential Storage" to Security toctree and "Authentication" to Deployment toctree; updates architecture reference to state credentials are stored plaintext with 0600 mode and link to credential storage doc.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐰 I hopped through docs with a careful paw,

Locked secrets snug, and spelled out every law,
Tunnels and tokens now labeled and true,
I leave breadcrumbs for operators to view. 🥕

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title 'docs(security): address documentation gaps for auth, credentials, and policies' accurately describes the changeset—adding authentication, credential storage, and network policy documentation.
Linked Issues check	✅ Passed	All three linked issues (#1441, #1443, #1444) are addressed: docs/network-policy/ now explains access: full vs protocol: rest semantics with examples [#1441]; new credential storage docs cover plaintext storage and file permissions [#1443]; new authentication docs cover NEMOCLAW_DISABLE_DEVICE_AUTH build argument [#1444].
Out of Scope Changes check	✅ Passed	All changes are documentation-only and directly related to the linked issues: network policy clarifications, new credential storage guidance, new authentication documentation, and index updates. No out-of-scope code changes or unrelated documentation modifications detected.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 5

🧹 Nitpick comments (6)

docs/network-policy/customize-network-policy.md (2)

80-80: Avoid bold emphasis on routine prose.

**cannot** reads like emphasis styling rather than a UI label/parameter; please keep this plain text unless this is intended as a formal warning style. LLM pattern detected.
As per coding guidelines, "Unnecessary bold on routine instructions... Bold is reserved for UI labels, parameter names, and genuine warnings."

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docs/network-policy/customize-network-policy.md` at line 80, The sentence in
the docs uses bold styling for routine prose ("**cannot**") which violates the
guideline that bold is reserved for UI labels/parameters/warnings; update the
sentence to remove the bold emphasis so it reads: "This means method and path
restrictions cannot be enforced on api.github.com — the agent has full API
access." Ensure "api.github.com" remains plain text and no other emphasis is
introduced.

---

60-61: Split table cell prose to one sentence per source line.

These rows currently place multiple sentences on the same source line, which hurts diff readability under the docs style rules.
As per coding guidelines, "One sentence per line in source (makes diffs readable). Flag paragraphs where multiple sentences appear on the same line."

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docs/network-policy/customize-network-policy.md` around lines 60 - 61, The
two table cell descriptions containing multiple sentences should be split so
each sentence sits on its own source line to improve diff readability; update
the row for the `protocol`/`rest` cell (the sentence about TLS termination and
the sentence about forwarding only matching requests) and the row for the
`access`/`full` cell (the sentence about creating a raw CONNECT tunnel and the
sentence about when to use it) so that each sentence is on a separate line in
the markdown source.

docs/reference/network-policies.md (1)

99-99: Rewrite this row to avoid clause colons and multi-sentence single-line formatting.

This line uses colons as general punctuation and packs multiple sentences on one source line.
As per coding guidelines, "Colons should only introduce a list. Flag colons used as general punctuation between clauses." and "One sentence per line in source (makes diffs readable)."

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docs/reference/network-policies.md` at line 99, The row "REST API: GET, POST.
WebSocket gateway: `access: full`. CDN: GET only." uses colons as general
punctuation and packs multiple sentences on one line; rewrite it to remove
clause colons and put one sentence per source line by replacing colons with
verbs/phrases (e.g., "REST API supports GET and POST", "WebSocket gateway access
is full", "CDN allows GET only") and place each sentence on its own line so the
three statements are separate and colon-free.

docs/deployment/authentication.md (2)

73-80: Split multi-sentence lines into one sentence per source line.

The description lines here contain multiple sentences on the same source line.

As per coding guidelines, "One sentence per line in source (makes diffs readable)."

