fix(policy): allow real sandbox clients in docker preset (Fixes #1406)

[deepujain]

Summary

Fixes #1406.

The docker policy preset only allowed /usr/bin/docker, but the sandbox image does not ship a Docker CLI there. That made the preset effectively unusable because no real sandbox client could match the binary filter and reach Docker Hub or nvcr.io.

Changes

• Updated nemoclaw-blueprint/policies/presets/docker.yaml to allow the clients that actually exist in the sandbox image:
  • Node (/usr/local/bin/node*, /usr/bin/node*)
  • curl (/usr/local/bin/curl*, /usr/bin/curl*)
• Added a regression check in test/policies.test.js to make sure the preset no longer points at /usr/bin/docker and still includes all four real sandbox client paths.

Testing

• npm run build:cli
• npm test -- test/policies.test.js

Evidence it works

• test/policies.test.js passes with the updated preset and confirms the Docker policy now targets binaries that exist in the sandbox image.
• I also ran the full npm test suite in this worktree. The Docker preset change did not introduce any policy-test regressions, but the broader suite still hit unrelated existing failures in:
  • test/security-c2-dockerfile-injection.test.js
  • src/lib/preflight.test.ts
  • test/install-preflight.test.js

Signed-off-by: Deepak Jain deepujain@gmail.com

Summary by CodeRabbit

• New Features

  • Added a Docker preset policy providing predefined access to Docker Hub and NVIDIA container registries (HTTPS, TLS terminate) with allow rules for registry requests and an allowlist permitting node and curl executables.

• Tests

  • Updated tests to include the new Docker preset and validate its presence and expected contents.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Adds a new Docker registry preset configuring network policies for Docker Hub and NVIDIA registries and an allowlist of common sandbox binaries (node and curl); updates tests to include and validate the new preset.

Changes

Cohort / File(s)	Summary
Docker Registry Preset Configuration nemoclaw-blueprint/policies/presets/docker.yaml	New docker preset adding network_policies.docker_registries with endpoints for registry-1.docker.io, auth.docker.io, nvcr.io, authn.nvidia.com (port 443, enforcement: enforce, tls: terminate) and GET/POST allow rules; binaries allowlist for node* and curl* under /usr/local/bin and /usr/bin.
Policy Tests test/policies.test.ts	Updated expectations: preset count 12 (was 11), added docker to preset list, and added assertions that loadPreset("docker") is non-empty, excludes /usr/bin/docker, and includes /usr/local/bin/node, /usr/bin/node, /usr/local/bin/curl, /usr/bin/curl.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 I hopped through configs, tidy and quick,
I let node and curl do the trick.
Registries open on port four-four-three,
No docker binary to block the spree.
Merry builds and fetches — joy for me!

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly describes the main change: fixing the docker policy preset to allow sandbox clients (Node.js and curl) instead of a non-existent /usr/bin/docker binary.
Linked Issues check	✅ Passed	The PR fully addresses issue #1406 by updating the docker preset to permit Node.js and curl binaries that exist in the sandbox image, eliminating 403 failures when accessing Docker registries.
Out of Scope Changes check	✅ Passed	All changes are directly scoped to fixing issue #1406: the docker preset configuration and its regression test. No unrelated modifications are present.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@test/policies.test.js`:
- Around line 515-522: The test "docker preset targets clients that exist inside
the sandbox" is missing an assertion for the fourth binary path; update the test
(in the it block calling policies.loadPreset("docker")) to include an expect
that content.includes("/usr/local/bin/curl") is true so all four allowed docker
preset binaries are validated by the test.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 9f607f9a-7e7e-44b3-a156-f84fa7b93c1a

📥 Commits

Reviewing files that changed from the base of the PR and between f4a01cf and fdea0d5.

📒 Files selected for processing (2)

• nemoclaw-blueprint/policies/presets/docker.yaml
• test/policies.test.js

[wscurran]

✨ Thanks for submitting this fix, which proposes a way to make the Docker policy preset usable by allowing real sandbox clients like Node and curl. This addresses a key usability issue and adds helpful regression coverage.

---

Possibly related open issues:

• #1406 [NemoClaw][all platform] docker policy preset is effectively unusable — binary path /usr/bin/docker does not exist in sandbox

[deepujain]

Added the missing /usr/local/bin/curl assertion so the regression test now checks all four allowed client paths. I reran npm test -- test/policies.test.js, and it passed locally. I also updated the PR description with the required DCO sign-off line, so the failing dco-check should clear on the rerun.

[cr7258]

From my understanding, allowing curl and node doesn’t fully solve the problem—it mainly enables registry access rather than real Docker usage.
To truly address this, we’d likely need the sandbox to support running Docker commands, or an equivalent runtime (e.g., containerd/nerdctl).

[deepujain]

Yep, agreed on the distinction. This PR is only fixing #1406 as written: the preset currently points at /usr/bin/docker, which does not exist, so even basic registry requests from clients that do exist in the sandbox get blocked. It does not claim to add full Docker-in-sandbox support; if we want actual docker or nerdctl runtime support, that feels like a separate follow-up issue.

[cv]

I attempted to port this branch across the JS→TS migration and merge the latest main, but it still needs manual follow-up.

Please start with:

git fetch origin
git merge origin/main
npx tsx scripts/ts-migration-assist.ts --base origin/main --write
npm run build:cli
npm run typecheck:cli
npm run lint
npm test

[cv]

I retried the automated JS→TS migration port, but this branch still needs manual follow-up after merging main.

Please start with:

git fetch origin
git merge origin/main
npx tsx scripts/ts-migration-assist.ts --base origin/main --write
npm run build:cli
npm run typecheck:cli
npm run lint
npm test

[deepujain]

Rebased this onto the latest main and ported the fix through the current preset/test layout. The Docker preset is back in the active preset set with the real sandbox client paths, and both npm run build:cli and npm test -- test/policies.test.ts pass locally.

[deepujain]

Rebased this onto the latest main and reran the focused policy suite. The docker preset and its regression coverage still line up cleanly on top of current main. Ready for another look.

[deepujain]

Rebased this onto the latest main again. The docker preset still lines up with the current preset layout, and npm run build:cli plus npm test -- test/policies.test.ts pass locally.

[wscurran]

Thanks for the docker preset fix. The docker preset was removed entirely in 2513f2fb (fix: remove docker policy preset, #1406 / #1647), which is on main. Closing as superseded.