diff --git a/.agents/skills/nemoclaw-user-configure-security/references/best-practices.md b/.agents/skills/nemoclaw-user-configure-security/references/best-practices.md index 9efc931035..41bb06e137 100644 --- a/.agents/skills/nemoclaw-user-configure-security/references/best-practices.md +++ b/.agents/skills/nemoclaw-user-configure-security/references/best-practices.md @@ -68,7 +68,7 @@ flowchart TB | Layer | What it protects | Enforcement point | Changeable at runtime | | --- | --- | --- | --- | | Network | Unauthorized outbound connections and data exfiltration. | OpenShell gateway | Yes. Use `openshell policy set` or operator approval. | -| Filesystem | System binary tampering, credential theft, config manipulation. | Landlock LSM + container mounts | Landlock layout: no. Requires sandbox re-creation. Config lockdown posture: yes, with host-side shields commands. | +| Filesystem | System binary tampering, credential theft, config manipulation. | Landlock LSM + container mounts | Landlock layout: no. Requires sandbox re-creation. Use host-side NemoClaw commands for durable config changes. | | Process | Privilege escalation, fork bombs, syscall abuse. | Container runtime (Docker/K8s `securityContext`) | No. Requires sandbox re-creation. | | Inference | Credential exposure, unauthorized model access, cost overruns. | OpenShell gateway | Yes. Use `nemoclaw inference set`. | diff --git a/.agents/skills/nemoclaw-user-manage-policy/SKILL.md b/.agents/skills/nemoclaw-user-manage-policy/SKILL.md index 831b38edac..bc4d0a85a8 100644 --- a/.agents/skills/nemoclaw-user-manage-policy/SKILL.md +++ b/.agents/skills/nemoclaw-user-manage-policy/SKILL.md @@ -179,7 +179,6 @@ Available presets: | `pypi` | Python Package Index | | `slack` | Slack API and webhooks | | `telegram` | Telegram Bot API | -| `wechat` | WeChat messaging | | `whatsapp` | WhatsApp Web messaging | To apply a preset to a running sandbox: diff --git a/.agents/skills/nemoclaw-user-manage-policy/references/integration-policy-examples.md b/.agents/skills/nemoclaw-user-manage-policy/references/integration-policy-examples.md index 5ab73c7c4d..f9857bc99b 100644 --- a/.agents/skills/nemoclaw-user-manage-policy/references/integration-policy-examples.md +++ b/.agents/skills/nemoclaw-user-manage-policy/references/integration-policy-examples.md @@ -50,7 +50,6 @@ NemoClaw ships maintained policy presets for common services in `nemoclaw-bluepr | Python Package Index | `pypi` | | Slack messaging | `slack` | | Telegram Bot API | `telegram` | -| WeChat messaging | `wechat` | | WhatsApp Web messaging | `whatsapp` | Preview the endpoints before applying: @@ -111,7 +110,7 @@ If delivery fails, open the TUI and send a test message to the bot: $ openshell term ``` -The matching preset for each supported messaging channel is the channel name (`telegram`, `discord`, `slack`, `wechat`, or `whatsapp`). +The matching preset for each supported messaging channel is the channel name (`telegram`, `discord`, `slack`, or `whatsapp`). ## Slack or Discord Messaging @@ -257,5 +256,5 @@ Use `nemoclaw my-assistant policy-add` for maintained NemoClaw presets. - Approve or Deny Agent Network Requests (use the `nemoclaw-user-manage-policy` skill) for the interactive OpenShell TUI flow. - Customize the Sandbox Network Policy (use the `nemoclaw-user-manage-policy` skill) for static policy edits and raw OpenShell policy files. -- Messaging Channels (use the `nemoclaw-user-manage-sandboxes` skill) for Telegram, Discord, Slack, WeChat, and WhatsApp channel configuration. +- Messaging Channels (use the `nemoclaw-user-manage-sandboxes` skill) for Telegram, Discord, Slack, and WhatsApp channel configuration. - Commands (use the `nemoclaw-user-reference` skill) for the full `policy-add`, `policy-list`, `policy-remove`, and `channels` command reference. diff --git a/.agents/skills/nemoclaw-user-manage-sandboxes/SKILL.md b/.agents/skills/nemoclaw-user-manage-sandboxes/SKILL.md index 7a5ba06fea..b923861f87 100644 --- a/.agents/skills/nemoclaw-user-manage-sandboxes/SKILL.md +++ b/.agents/skills/nemoclaw-user-manage-sandboxes/SKILL.md @@ -1,6 +1,6 @@ --- name: "nemoclaw-user-manage-sandboxes" -description: "Explains operational tasks after the quickstart: listing sandboxes, status and health checks, logs, diagnostics, port forwards, multiple