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docs/deployment/authentication.md` around lines 73 - 80, The documentation
lines for `allowInsecureAuth`, `auth.token`, and `trustedProxies` contain
multiple sentences on a single source line; split each description so that each
sentence is its own source line. For example, break the `allowInsecureAuth` line
into one line stating how it is derived from `CHAT_UI_URL` scheme and a separate
line describing behavior for `http://` vs `https://`; do the same for
`auth.token` (one line for generation method `secrets.token_hex(32)`, another
for uniqueness per build) and `trustedProxies` (one line for purpose, another
for default values `127.0.0.1` and `::1`) so each sentence occupies its own
line.

---

27-28: End these sentences with periods.

Both label-style sentences are missing terminal periods.

As per coding guidelines, "Every sentence must end with a period."

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docs/deployment/authentication.md` around lines 27 - 28, The two label-style
sentences describing the build arg—"**Location**: Dockerfile build argument
(line 59), propagated to `openclaw.json` as `dangerouslyDisableDeviceAuth`" and
"**Default**: `0` (device auth enabled — secure by default)`"—need terminal
periods; update those two lines in the authentication.md content so each
sentence ends with a period (i.e., add a period after the backtick-quoted
`dangerouslyDisableDeviceAuth` line and after the closing parenthesis on the
Default line).

docs/security/credential-storage.md (1)

37-37: Remove non-essential bold emphasis (LLM pattern detected).

**plaintext JSON** reads like emphasis styling rather than UI label/parameter/warning markup.

As per coding guidelines, "Unnecessary bold on routine instructions ... Bold is reserved for UI labels, parameter names, and genuine warnings."

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docs/security/credential-storage.md` at line 37, Remove the unnecessary bold
markup around the phrase "plaintext JSON" in the sentence "Credentials are
stored as **plaintext JSON**" by deleting the surrounding ** markers so it reads
either as plain text "plaintext JSON" or use inline code-style formatting
(`plaintext JSON`) if you intend to mark it as a technical term; update the
sentence where the phrase "plaintext JSON" appears to avoid bold emphasis.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@docs/deployment/authentication.md`:
- Around line 23-25: Add a 1–2 sentence introductory paragraph immediately after
the H1 "Authentication Configuration" that briefly describes what the page
covers (e.g., purpose of authentication configuration and which environment
flags like `NEMOCLAW_DISABLE_DEVICE_AUTH` are documented), so the page no longer
jumps straight from the H1 to the section heading; place the intro before the
`NEMOCLAW_DISABLE_DEVICE_AUTH` section.
- Around line 82-86: Rename the bottom section header from "Related Topics" to
"Next Steps" and keep the existing links intact; update the header string in the
markdown so the section reads "## Next Steps" (the list under the header with
links to "Security Best Practices", "Sandbox Hardening", and "Deploy to a Remote
GPU Instance" should remain unchanged).

In `@docs/security/credential-storage.md`:
- Around line 147-150: Rename the bottom section header from "Related Topics" to
"Next Steps" and keep the existing bullet links unchanged; update the Markdown
heading text "Related Topics" to "Next Steps" so the section follows the coding
guideline requiring a Next Steps section that links to related pages (the two
list items referencing Architecture and Security Best Practices should remain
as-is).
- Line 3: Update the document's top-level H1 to exactly match the frontmatter
value page: "Credential Storage Security" so the H1 text equals "Credential
Storage Security"; locate the H1 in this file (the markdown heading at the top)
and replace its current text with the frontmatter page value to ensure the H1
heading matches title.page.
- Around line 23-25: The page "Credential Storage" starts the H2 "Location"
immediately after the H1; add a one- or two-sentence introduction paragraph
immediately below the H1 "# Credential Storage" that briefly summarizes the
purpose and scope of the document (e.g., what credential storage covers and any
audience or high-level goal) so the page conforms to the guideline requiring a
short intro before subsequent sections like the "Location" heading.

