fix(policy): block POST to sentry.io to prevent multi-tenant data exfiltration (#1437)

[cv]

Summary

Closes #1437. Supersedes #1565.

• Removes the two path-scoped POST rules (/api/*/envelope/** and /api/*/store/**) from the sentry.io endpoint in the sandbox network policy
• Retains GET /** for read-only Sentry SDK paths (DSN config fetching) — GET has no request body and is bounded by URL length limits, making it harmless for bulk exfiltration
• The path-scoped POST rules were insufficient because the Sentry project ID is part of the URL and attacker-controlled — a compromised agent could POST data to any Sentry project

Credit to @ColinM-sys for the original analysis and fix in #1565.

Test plan

• Verify sentry.io endpoint in nemoclaw-blueprint/policies/openclaw-sandbox.yaml has only a GET rule, no POST
• Run npm test to confirm no test regressions
• Verify policy YAML is syntactically valid

🤖 Generated with Claude Code

Summary by CodeRabbit

• Chores
  • Modified sandbox network policies to restrict POST requests to external services, while maintaining GET access permissions.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: c2aa6f67-fb73-4e8b-84b1-3b2a4539c4ff

📥 Commits

Reviewing files that changed from the base of the PR and between e2bfdcf and 7047de6.

📒 Files selected for processing (1)

• nemoclaw-blueprint/policies/openclaw-sandbox.yaml

---

📝 Walkthrough

Walkthrough

The sandbox network policy for sentry.io is modified to restrict outbound traffic. POST requests to specific Sentry endpoints are removed, while GET access remains. This eliminates a data exfiltration vector where error reports could be sent to attacker-controlled Sentry projects.

Changes

Cohort / File(s)	Summary
Sentry Network Policy nemoclaw-blueprint/policies/openclaw-sandbox.yaml	Restricts sentry.io network access from allowing POST to /api/*/envelope/** and /api/*/store/** to only permitting GET requests. Removes ability to exfiltrate sandbox data via Sentry error reporting endpoints.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 A Sentry once stood with arms open wide,
POST requests flowing with nowhere to hide,
But we've closed the door (yet kept window pane),
Now only GET whispers, no data drain! 📬✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and concisely describes the main change: blocking POST requests to sentry.io to prevent data exfiltration. It directly reflects the primary objective of the changeset.
Linked Issues check	✅ Passed	The PR successfully addresses issue #1437 by removing POST allow rules for sentry.io while preserving GET for read-only operations, matching all stated objectives and requirements.
Out of Scope Changes check	✅ Passed	The changes are scoped exclusively to the sentry.io network policy configuration in the sandbox YAML file, with no extraneous or unrelated modifications present.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/1437-sentry-block-post-exfiltration

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cv]

Reverting to #1565 — the contributor's PR should stay open so a maintainer can review it.