sandboxes, credential reset, rebuilds, network presets, upgrades, and uninstall. Trigger keywords - manage nemoclaw sandboxes, nemoclaw status, nemoclaw list, nemoclaw dashboard port, nemoclaw rebuild, nemoclaw upgrade sandboxes, nemoclaw uninstall, nemoclaw shields, shields up, shields down, shields status, sandbox mutability, sandbox runtime configuration, sandbox lockdown, nemoclaw backup, nemoclaw restore, workspace backup, openshell sandbox download upload, nemoclaw messaging channels, nemoclaw telegram, nemoclaw discord, nemoclaw slack, nemoclaw wechat, nemoclaw whatsapp, openshell channel messaging, nemoclaw workspace files, soul.md, user.md, identity.md, agents.md, sandbox persistence." +description: "Explains operational tasks after the quickstart: listing sandboxes, status and health checks, logs, diagnostics, port forwards, multiple sandboxes, credential reset, rebuilds, network presets, upgrades, and uninstall. Trigger keywords - manage nemoclaw sandboxes, nemoclaw status, nemoclaw list, nemoclaw dashboard port, nemoclaw rebuild, nemoclaw upgrade sandboxes, nemoclaw uninstall, sandbox mutability, sandbox runtime configuration, sandbox rebuild, nemoclaw backup, nemoclaw restore, workspace backup, openshell sandbox download upload, nemoclaw messaging channels, nemoclaw telegram, nemoclaw discord, nemoclaw slack, nemoclaw whatsapp, openshell channel messaging, nemoclaw workspace files, soul.md, user.md, identity.md, agents.md, sandbox persistence." --- @@ -272,9 +272,9 @@ For a full comparison of the two forms, including what they fetch, what they tru ## References -- **Load [references/runtime-controls.md](references/runtime-controls.md)** when an operator needs to temporarily lower or restore the sandbox security posture, or when a user is trying to figure out whether a config change needs a rebuild. Single page that answers 'what can I change at runtime vs. what requires a rebuild' for NemoClaw sandboxes, and documents the operator-only shields lockdown commands (shields up, shields down with timeout/reason/policy, shields status). +- **[references/runtime-controls.md](references/runtime-controls.md)** — Single page that answers what can change at runtime versus what requires a rebuild for NemoClaw sandboxes. - **Load [references/backup-restore.md](references/backup-restore.md)** when downloading workspace files from a sandbox, uploading restored files into a new sandbox, or preserving sandbox state across rebuilds. Backs up and restores OpenClaw workspace files before destructive operations such as sandbox rebuilds. -- **Load [references/messaging-channels.md](references/messaging-channels.md)** when setting up messaging channels, chat interfaces, or integrations without relying on nemoclaw tunnel start for bridges. Explains how Telegram, Discord, Slack, WeChat, and WhatsApp reach sandboxed OpenClaw and Hermes agents through OpenShell-managed processes and NemoClaw channel commands. +- **Load [references/messaging-channels.md](references/messaging-channels.md)** when setting up messaging channels, chat interfaces, or integrations without relying on nemoclaw tunnel start for bridges. Explains how Telegram, Discord, Slack, and WhatsApp reach sandboxed OpenClaw and Hermes agents through OpenShell-managed processes and NemoClaw channel commands. - **Load [references/workspace-files.md](references/workspace-files.md)** when users ask about `SOUL.md`, `USER.md`, `IDENTITY.md`, `AGENTS.md`, or other workspace files, or when preparing to back up or restore workspace state. Explains what workspace personality and configuration files are, where they live, and how they persist across sandbox restarts. ## Related Skills diff --git a/.agents/skills/nemoclaw-user-manage-sandboxes/references/messaging-channels.md b/.agents/skills/nemoclaw-user-manage-sandboxes/references/messaging-channels.md index dc35164b36..746a9fe632 100644 --- a/.agents/skills/nemoclaw-user-manage-sandboxes/references/messaging-channels.md +++ b/.agents/skills/nemoclaw-user-manage-sandboxes/references/messaging-channels.md @@ -2,8 +2,8 @@ # Messaging Channels -Telegram, Discord, Slack, WeChat, and WhatsApp reach your OpenClaw or Hermes agent through OpenShell-managed processes and gateway constructs. -For token-based channels, NemoClaw registers credentials with OpenShell