---

Nitpick comments:
In `@docs/deployment/authentication.md`:
- Around line 73-80: The documentation lines for `allowInsecureAuth`,
`auth.token`, and `trustedProxies` contain multiple sentences on a single source
line; split each description so that each sentence is its own source line. For
example, break the `allowInsecureAuth` line into one line stating how it is
derived from `CHAT_UI_URL` scheme and a separate line describing behavior for
`http://` vs `https://`; do the same for `auth.token` (one line for generation
method `secrets.token_hex(32)`, another for uniqueness per build) and
`trustedProxies` (one line for purpose, another for default values `127.0.0.1`
and `::1`) so each sentence occupies its own line.
- Around line 27-28: The two label-style sentences describing the build
arg—"**Location**: Dockerfile build argument (line 59), propagated to
`openclaw.json` as `dangerouslyDisableDeviceAuth`" and "**Default**: `0` (device
auth enabled — secure by default)`"—need terminal periods; update those two
lines in the authentication.md content so each sentence ends with a period
(i.e., add a period after the backtick-quoted `dangerouslyDisableDeviceAuth`
line and after the closing parenthesis on the Default line).

In `@docs/network-policy/customize-network-policy.md`:
- Line 80: The sentence in the docs uses bold styling for routine prose
("**cannot**") which violates the guideline that bold is reserved for UI
labels/parameters/warnings; update the sentence to remove the bold emphasis so
it reads: "This means method and path restrictions cannot be enforced on
api.github.com — the agent has full API access." Ensure "api.github.com" remains
plain text and no other emphasis is introduced.
- Around line 60-61: The two table cell descriptions containing multiple
sentences should be split so each sentence sits on its own source line to
improve diff readability; update the row for the `protocol`/`rest` cell (the
sentence about TLS termination and the sentence about forwarding only matching
requests) and the row for the `access`/`full` cell (the sentence about creating
a raw CONNECT tunnel and the sentence about when to use it) so that each
sentence is on a separate line in the markdown source.

In `@docs/reference/network-policies.md`:
- Line 99: The row "REST API: GET, POST. WebSocket gateway: `access: full`. CDN:
GET only." uses colons as general punctuation and packs multiple sentences on
one line; rewrite it to remove clause colons and put one sentence per source
line by replacing colons with verbs/phrases (e.g., "REST API supports GET and
POST", "WebSocket gateway access is full", "CDN allows GET only") and place each
sentence on its own line so the three statements are separate and colon-free.

In `@docs/security/credential-storage.md`:
- Line 37: Remove the unnecessary bold markup around the phrase "plaintext JSON"
in the sentence "Credentials are stored as **plaintext JSON**" by deleting the
surrounding ** markers so it reads either as plain text "plaintext JSON" or use
inline code-style formatting (`plaintext JSON`) if you intend to mark it as a
technical term; update the sentence where the phrase "plaintext JSON" appears to
avoid bold emphasis.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 9dd99901-fa91-45eb-9c0b-280e2278c445

📥 Commits

Reviewing files that changed from the base of the PR and between c99e3e8 and b551e10.

📒 Files selected for processing (6)

• docs/deployment/authentication.md
• docs/index.md
• docs/network-policy/customize-network-policy.md
• docs/reference/architecture.md
• docs/reference/network-policies.md
• docs/security/credential-storage.md

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Rename “Related Topics” to “Next Steps” for new-page structure compliance.

The bottom section should be a “Next Steps” section linking related docs.

As per coding guidelines, "A 'Next Steps' section at the bottom links to related pages."

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docs/deployment/authentication.md` around lines 82 - 86, Rename the bottom
section header from "Related Topics" to "Next Steps" and keep the existing links
intact; update the header string in the markdown so the section reads "## Next
Steps" (the list under the header with links to "Security Best Practices",
"Sandbox Hardening", and "Deploy to a Remote GPU Instance" should remain
unchanged).

[coderabbitai]

🧹 Nitpick comments (7)

docs/network-policy/customize-network-policy.md (4)

73-74: Split table cell content onto separate lines.

The table cell contains two sentences on the same line.

📝 Proposed fix

   - `full`
-  - OpenShell creates a raw CONNECT tunnel.
-    No HTTP inspection — all traffic to the host:port is allowed.
+  - OpenShell creates a raw CONNECT tunnel.
+    No HTTP inspection — all traffic to the host:port is allowed.
     Use only when protocol-level inspection is not possible, such as `git` SSH-over-HTTPS or WebSocket upgrades.

As per coding guidelines: "One sentence per line in source (makes diffs readable)."

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docs/network-policy/customize-network-policy.md` around lines 73 - 74, The
table cell currently has two sentences on one line ("OpenShell creates a raw
CONNECT tunnel." and "No HTTP inspection — all traffic to the host:port is
allowed."); split them so each sentence is on its own source line inside the
same table cell (i.e., break the line between the sentences) to follow the "one
sentence per line" guideline and make diffs readable.

---

68-69: Split table cell content onto separate lines.

The table cell contains two sentences on the same line.

📝 Proposed fix

   - `rest`
-  - OpenShell terminates TLS and inspects HTTP method/path against `rules`.
-    Only matching requests are forwarded.
+  - OpenShell terminates TLS and inspects HTTP method/path against `rules`.
+    Only matching requests are forwarded.

As per coding guidelines: "One sentence per line in source (makes diffs readable)."

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docs/network-policy/customize-network-policy.md` around lines 68 - 69, The
table cell currently contains two sentences on one line: "OpenShell terminates
TLS and inspects HTTP method/path against `rules`. Only matching requests are
forwarded."; split them so each sentence is on its own line within the same
table cell (i.e., break the line between the period after `rules` and the start
of "Only matching...") to follow the one-sentence-per-line guideline.

---

27-28: Split sentences onto separate lines.

This paragraph contains two sentences on the same line, which makes diffs harder to read.

📝 Proposed fix

-The sandbox policy is defined in a declarative YAML file in the NemoClaw repository and enforced at runtime by [NVIDIA OpenShell](https://github.com/NVIDIA/OpenShell).
-NemoClaw supports both static policy changes that persist across restarts and dynamic updates applied to a running sandbox through the OpenShell CLI.
+The sandbox policy is defined in a declarative YAML file in the NemoClaw repository and enforced at runtime by [NVIDIA OpenShell](https://github.com/NVIDIA/OpenShell).
+NemoClaw supports both static policy changes that persist across restarts and dynamic updates applied to a running sandbox through the OpenShell CLI.

As per coding guidelines: "One sentence per line in source (makes diffs readable). Flag paragraphs where multiple sentences appear on the same line."

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docs/network-policy/customize-network-policy.md` around lines 27 - 28, The
two-sentence paragraph containing "The sandbox policy is defined in a
declarative YAML file in the NemoClaw repository and enforced at runtime by
[NVIDIA OpenShell](https://github.com/NVIDIA/OpenShell)." and "NemoClaw supports
both static policy changes that persist across restarts and dynamic updates
applied to a running sandbox through the OpenShell CLI." should be split so each
sentence is on its own line (one sentence per line) to make diffs
readable—update the block in customize-network-policy.md accordingly.

---

94-96: Split sentences onto separate lines.

The note contains three sentences, with two on the same line.

📝 Proposed fix

 :::{note}
 `access: full` bypasses all HTTP-layer rules.
-The `github` policy uses `access: full` because `git` requires CONNECT tunneling.
-This means method and path restrictions cannot be enforced on `api.github.com` — the agent has full API access.
+The `github` policy uses `access: full` because `git` requires CONNECT tunneling.
+This means method and path restrictions cannot be enforced on `api.github.com` — the agent has full API access.
 See [Security Best Practices](../security/best-practices.md) for hardening options.
 :::

As per coding guidelines: "One sentence per line in source (makes diffs readable)."

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docs/network-policy/customize-network-policy.md` around lines 94 - 96, The
three-sentence note about `access: full` should be split so each sentence is on
its own line; find the paragraph referencing `access: full`, the `github`
policy, and `api.github.com` and break it into three separate lines (one
sentence per line) so "`access: full` bypasses all HTTP-layer rules." is a line,
"The `github` policy uses `access: full` because `git` requires CONNECT
tunneling." is a line, and "This means method and path restrictions cannot be
enforced on `api.github.com` — the agent has full API access." is a line.

docs/reference/network-policies.md (3)

99-101: Split table cell sentences onto separate lines.

