fix(policy): allow real sandbox clients in docker preset (Fixes #1406)

[deepujain]

Summary

Fixes #1406.

The docker policy preset only allowed /usr/bin/docker, but the sandbox image does not ship a Docker CLI there. That made the preset effectively unusable because no real sandbox client could match the binary filter and reach Docker Hub or nvcr.io.

Changes

• Updated nemoclaw-blueprint/policies/presets/docker.yaml to allow the clients that actually exist in the sandbox image:
  • Node (/usr/local/bin/node*, /usr/bin/node*)
  • curl (/usr/local/bin/curl*, /usr/bin/curl*)
• Added a regression check in test/policies.test.js to make sure the preset no longer points at /usr/bin/docker and still includes all four real sandbox client paths.

Testing

• npm run build:cli
• npm test -- test/policies.test.js

Evidence it works

• test/policies.test.js passes with the updated preset and confirms the Docker policy now targets binaries that exist in the sandbox image.
• I also ran the full npm test suite in this worktree. The Docker preset change did not introduce any policy-test regressions, but the broader suite still hit unrelated existing failures in:
  • test/security-c2-dockerfile-injection.test.js
  • src/lib/preflight.test.ts
  • test/install-preflight.test.js

Signed-off-by: Deepak Jain deepujain@gmail.com

Summary by CodeRabbit

• Configuration Updates

  • Docker network policy preset: replaced direct Docker executable reference with wildcarded Node and cURL executable paths to adjust allowed system binaries.

• Tests

  • Added a test that verifies the Docker preset loads, excludes the Docker executable, and includes the expected Node and cURL binary entries.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: ecd67664-e5c4-4b28-9222-0fda5f84f984

📥 Commits

Reviewing files that changed from the base of the PR and between fdea0d5 and e326d43.

📒 Files selected for processing (1)

• test/policies.test.js

✅ Files skipped from review due to trivial changes (1)

• test/policies.test.js

---

📝 Walkthrough

Walkthrough

Replaced the Docker preset's single binary allowlist entry /usr/bin/docker with four wildcarded entries for Node and curl (/usr/local/bin/node*, /usr/bin/node*, /usr/local/bin/curl*, /usr/bin/curl*) and added a test asserting these changes.

Changes

Cohort / File(s)	Summary
Docker Policy Preset nemoclaw-blueprint/policies/presets/docker.yaml	Replaced the single /usr/bin/docker binaries allowlist entry with four wildcarded entries targeting Node and curl in common paths.
Preset Tests test/policies.test.js	Added a test that loads the docker preset, asserts it is non-empty, verifies /usr/bin/docker is not present, and verifies presence of /usr/local/bin/node, /usr/bin/node, /usr/local/bin/curl, and /usr/bin/curl.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐇 I nibbled at a missing path, then found a fix so spry,

Node and curl now roaming free beneath the sandbox sky.
Wildcards stitched the pathway true, the registries sing — hooray!
— A rabbit's hop to network dreams, and cookies on the way.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: allowing real sandbox clients (node and curl) in the docker preset policy, directly addressing the core objective.
Linked Issues check	✅ Passed	The PR fully addresses issue #1406 by replacing the non-existent /usr/bin/docker binary with actual sandbox client paths (node and curl) and includes regression tests validating the fix.
Out of Scope Changes check	✅ Passed	All changes are directly scoped to fixing the docker preset policy and adding related tests; no unrelated modifications are present.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@test/policies.test.js`:
- Around line 515-522: The test "docker preset targets clients that exist inside
the sandbox" is missing an assertion for the fourth binary path; update the test
(in the it block calling policies.loadPreset("docker")) to include an expect
that content.includes("/usr/local/bin/curl") is true so all four allowed docker
preset binaries are validated by the test.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 9f607f9a-7e7e-44b3-a156-f84fa7b93c1a

📥 Commits

Reviewing files that changed from the base of the PR and between f4a01cf and fdea0d5.

📒 Files selected for processing (2)

• nemoclaw-blueprint/policies/presets/docker.yaml
• test/policies.test.js

[wscurran]

✨ Thanks for submitting this fix, which proposes a way to make the Docker policy preset usable by allowing real sandbox clients like Node and curl. This addresses a key usability issue and adds helpful regression coverage.

---

Possibly related open issues:

• #1406 [NemoClaw][all platform] docker policy preset is effectively unusable — binary path /usr/bin/docker does not exist in sandbox

[deepujain]

Added the missing /usr/local/bin/curl assertion so the regression test now checks all four allowed client paths. I reran npm test -- test/policies.test.js, and it passed locally. I also updated the PR description with the required DCO sign-off line, so the failing dco-check should clear on the rerun.