providers; WeChat captures a static token through a host-side QR scan; WhatsApp pairs inside the sandbox via QR scan and intentionally stores mutable session state there. +Telegram, Discord, Slack, and WhatsApp reach your OpenClaw or Hermes agent through OpenShell-managed processes and gateway constructs. +For token-based channels, NemoClaw registers credentials with OpenShell providers; WhatsApp pairs inside the sandbox via QR scan and intentionally stores mutable session state there. NemoClaw bakes the selected channel configuration into the sandbox image and keeps runtime delivery under OpenShell control. You can enable channels during `nemoclaw onboard` or add them later with host-side `nemoclaw channels` commands. @@ -16,7 +16,7 @@ For details, refer to Commands (use the `nemoclaw-user-reference` skill). ## Prerequisites - A machine where you can run `nemoclaw onboard` (local or remote host that runs the gateway and sandbox). -- A token for each token-based messaging platform you want to enable, or a phone you can use to scan the QR code for WeChat or WhatsApp pairing. +- A token for each token-based messaging platform you want to enable, or a phone you can use to scan the QR code for WhatsApp pairing. - A network policy preset for each enabled channel, or equivalent custom egress rules. ## Channel Requirements @@ -26,7 +26,6 @@ For details, refer to Commands (use the `nemoclaw-user-reference` skill). | Telegram | `TELEGRAM_BOT_TOKEN` | `TELEGRAM_ALLOWED_IDS` for DM allowlisting, `TELEGRAM_REQUIRE_MENTION` for group-chat replies | | Discord | `DISCORD_BOT_TOKEN` | `DISCORD_SERVER_ID`, `DISCORD_USER_ID`, `DISCORD_REQUIRE_MENTION` | | Slack | `SLACK_BOT_TOKEN`, `SLACK_APP_TOKEN` | `SLACK_ALLOWED_USERS` for DM and channel `@mention` user allowlisting | -| WeChat | Captured by host-side QR during interactive setup | `WECHAT_ALLOWED_IDS` for DM allowlisting | | WhatsApp | None. Pair via QR after rebuild | None | Telegram uses a bot token from [BotFather](https://t.me/BotFather). @@ -47,11 +46,6 @@ Use `SLACK_BOT_TOKEN` for the bot user OAuth token (`xoxb-...`) and `SLACK_APP_T Set `SLACK_ALLOWED_USERS` to comma-separated Slack member IDs to authorize those users for DMs and for channel `@mention` events in channels where the Slack app is present. Channel messages still require an explicit bot mention. -WeChat uses a host-side QR flow. -When you enable it interactively, NemoClaw shows a QR code; scan it with WeChat on your phone. -NemoClaw saves the captured token as `WECHAT_BOT_TOKEN`, stores account metadata for rebuilds, and adds the scanning user's ID to `WECHAT_ALLOWED_IDS` unless you provide an allowlist. -Fresh WeChat setup cannot run non-interactively because it requires QR login. - WhatsApp Web does not use a host-side token or OpenShell credential provider. NemoClaw advertises WhatsApp for both OpenClaw and Hermes sandboxes, and each agent completes pairing with its own in-sandbox command. Pairing happens inside the sandbox after the rebuild completes and creates mutable session credentials there. @@ -69,10 +63,9 @@ Pair only one sandbox per WhatsApp account at a time. ## Enable Channels During Onboarding -When the wizard reaches **Messaging channels**, it lists Telegram, Discord, Slack, WeChat, and WhatsApp. +When the wizard reaches **Messaging channels**, it lists Telegram, Discord, Slack, and WhatsApp. Press a channel number to toggle it on or off, then press **Enter** when done. If a token-based channel token is not already in the environment or credential store, the wizard prompts for it and saves it. -WeChat uses host-side QR pairing, so the wizard displays a QR code to scan. WhatsApp uses QR pairing instead of a host-side token, so the wizard does not prompt. It prints pairing instructions and you complete the pairing inside the sandbox after rebuild. NemoClaw also selects the matching network policy preset during policy setup so the channel can reach its provider API. @@ -112,15 +105,14 @@ Add the channel you want: $ nemoclaw my-assistant channels add telegram $ nemoclaw my-assistant channels add discord $ nemoclaw my-assistant channels add slack -$ nemoclaw my-assistant channels add wechat $ nemoclaw my-assistant channels add whatsapp ``` -`channels add` collects whatever each channel needs (token prompts for Telegram, Discord, and