The discord rules cell contains three sentences with multiple sentences on the same line.

📝 Proposed fix

-  - REST API allows GET and POST.
-    WebSocket gateway uses `access: full`.
-    CDN allows GET only.
+  - REST API allows GET and POST.
+    WebSocket gateway uses `access: full`.
+    CDN allows GET only.

As per coding guidelines: "One sentence per line in source (makes diffs readable)."

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docs/reference/network-policies.md` around lines 99 - 101, The table cell
currently containing "REST API allows GET and POST. WebSocket gateway uses
`access: full`. CDN allows GET only." should be split so each sentence is on its
own source line; locate the discord rules table cell (the cell text above) and
break it into three separate lines, one for "REST API allows GET and POST.", one
for "WebSocket gateway uses `access: full`.", and one for "CDN allows GET only."
to follow the "one sentence per line" guideline.

---

25-27: Split sentences onto separate lines.

This introduction paragraph contains three sentences with some on the same line.

📝 Proposed fix

 NemoClaw runs with a deny-by-default network policy.
 The sandbox can only reach endpoints that are explicitly allowed.
-Any request to an unlisted destination is intercepted by OpenShell, and the operator is prompted to approve or deny it in real time through the TUI.
+Any request to an unlisted destination is intercepted by OpenShell, and the operator is prompted to approve or deny it in real time through the TUI.

As per coding guidelines: "One sentence per line in source (makes diffs readable)."

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docs/reference/network-policies.md` around lines 25 - 27, The introductory
paragraph containing the sentences starting "NemoClaw runs with a
deny-by-default network policy.", "The sandbox can only reach endpoints that are
explicitly allowed.", and "Any request to an unlisted destination is intercepted
by OpenShell, and the operator is prompted to approve or deny it in real time
through the TUI." should be updated so each sentence is on its own line
(one-sentence-per-line) to follow the style guideline and improve diff
readability; edit that paragraph in docs/reference/network-policies.md so those
three sentences are split into three separate lines exactly as written.

---

105-110: Split note sentences onto separate lines.

The note contains four sentences with some on the same line.

📝 Proposed fix

 :::{note}
-Endpoints with `access: full` use a raw CONNECT tunnel with no HTTP-layer inspection.
-Method and path restrictions cannot be enforced on these endpoints.
-The `github` policy uses `access: full` because `git` requires CONNECT tunneling.
-See [Security Best Practices](../security/best-practices.md) for details on the L4-only vs L7 inspection trade-off.
+Endpoints with `access: full` use a raw CONNECT tunnel with no HTTP-layer inspection.
+Method and path restrictions cannot be enforced on these endpoints.
+The `github` policy uses `access: full` because `git` requires CONNECT tunneling.
+See [Security Best Practices](../security/best-practices.md) for details on the L4-only vs L7 inspection trade-off.
 :::

As per coding guidelines: "One sentence per line in source (makes diffs readable)."

