fix(runtime): use prependSystemContext to prevent runtime instructions leaking into chat UI

[kagura-agent]

Summary

Fixes #4019 — system runtime instructions (<nemoclaw-runtime> block) leaking into the chat UI on the third message.

Root Cause

registerRuntimeContext() was using prependContext in the before_prompt_build hook return. In the OpenClaw host, prependContext prepends content to the user-visible conversation prompt, which means the sandbox policy instructions could appear in the chat UI — especially with models like Nemotron 3 Super 120B via Ollama that may echo prepended context.

Fix

Switch from prependContext to prependSystemContext, which injects into the system prompt (invisible to users). This matches the intent of these instructions as system-level runtime context that should never be displayed to the user.

Changes

• nemoclaw/src/runtime-context.ts: prependContext → prependSystemContext (1 line)
• nemoclaw/src/runtime-context.test.ts: Updated test expectations to match (3 test assertions)

Testing

npx vitest run nemoclaw/src/runtime-context.test.ts
# ✓ 6 tests passed (runtime-context.test.ts)

Summary by CodeRabbit

• Refactor
  • Updated how runtime context is supplied to system prompts, improving sandbox configuration and policy handling during agent processing.

[copy-pr-bot]

This pull request requires additional validation before any workflows can run on NVIDIA's runners.

Pull request vetters can view their responsibilities here.

Contributors can view more details about this message here.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 3a4f5e90-8dde-4180-9a4e-2e5d0b0231e5

📥 Commits

Reviewing files that changed from the base of the PR and between 1bdb519 and 457b240.

📒 Files selected for processing (2)

• nemoclaw/src/runtime-context.test.ts
• nemoclaw/src/runtime-context.ts

---

📝 Walkthrough

Walkthrough

The PR renames the hook response field that carries runtime context from prependContext to prependSystemContext, clarifying that injected runtime instructions belong in system-level prompting. Implementation and test assertions are updated in lockstep.

Changes

Runtime Context Field Migration

Layer / File(s)	Summary
Hook response field rename and test validation nemoclaw/src/runtime-context.ts, nemoclaw/src/runtime-context.test.ts	registerRuntimeContext's before_prompt_build hook switches from prependContext to prependSystemContext field, signaling system-level prompt injection. Tests for default and persisted sandbox configurations are updated to validate the new field name while preserving runtime wrapper tag and policy text assertions.

Estimated Code Review Effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 A field renamed from old to new—prependSystemContext shines through!
No more context lost in the weeds,
System prompts get what they need.
Sandbox policies stay safe and sound,
In their rightful place they're now found! 🎯

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'fix(runtime): use prependSystemContext to prevent runtime instructions leaking into chat UI' is clear, specific, and directly summarizes the main change of the pull request.
Linked Issues check	✅ Passed	The pull request directly addresses issue #4019 by changing prependContext to prependSystemContext to prevent runtime instructions from appearing in the user-facing chat UI.
Out of Scope Changes check	✅ Passed	All changes are scoped to fixing the specific issue: one line in runtime-context.ts and three test assertions in runtime-context.test.ts related to the prependContext to prependSystemContext migration.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

ESLint skipped: no ESLint configuration detected in root package.json. To enable, add eslint to devDependencies.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[wscurran]

✨ Thanks for submitting this detailed PR about preventing system runtime instructions from leaking into the chat UI. This proposes a way to improve the security and usability of NemoClaw by ensuring that system-level runtime context is not displayed to the user.

---

Related open issues:

• #4019 System runtime instructions leaking into chat UI on third message