Skip to content

policy: allow Hermes inference audio endpoints#5532

Closed
HOYALIM wants to merge 2 commits into
NVIDIA:mainfrom
HOYALIM:codex/issue-1520-audio-gateway
Closed

policy: allow Hermes inference audio endpoints#5532
HOYALIM wants to merge 2 commits into
NVIDIA:mainfrom
HOYALIM:codex/issue-1520-audio-gateway

Conversation

@HOYALIM

@HOYALIM HOYALIM commented Jun 17, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Allows Hermes managed inference.local policy to call POST /v1/audio/transcriptions and POST /v1/audio/speech.
  • Updates the Hermes policy shape regression test so speech endpoints stay in the allowlist.

Scope note

This is the NemoClaw-side policy prerequisite for #1520. The actual inference.local proxy route owner is OpenShell, so this PR does not by itself add gateway routing for speech bodies. OpenClaw policy already permits POST /** for managed inference; Hermes had the narrow allowlist that would block these endpoints once OpenShell supports them.

Validation

  • NODE_PATH=/Users/holim/code/NemoClaw/node_modules /Users/holim/code/NemoClaw/node_modules/.bin/vitest run test/validate-blueprint.test.ts
  • git diff --check

Refs #1520

Summary by CodeRabbit

  • New Features

    • Expanded network access for the REST API by adding explicit permission for additional POST egress requests to /v1/audio/transcriptions and /v1/audio/speech.
  • Tests

    • Updated sandbox policy validation tests to match the tightened allowlist shape, including the newly allowed audio endpoint rules.

@copy-pr-bot

copy-pr-bot Bot commented Jun 17, 2026

Copy link
Copy Markdown

This pull request requires additional validation before any workflows can run on NVIDIA's runners.

Pull request vetters can view their responsibilities here.

Contributors can view more details about this message here.

@coderabbitai

coderabbitai Bot commented Jun 17, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 7a1b0ced-3b97-41d9-ad19-307a2e32f63c

📥 Commits

Reviewing files that changed from the base of the PR and between 6e6d3ce and ac380c2.

📒 Files selected for processing (1)
  • agents/hermes/policy-additions.yaml
✅ Files skipped from review due to trivial changes (1)
  • agents/hermes/policy-additions.yaml

📝 Walkthrough

Walkthrough

Two POST egress allow rules for /v1/audio/transcriptions and /v1/audio/speech are added to the Hermes managed_inference network policy. The blueprint validation test now asserts these two paths in the managed_inference allowlist.

Changes

Hermes Audio Endpoint Policy Addition

Layer / File(s) Summary
managed_inference audio endpoint rules and test coverage
agents/hermes/policy-additions.yaml, test/validate-blueprint.test.ts
Adds POST allow rules for /v1/audio/transcriptions and /v1/audio/speech on inference.local:443, documents the allowlist shape in the test helper comment, and extends the blueprint validation assertion to include both paths.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly captures the main change: expanding Hermes inference policy to allow audio endpoints.
Docstring Coverage ✅ Passed Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands.

@HOYALIM
HOYALIM force-pushed the codex/issue-1520-audio-gateway branch from 7aa4004 to 4feb9be Compare June 17, 2026 06:41
@HOYALIM
HOYALIM marked this pull request as ready for review June 17, 2026 06:42
Copilot AI review requested due to automatic review settings June 17, 2026 06:42

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

Adds Hermes network policy coverage for OpenAI audio endpoints so the sandbox policy allows audio transcription and speech requests.

Changes:

  • Allow POST /v1/audio/transcriptions in Hermes network policy.
  • Allow POST /v1/audio/speech in Hermes network policy.
  • Extend the Hermes sandbox policy test expectations to include the new endpoints.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
test/validate-blueprint.test.ts Updates policy validation test to expect the new audio endpoint allowances.
agents/hermes/policy-additions.yaml Adds the two audio endpoint allow-rules to Hermes’ network policy additions.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@AnaMoreno-PI

Copy link
Copy Markdown

Hitting this exact limitation on Azure AI Foundry

We're running Hermes inside an Azure VM with NemoClaw, routing all inference through inference.local to stay within our Azure tenant. We've deployed gpt-4o-mini-tts and whisper in Azure AI Foundry and configured Hermes TTS/STT to use https://inference.local as base URL — but every audio request gets blocked by managed_inference enforcement.