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docs/reference/network-policies.md` around lines 105 - 110, The note block
describing endpoints with `access: full` currently has multiple sentences on the
same lines; split each sentence into its own line in that note (the block
starting with "Endpoints with `access: full` use a raw CONNECT tunnel..." and
including the sentence about the `github` policy and the Security Best Practices
link) so that each sentence is on a separate source line for better diffs and
readability.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@docs/network-policy/customize-network-policy.md`:
- Around line 73-74: The table cell currently has two sentences on one line
("OpenShell creates a raw CONNECT tunnel." and "No HTTP inspection — all traffic
to the host:port is allowed."); split them so each sentence is on its own source
line inside the same table cell (i.e., break the line between the sentences) to
follow the "one sentence per line" guideline and make diffs readable.
- Around line 68-69: The table cell currently contains two sentences on one
line: "OpenShell terminates TLS and inspects HTTP method/path against `rules`.
Only matching requests are forwarded."; split them so each sentence is on its
own line within the same table cell (i.e., break the line between the period
after `rules` and the start of "Only matching...") to follow the
one-sentence-per-line guideline.
- Around line 27-28: The two-sentence paragraph containing "The sandbox policy
is defined in a declarative YAML file in the NemoClaw repository and enforced at
runtime by [NVIDIA OpenShell](https://github.com/NVIDIA/OpenShell)." and
"NemoClaw supports both static policy changes that persist across restarts and
dynamic updates applied to a running sandbox through the OpenShell CLI." should
be split so each sentence is on its own line (one sentence per line) to make
diffs readable—update the block in customize-network-policy.md accordingly.
- Around line 94-96: The three-sentence note about `access: full` should be
split so each sentence is on its own line; find the paragraph referencing
`access: full`, the `github` policy, and `api.github.com` and break it into
three separate lines (one sentence per line) so "`access: full` bypasses all
HTTP-layer rules." is a line, "The `github` policy uses `access: full` because
`git` requires CONNECT tunneling." is a line, and "This means method and path
restrictions cannot be enforced on `api.github.com` — the agent has full API
access." is a line.

In `@docs/reference/network-policies.md`:
- Around line 99-101: The table cell currently containing "REST API allows GET
and POST. WebSocket gateway uses `access: full`. CDN allows GET only." should be
split so each sentence is on its own source line; locate the discord rules table
cell (the cell text above) and break it into three separate lines, one for "REST
API allows GET and POST.", one for "WebSocket gateway uses `access: full`.", and
one for "CDN allows GET only." to follow the "one sentence per line" guideline.
- Around line 25-27: The introductory paragraph containing the sentences
starting "NemoClaw runs with a deny-by-default network policy.", "The sandbox
can only reach endpoints that are explicitly allowed.", and "Any request to an
unlisted destination is intercepted by OpenShell, and the operator is prompted
to approve or deny it in real time through the TUI." should be updated so each
sentence is on its own line (one-sentence-per-line) to follow the style
guideline and improve diff readability; edit that paragraph in
docs/reference/network-policies.md so those three sentences are split into three
separate lines exactly as written.
- Around line 105-110: The note block describing endpoints with `access: full`
currently has multiple sentences on the same lines; split each sentence into its
own line in that note (the block starting with "Endpoints with `access: full`
use a raw CONNECT tunnel..." and including the sentence about the `github`
policy and the Security Best Practices link) so that each sentence is on a
separate source line for better diffs and readability.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 3c7fe703-d636-4673-8a0d-f1cca59dc704

📥 Commits

Reviewing files that changed from the base of the PR and between b551e10 and b10bfab.

📒 Files selected for processing (4)

• docs/deployment/authentication.md
• docs/network-policy/customize-network-policy.md
• docs/reference/network-policies.md
• docs/security/credential-storage.md

✅ Files skipped from review due to trivial changes (2)

• docs/security/credential-storage.md
• docs/deployment/authentication.md

[coderabbitai]

🧹 Nitpick comments (4)

docs/network-policy/customize-network-policy.md (4)

73-75: Convert to active voice.

Line 74 uses passive voice: "all traffic to the host:port is allowed."

Suggested revision for lines 73-74:
"OpenShell creates a raw CONNECT tunnel.
OpenShell allows all traffic to the host:port without HTTP inspection."

As per coding guidelines: "Active voice required. Flag passive constructions."

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docs/network-policy/customize-network-policy.md` around lines 73 - 75, Update
the passive sentence following "OpenShell creates a raw CONNECT tunnel." to
active voice by replacing "all traffic to the host:port is allowed." with an
active construction; for example, change the second line to "OpenShell allows
all traffic to the host:port without HTTP inspection." so the two lines read
together as an active-voice description of the CONNECT tunnel behavior.

---

68-69: Convert to active voice.

"Only matching requests are forwarded" uses passive voice.

Suggested revision:
"OpenShell forwards only matching requests."

As per coding guidelines: "Active voice required. Flag passive constructions."