Slack; a host-side QR scan for WeChat; nothing for WhatsApp because pairing happens in-sandbox after rebuild), registers bridge providers with the OpenShell gateway when tokens were captured, records the channel in the sandbox registry, and asks whether to rebuild immediately. +`channels add` collects whatever each channel needs (token prompts for Telegram, Discord, and Slack; nothing for WhatsApp because pairing happens in-sandbox after rebuild), registers bridge providers with the OpenShell gateway when tokens were captured, records the channel in the sandbox registry, and asks whether to rebuild immediately. The command accepts mixed-case input such as `Telegram`, then stores and prints the canonical lowercase channel name. If a matching built-in network policy preset exists, `channels add` applies it to the sandbox automatically before the rebuild so the bridge has egress to its upstream API; if applying the preset fails, NemoClaw warns and tells you to re-apply manually with `nemoclaw policy-add ` after the rebuild. Choose the rebuild so the running sandbox image picks up the new channel. -If you need optional channel settings such as `TELEGRAM_ALLOWED_IDS`, `TELEGRAM_REQUIRE_MENTION`, `DISCORD_SERVER_ID`, `DISCORD_USER_ID`, `DISCORD_REQUIRE_MENTION`, or `WECHAT_ALLOWED_IDS`, export them before the rebuild starts. +If you need optional channel settings such as `TELEGRAM_ALLOWED_IDS`, `TELEGRAM_REQUIRE_MENTION`, `DISCORD_SERVER_ID`, `DISCORD_USER_ID`, or `DISCORD_REQUIRE_MENTION`, export them before the rebuild starts. If you defer the rebuild, apply the change later: ```console @@ -174,13 +166,13 @@ If NemoClaw only has legacy channel metadata and cannot compare credential hashe Use `channels stop` when you want to pause one bridge and keep the sandbox running. Use `nemoclaw tunnel stop` or its deprecated alias `nemoclaw stop` when you want to stop host auxiliary services and also ask NemoClaw to stop the OpenClaw gateway inside the selected sandbox. -Stopping the in-sandbox gateway stops Telegram, Discord, Slack, WeChat, and WhatsApp polling for that sandbox until you restart the sandbox or gateway. +Stopping the in-sandbox gateway stops Telegram, Discord, Slack, and WhatsApp polling for that sandbox until you restart the sandbox or gateway. ## Confirm Delivery After the sandbox is running, send a message to the configured bot or app. If delivery fails, use `openshell term` on the host, check gateway logs, and verify network policy allows the channel API. -Use the matching policy preset (`telegram`, `discord`, `slack`, `wechat`, or `whatsapp`) or review Common Integration Policy Examples (use the `nemoclaw-user-manage-policy` skill). +Use the matching policy preset (`telegram`, `discord`, `slack`, or `whatsapp`) or review Common Integration Policy Examples (use the `nemoclaw-user-manage-policy` skill). ## Tunnel Command diff --git a/.agents/skills/nemoclaw-user-manage-sandboxes/references/runtime-controls.md b/.agents/skills/nemoclaw-user-manage-sandboxes/references/runtime-controls.md index f8f234bae6..63689cb3fb 100644 --- a/.agents/skills/nemoclaw-user-manage-sandboxes/references/runtime-controls.md +++ b/.agents/skills/nemoclaw-user-manage-sandboxes/references/runtime-controls.md @@ -2,13 +2,7 @@ # Runtime Controls and Sandbox Mutability -This page is the single reference for two related operator questions about a running NemoClaw sandbox: - -1. *Which parts of my sandbox can I change while it is running, and which require a rebuild or re-onboard?* -2. *How do I temporarily lower or restore the sandbox security posture for an operator session?* - -The mutability table below answers question 1. -The shields commands answer question 2. +This page explains which parts of a running NemoClaw sandbox can change immediately and which changes require a rebuild or re-onboard. ## What you can change at runtime @@ -30,62 +24,11 @@ The table below maps each commonly changed item to the layer that owns it and th | Filesystem layout (Landlock zones, read-only mounts, container caps) | **Locked at creation** — no runtime change | Re-onboard with `nemoclaw onboard --recreate-sandbox` | | Sandbox name | **Locked at creation** | Re-onboard with a different `--name` | | GPU passthrough enable / device selector | **Locked at creation** | Re-onboard with `--gpu` / `--sandbox-gpu-device` | -| Shields posture (locked ↔ default mutable) | Runtime (operator-only) | `nemoclaw shields up` / `shields down` — see the next section | -| Agents allow-list (`agents.list` in `openclaw.json`) | Runtime — hot-reloaded by OpenClaw on config change | Edit `openclaw.json` while shields are down | -| `openclaw.json` keys (general — model, agents.list, web.backend, channel config, etc.) | Mixed: locked under `shields up`, runtime-editable under `shields down`. Individual keys still follow the rebuild rules in the rows above (e.g. provider switch requires rebuild even after editing the JSON). | `nemoclaw shields down`, edit `/opt/nemoclaw/openclaw.json` inside the sandbox, then `nemoclaw shields up` | +| Agents allow-list (`agents.list` in `openclaw.json`) | Runtime — hot-reloaded by OpenClaw on config change | Prefer agent or NemoClaw commands that keep host and sandbox state aligned | +| `openclaw.json` keys (general — model, agents.list, web.backend, channel config, etc.) | Mixed. Individual keys still follow the rebuild rules in the rows above, such as provider switch requiring rebuild even after editing the JSON. | Prefer NemoClaw host commands so the host registry and rebuilt image stay aligned | If a row above conflicts with what you observe, the runtime source of truth inside the sandbox is `/opt/nemoclaw/openclaw.json`; the host registry caches metadata but the image and OpenClaw read from the in-sandbox file. -## Shields commands - -Shields are an operator-only switch that toggles the sandbox between its default mutable state and a locked-down posture. -The sandbox itself cannot raise or lower its own shields — every transition is initiated from the host so a compromised agent cannot escape its policy by editing config. - -Three commands manage the posture. -The commands are hidden from the standard `--help` output because they are operator workflows, not developer workflows; everything below documents the full surface. - -### `shields status` - -Print the current shields mode (`mutable_default`, `locked`, or `temporarily_unlocked`), the active policy preset, and any pending automatic restore timer. - -```console -$ nemoclaw my-assistant shields status -Shields: locked -Policy: strict -Auto-restore: not scheduled (use `shields down --timeout 10m` to schedule) -``` - -### `shields up` - -Raise shields: lock `openclaw.json` (and other mutable config files) against in-sandbox edits and apply the restrictive network policy that was captured the last time the sandbox was shielded. -This is the default expected state for a sandbox the operator has handed off to an agent. - -```console -$ nemoclaw my-assistant shields up -✓ Shields raised: config locked, restrictive policy applied -``` - -`shields up` takes no flags. -If no saved snapshot exists yet (a fresh sandbox), the snapshot is taken from the current state. - -### `shields down` - -Lower shields: unlock config and apply a permissive (or operator-named) network policy so the operator can edit `openclaw.json`, swap presets, or run interactive maintenance. - -```console -$ nemoclaw my-assistant shields down --timeout 10m --reason "rotating slack token" -✓ Shields lowered for 10m (policy: permissive); auto-restore at 14:32 UTC -``` - -| Flag | Default | Effect | -|---|---|---| -| `--timeout ` | *no auto-restore* | After the duration elapses, a detached host-side timer re-runs `shields up` automatically. Accepts `5m`, `30s`, `1h`, etc. | -| `--reason ` | *empty* | Recorded in the shields audit log on the host. Required by some org policies; recommended for any cross-team session. | -| `--policy ` | `permissive` | Apply this named policy preset while shields are down instead of the default permissive set. Use a tighter preset (e.g. `messaging-only`) when the maintenance window only needs a subset of egress. | - -The auto-restore timer is detached from the `shields down` invocation — closing your terminal does not cancel the restore. -If the timer process is killed before the deadline (e.g. host reboot), `shields status` will surface the inconsistency on the next check (see #3112 for the fail-open fix). - ## See also The mutability table above is a consolidated index of information that lives in more detail on per-topic pages: diff --git