fix(policy): remove telegram + discord from base sandbox policy

[latenighthackathon]

Summary

The base sandbox policy (nemoclaw-blueprint/policies/openclaw-sandbox.yaml) was silently granting every sandbox egress to api.telegram.org, discord.com, gateway.discord.gg, and cdn.discordapp.com — regardless of whether the user enabled the telegram/discord messaging channel in step [5/8] or ticked the preset in step [8/8] of onboard. This is a regression of a previously-fixed behavior.

After a fresh onboard that explicitly skipped messaging channels and did not tick Discord in the Balanced-tier preset picker, nemoclaw <name> policy-list reports:

● discord — Discord API, gateway, and CDN access (active on gateway, missing from local state)

Problem

Regression history:

• #1705 (2026-04-09, 77051cc8) — removed telegram and discord from baseline "for exactly this reason." Explicitly called it a data exfiltration vector.
• #1700 (2026-04-14, 855924fd) — an unrelated npm_registry PR that was rebased on a branch predating fix(security): remove pre-allowed messaging from base sandbox policy #1705. The CodeRabbit release notes on fix(policy): restrict baseline npm_registry to openclaw binary only #1700 even flagged it: "Added network policy entries to enable controlled Telegram and Discord messaging access." The messaging entries came back as part of that PR's conflict-resolution and have been in the baseline since.

Once discord exists as a key in the gateway's loaded policy, policies.getGatewayPresets() detects the Discord preset as active (it matches on key presence). nemoclaw policy-list then renders the misleading "active on gateway, missing from local state" line for a preset the user never selected — and the egress is actually enforced, so it's a real capability grant, not just a display bug.

Test plan

• npx vitest run test/validate-blueprint.test.ts test/policies.test.ts — 124 tests pass, including the three new regression tests that guard against this specific re-add pattern for telegram, discord, and slack.
• npx vitest run test/validate-configs-dangerous-hosts.test.ts test/onboard.test.ts — 160 tests pass. No onboard-flow regressions.
• Manually verified that users who enable a messaging channel in step [5/8] and apply the corresponding preset in step [8/8] still get identical endpoint access via presets/{telegram,discord}.yaml (no preset YAML changes in this PR).
• openclaw-sandbox-permissive.yaml (used for --dangerously-skip-permissions) unchanged — permissive users still get pre-allowed messaging as before.

Fixes #2180.

Signed-off-by: latenighthackathon latenighthackathon@users.noreply.github.com

[copy-pr-bot]

This pull request requires additional validation before any workflows can run on NVIDIA's runners.

Pull request vetters can view their responsibilities here.

Contributors can view more details about this message here.

[coderabbitai]

📝 Walkthrough

Walkthrough

The OpenClaw sandbox baseline policy removes network egress rules for messaging providers (telegram, discord) and replaces them with documentation, while new regression tests prevent accidental reintroduction of messaging provider access.

Changes

Cohort / File(s)	Summary
Messaging Provider Network Policy Removal nemoclaw-blueprint/policies/openclaw-sandbox.yaml	Deleted telegram and discord network policy entries (46 lines removed) including endpoint allow rules and node-binary restrictions. Replaced with explanatory comment indicating messaging providers are intentionally excluded from baseline and available through opt-in preset configuration.
Regression Test Coverage test/validate-blueprint.test.ts	Added 53 lines of test assertions within the base sandbox policy test suite to prevent reintroduction of messaging provider network access. Tests verify absence of telegram, discord, and slack top-level network policy entries and validate no endpoints resolve to associated hostnames (including Slack subdomains and websocket hosts).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐰 With whiskers twitching, I hop with glee,
Messaging endpoints removed with care—you see?
No telegram, no discord in the baseline's way,
Opt-in it shall be! Tests keep strays at bay! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Title check	✅ Passed	The title accurately describes the main change: removing Telegram and Discord network policies from the base sandbox policy file, which is the primary purpose of the PR.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}