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docs/network-policy/customize-network-policy.md` around lines 68 - 69,
Replace the passive sentence "Only matching requests are forwarded." with an
active-voice construction; update the text following "OpenShell terminates TLS
and inspects HTTP method/path against `rules`." to read "OpenShell forwards only
matching requests." so the subject "OpenShell" performs the action (refer to the
existing phrase "OpenShell terminates TLS and inspects HTTP method/path against
`rules`" and replace the passive sentence immediately after it).

---

27-27: Convert to active voice.

The sentence uses passive constructions ("is defined" and "enforced").

Suggested revision:
"A declarative YAML file in the NemoClaw repository defines the sandbox policy, and NVIDIA OpenShell enforces it at runtime."

As per coding guidelines: "Active voice required. Flag passive constructions."

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docs/network-policy/customize-network-policy.md` at line 27, The sentence
uses passive voice ("is defined" and "enforced"); rewrite it in active voice by
making the subject perform the actions — e.g., change "The sandbox policy is
defined in a declarative YAML file in the NemoClaw repository and enforced at
runtime by NVIDIA OpenShell." to an active construction such as "A declarative
YAML file in the NemoClaw repository defines the sandbox policy, and NVIDIA
OpenShell enforces it at runtime," replacing the passive phrases "is defined"
and "enforced" accordingly.

---

96-96: Convert to active voice.

"method and path restrictions cannot be enforced" uses passive voice.

Suggested revision:
"This means OpenShell cannot enforce method and path restrictions on api.github.com — the agent has full API access."

As per coding guidelines: "Active voice required. Flag passive constructions."

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docs/network-policy/customize-network-policy.md` at line 96, Replace the
passive-voice sentence "method and path restrictions cannot be enforced on
`api.github.com` — the agent has full API access." with an active-voice version
that names the system doing the enforcing, e.g., change it to "OpenShell cannot
enforce method and path restrictions on `api.github.com` — the agent has full
API access." Update the sentence in the docs network-policy text (the line
containing the quoted sentence) to use "OpenShell cannot enforce..." so it
conforms to the active-voice guideline.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@docs/network-policy/customize-network-policy.md`:
- Around line 73-75: Update the passive sentence following "OpenShell creates a
raw CONNECT tunnel." to active voice by replacing "all traffic to the host:port
is allowed." with an active construction; for example, change the second line to
"OpenShell allows all traffic to the host:port without HTTP inspection." so the
two lines read together as an active-voice description of the CONNECT tunnel
behavior.
- Around line 68-69: Replace the passive sentence "Only matching requests are
forwarded." with an active-voice construction; update the text following
"OpenShell terminates TLS and inspects HTTP method/path against `rules`." to
read "OpenShell forwards only matching requests." so the subject "OpenShell"
performs the action (refer to the existing phrase "OpenShell terminates TLS and
inspects HTTP method/path against `rules`" and replace the passive sentence
immediately after it).
- Line 27: The sentence uses passive voice ("is defined" and "enforced");
rewrite it in active voice by making the subject perform the actions — e.g.,
change "The sandbox policy is defined in a declarative YAML file in the NemoClaw
repository and enforced at runtime by NVIDIA OpenShell." to an active
construction such as "A declarative YAML file in the NemoClaw repository defines
the sandbox policy, and NVIDIA OpenShell enforces it at runtime," replacing the
passive phrases "is defined" and "enforced" accordingly.
- Line 96: Replace the passive-voice sentence "method and path restrictions
cannot be enforced on `api.github.com` — the agent has full API access." with an
active-voice version that names the system doing the enforcing, e.g., change it
to "OpenShell cannot enforce method and path restrictions on `api.github.com` —
the agent has full API access." Update the sentence in the docs network-policy
text (the line containing the quoted sentence) to use "OpenShell cannot
enforce..." so it conforms to the active-voice guideline.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: af288416-e316-450e-bce4-54b25ed70ba1

📥 Commits

Reviewing files that changed from the base of the PR and between b10bfab and ddbaf20.

📒 Files selected for processing (1)

• docs/network-policy/customize-network-policy.md