The irony: the credentials, the models, and the gateway are all inside our tenant. The only missing piece is the two audio routes on the gateway side.

This is blocking voice interaction for an enterprise use case where leaving the Azure tenant is not an option. A +1 on the proposed fix — same credential injection pattern as chat completions, just extended to /v1/audio/speech and /v1/audio/transcriptions.

@wscurran wscurran added area: policy Network policy, egress rules, presets, or sandbox policy feature PR adds or expands user-visible functionality integration: hermes Hermes integration behavior labels Jun 23, 2026
@wscurran

Copy link
Copy Markdown
Contributor

✨ Thanks for the proposed policy update allowing Hermes managed inference to call audio transcription and speech endpoints. This proposes a way to expand the Hermes policy allowlist for POST /v1/audio/transcriptions and POST /v1/audio/speech while updating the regression test.


Related open issues:

@HOYALIM HOYALIM changed the title [codex] policy: allow Hermes inference audio endpoints policy: allow Hermes inference audio endpoints Jun 30, 2026
HOYALIM added 2 commits June 30, 2026 12:24
Signed-off-by: Ho Lim <subhoya@gmail.com>
Signed-off-by: Ho Lim <subhoya@gmail.com>
@HOYALIM
HOYALIM force-pushed the codex/issue-1520-audio-gateway branch from 6e6d3ce to ac380c2 Compare June 30, 2026 19:26
@apurvvkumaria apurvvkumaria added the v0.0.79 Release target label Jul 8, 2026
@apurvvkumaria apurvvkumaria self-assigned this Jul 8, 2026
@apurvvkumaria

Copy link
Copy Markdown
Collaborator

Closing this as premature after an exact-head merge-gate and 9-category security review.

The NemoClaw-side allow rules cannot enable this feature today:

  • NemoClaw main pins OpenShell 0.0.72 (blueprint).
  • OpenShell 0.0.72's supported inference.local patterns do not include either audio path, and unmatched requests are denied (route documentation, route table).
  • OpenShell current main still has the same route table with no /v1/audio/transcriptions or /v1/audio/speech support (current source).
  • Hermes' currently implemented managed audio path is the separate openai-audio tool gateway, not inference.local (current NemoClaw matrix).

Security review:

Category Verdict Evidence
Secrets / credentials PASS No secret material added.
Input validation PASS The proposed rules remain exact method/path grants.
Authentication / authorization WARNING The required gateway credential stripping/injection behavior for these routes does not exist to review.
Dependencies PASS No dependency change.
Error handling / logging N/A No runtime route implementation is present.
Cryptography / data protection PASS No cryptographic or transport-setting change.
Configuration security FAIL The Hermes baseline would gain dormant permissions for unsupported endpoints, contrary to its deny-by-default/least-privilege purpose.
Security testing FAIL The new test only asserts that the permissions exist; it does not exercise multipart transcription upload, binary/streamed speech responses, credential isolation, rejection behavior, or a Hermes end-to-end route.
Holistic review FAIL Landing the policy first creates a latent grant that could become active when upstream behavior changes, without coupling that activation to the missing route/security tests.

Merge-gate evidence on exact head ac380c225f69d96c43c8a2116808a34370cec2ef:

  • Both commits are GitHub-verified.
  • Targeted validation passes: 63/63 validate-blueprint tests; git diff --check passes.
  • Required checks, commit-lint, and dco-check runs are absent.
  • The PR body lacks the repository-required Signed-off-by: declaration.
  • No unresolved review threads or competing PR were found.

The right sequence is to implement and security-test the OpenShell routes first (including multipart upload, binary/streamed response framing, credential isolation, and denial cases), then add the Hermes allowlist together with an executable Hermes acceptance test. Issue #1520 remains open and assigned to @jyaunches.

Thank you, @HOYALIM: this PR correctly identified Hermes' narrower policy layer and added a useful exact-shape regression test. That analysis and test design should be credited and reused when the upstream route dependency exists. No contributor code is being carried forward in this closure.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area: policy Network policy, egress rules, presets, or sandbox policy feature PR adds or expands user-visible functionality integration: hermes Hermes integration behavior v0.0.79 Release target

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants