fix(sandbox): export GIT_SSL_CAINFO so git trusts proxy CA

[ericksoa]

Summary

• Detect SSL_CERT_FILE in nemoclaw-start.sh and export GIT_SSL_CAINFO so git trusts the L7 proxy CA
• Persist GIT_SSL_CAINFO into proxy-env.sh for connect sessions
• Add GIT_SSL_CAINFO, GIT_SSL_CAPATH, CURL_CA_BUNDLE, REQUESTS_CA_BUNDLE to the TLS allowlist in subprocess-env.ts (CLI + plugin)
• Add tests for the new allowlist entries and entrypoint behaviour

Closes #2270

Test plan

• npm test — credential-exposure and service-env tests pass
• Manual: onboard a sandbox behind L7 proxy, confirm git clone succeeds
• Verify proxy-env.sh includes GIT_SSL_CAINFO in connect sessions

🤖 Generated with Claude Code

Summary by CodeRabbit

• Bug Fixes

  • Forward additional TLS/CA environment variables (Git, cURL, Python requests and related CA path/bundle vars) to spawned subprocesses and export the Git CA setting into interactive proxy sessions to avoid certificate verification failures under proxy/MITM setups.

• Tests

  • Added regression and integration tests ensuring consistent propagation and persistence of CA/TLS environment variables across CLI and proxy sessions.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 3dc71045-2123-4529-baab-50636dfd8675

📥 Commits

Reviewing files that changed from the base of the PR and between baa53b8 and 64fdeef.

📒 Files selected for processing (2)

• scripts/nemoclaw-start.sh
• test/service-env.test.ts

✅ Files skipped from review due to trivial changes (1)

• test/service-env.test.ts

---

📝 Walkthrough

Walkthrough

Entrypoint and proxy env scripts now export/persist GIT_SSL_CAINFO (sourced from SSL_CERT_FILE if present). The subprocess environment allowlist was extended to forward additional Git/cURL/requests CA-related variables to spawned subprocesses.

Changes

Cohort / File(s)	Summary
TLS Environment Variable Allowlisting nemoclaw/src/lib/subprocess-env.ts, src/lib/subprocess-env.ts	Expanded TLS allowlist to include GIT_SSL_CAINFO, GIT_SSL_CAPATH, CURL_CA_BUNDLE, and REQUESTS_CA_BUNDLE so these are forwarded to spawned subprocesses.
Proxy Entrypoint Configuration scripts/nemoclaw-start.sh	Adds conditional export of GIT_SSL_CAINFO from SSL_CERT_FILE when the CA bundle exists and emits that export into the generated proxy env persistence script used by sandbox connect sessions.
TLS Allowlist Consistency Tests test/credential-exposure.test.ts	Adds tests to assert CLI and plugin subprocess-env.ts TLS allowlists contain the same CA/TLS env var entries.
Entrypoint Integration Tests test/service-env.test.ts	Adds Vitest cases validating nemoclaw-start.sh exports GIT_SSL_CAINFO when SSL_CERT_FILE exists and that the generated proxy-env.sh includes or omits GIT_SSL_CAINFO appropriately.

Sequence Diagram(s)

sequenceDiagram
  participant Entrypoint as Entrypoint Script
  participant FS as Filesystem (/tmp/proxy-env.sh)
  participant Sandbox as Sandbox Session
  participant Subprocess as Spawned Subprocess

  Entrypoint->>Entrypoint: read SSL_CERT_FILE
  alt SSL_CERT_FILE exists
    Entrypoint->>Entrypoint: set GIT_SSL_CAINFO=SSL_CERT_FILE
  end
  Entrypoint->>FS: emit proxy-env.sh (include GIT_SSL_CAINFO if set)
  Sandbox->>FS: source proxy-env.sh on connect
  Sandbox->>Subprocess: spawn process (inherits env vars)
  Subprocess->>Subprocess: git / curl / requests use CA env vars

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

🐰 I found the CA beneath the shell,

I set GIT_SSL_CAINFO to cast its spell,
Now clones hop through TLS with ease,
No more cert errors to displease,
A rabbit cheers — secure and well.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'fix(sandbox): export GIT_SSL_CAINFO so git trusts proxy CA' accurately describes the main change—exporting GIT_SSL_CAINFO to fix git HTTPS clones in proxied sandboxes.
Linked Issues check	✅ Passed	All code requirements from issue #2270 are met: GIT_SSL_CAINFO is exported from nemoclaw-start.sh, persisted to proxy-env.sh, and TLS allowlist updated to include git/curl/requests CA variables.
Out of Scope Changes check	✅ Passed	All changes directly address issue #2270: subprocess-env allowlist expansions, nemoclaw-start.sh entrypoint exports, proxy-env persistence, and corresponding test coverage for TLS consistency and entrypoint behavior.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/git-ssl-cainfo-2270

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (2)

test/credential-exposure.test.ts (1)

121-124: Consider making TLS extraction less formatting-sensitive.

Current comparison depends on raw source slicing. Extracting quoted entries before compare would reduce test brittleness.

Possible tweak

-    const extractTLS = (src) => {
-      const match = src.match(/const TLS = \[([\s\S]*?)\];/);
-      return match ? match[1].replace(/\s/g, "") : "";
-    };
+    const extractTLS = (src) => {
+      const match = src.match(/const TLS = \[([\s\S]*?)\];/);
+      if (!match) return "";
+      const entries = match[1].match(/"[^"]+"/g) ?? [];
+      return entries.join(",");
+    };

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@test/credential-exposure.test.ts` around lines 121 - 124, The extractTLS
helper is brittle because it returns the raw slice of the TLS array and strips
whitespace, making tests sensitive to formatting; change extractTLS to parse the
array entries and return the list of quoted string entries (e.g., by finding all
single/double-quoted tokens inside the matched array using a global regex and
returning them joined or as an array) so comparisons operate on the actual
values rather than source formatting; update places that call extractTLS to
compare normalized entries (order/stable join) instead of raw string slices.

scripts/nemoclaw-start.sh (1)

866-869: Escape persisted GIT_SSL_CAINFO before writing sourced shell content.

This value is written into a file that is later sourced. Using direct interpolation can allow unintended re-expansion of special characters.

Proposed hardening

-  if [ -n "${GIT_SSL_CAINFO:-}" ]; then
-    echo "export GIT_SSL_CAINFO=\"$GIT_SSL_CAINFO\""
-  fi
+  if [ -n "${GIT_SSL_CAINFO:-}" ]; then
+    printf 'export GIT_SSL_CAINFO=%q\n' "$GIT_SSL_CAINFO"
+  fi

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@scripts/nemoclaw-start.sh` around lines 866 - 869, The script currently
echoes GIT_SSL_CAINFO directly into a file that will later be sourced, which
risks unintended shell re-expansion of special characters; modify the block that
checks if [ -n "${GIT_SSL_CAINFO:-}" ] (the if ... echo ... fi sequence) to
write an escaped/quoted form of the variable instead of raw interpolation (e.g.,
use a shell-safe quoting/escaping approach such as printf with %q or properly
single-quote-escape the value) so the persisted export line is safe to source
and cannot be re-expanded.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@scripts/nemoclaw-start.sh`:
- Around line 866-869: The script currently echoes GIT_SSL_CAINFO directly into
a file that will later be sourced, which risks unintended shell re-expansion of
special characters; modify the block that checks if [ -n "${GIT_SSL_CAINFO:-}" ]
(the if ... echo ... fi sequence) to write an escaped/quoted form of the
variable instead of raw interpolation (e.g., use a shell-safe quoting/escaping
approach such as printf with %q or properly single-quote-escape the value) so
the persisted export line is safe to source and cannot be re-expanded.

In `@test/credential-exposure.test.ts`:
- Around line 121-124: The extractTLS helper is brittle because it returns the
raw slice of the TLS array and strips whitespace, making tests sensitive to
formatting; change extractTLS to parse the array entries and return the list of
quoted string entries (e.g., by finding all single/double-quoted tokens inside
the matched array using a global regex and returning them joined or as an array)
so comparisons operate on the actual values rather than source formatting;
update places that call extractTLS to compare normalized entries (order/stable
join) instead of raw string slices.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: ad75f5f7-2dff-4f46-ad73-c82ca59c1e24

📥 Commits

Reviewing files that changed from the base of the PR and between b1afc50 and f36d9d3.

📒 Files selected for processing (5)

• nemoclaw/src/lib/subprocess-env.ts
• scripts/nemoclaw-start.sh
• src/lib/subprocess-env.ts
• test/credential-exposure.test.ts
• test/service-env.test.ts

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@scripts/nemoclaw-start.sh`:
- Around line 973-976: The line echo "export GIT_SSL_CAINFO=\"$GIT_SSL_CAINFO\""
writes an unescaped value into the generated proxy-env.sh and can allow shell
substitution; instead, escape the variable before emitting it (e.g., replace
each single quote in $GIT_SSL_CAINFO with '\'' and then wrap the result in
single quotes, or use a portable printf %q where available) and write the safe
quoted value into the export line so the emitted "export GIT_SSL_CAINFO='...'"
cannot be interpreted as code when proxy-env.sh is sourced.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 1c577252-eb8b-4607-95ad-efaf8b63dc01

📥 Commits

Reviewing files that changed from the base of the PR and between f36d9d3 and c612997.

📒 Files selected for processing (2)

• scripts/nemoclaw-start.sh
• test/service-env.test.ts