a/.agents/skills/nemoclaw-user-overview/references/release-notes.md b/.agents/skills/nemoclaw-user-overview/references/release-notes.md index 3209174d61..245860654e 100644 --- a/.agents/skills/nemoclaw-user-overview/references/release-notes.md +++ b/.agents/skills/nemoclaw-user-overview/references/release-notes.md @@ -4,6 +4,21 @@ NVIDIA NemoClaw is available in early preview starting March 16, 2026. Use this page to track changes. +## v0.0.46 + +NemoClaw v0.0.46 improves Windows setup, messaging channels, Hermes sandboxes, inference routing, and command compatibility: + +- Windows users can start from the bootstrap PowerShell script, and WSL installs can accept express install to use the Windows-host Ollama path automatically. +- Messaging channels add WhatsApp support. `channels add whatsapp` records the channel, rebuilds the sandbox, and then pairs through the agent-specific QR command inside the sandbox. +- `nemoclaw exec` runs non-interactive commands inside a running sandbox through OpenShell and exits with the remote command's status. +- Hermes sandboxes can use the managed tool gateway broker for supported tool routes, and Hermes startup recovers its readiness marker more reliably. +- Compatible Anthropic endpoint setup auto-detects Amazon Bedrock Runtime endpoints and starts the local adapter needed for OpenShell routing. +- Local Ollama setup on WSL native Docker now routes through NemoClaw's authenticated proxy, and subprocesses inherit the proxy bypass settings used by onboarding. +- Model Router setup probes supported host Python interpreters and falls back to the next usable one when virtual environment creation fails. +- The NemoClaw OpenClaw plugin registers the `/nemoclaw` command again after package metadata changes, and sandbox extension backups restore compatibility with current snapshots. +- Sandbox builds patch OpenClaw's tool catalog to reduce startup latency for Nemotron-focused sandboxes. +- `nemoclaw uninstall` docs now show how to pass flags through the hosted install script form. + ## v0.0.45 NemoClaw v0.0.45 improves onboarding recovery, local inference behavior, channel cleanup, sandbox sharing diagnostics, and uninstall cleanup: diff --git a/.agents/skills/nemoclaw-user-reference/references/commands.md b/.agents/skills/nemoclaw-user-reference/references/commands.md index 6455700ca0..7be3cff477 100644 --- a/.agents/skills/nemoclaw-user-reference/references/commands.md +++ b/.agents/skills/nemoclaw-user-reference/references/commands.md @@ -587,7 +587,7 @@ $ nemoclaw my-assistant hosts-remove searxng.local ### `nemoclaw channels list` -List the messaging channels NemoClaw knows about (`telegram`, `discord`, `slack`, `wechat`, `whatsapp`) with a short description. +List the messaging channels NemoClaw knows about (`telegram`, `discord`, `slack`, `whatsapp`) with a short description. The command is a static reference; it does not consult credentials or the running sandbox. ```console @@ -600,7 +600,6 @@ Register a messaging channel with the sandbox and rebuild so the image picks up Channels fall into three login modes: - **Token paste** (`telegram`, `discord`, `slack`): the command prompts for any missing token and registers it with the OpenShell gateway. -- **Host-side QR** (`wechat`): the command runs an interactive host-side QR scan to capture a static session token, then registers it with the gateway. - **In-sandbox QR** (`whatsapp`): the command records the channel without a host-side token or OpenShell credential provider. NemoClaw advertises WhatsApp for OpenClaw and Hermes sandboxes; after rebuild, run `openclaw channels login --channel whatsapp` for OpenClaw or `hermes whatsapp` for Hermes. This intentionally leaves QR-created mutable session state in the sandbox until you unpair it or clear the durable agent state. @@ -626,7 +625,7 @@ When `NEMOCLAW_NON_INTERACTIVE=1` is set, any missing token fails fast and no re Clear the stored credentials for a messaging channel and rebuild the sandbox so the image drops the channel. Running `remove` for a channel that was never configured is a no-op against the credentials file and still triggers the rebuild prompt. When the bridge provider is attached to a live sandbox, NemoClaw detaches it before deleting the provider from the OpenShell gateway. -If the matching built-in policy preset is applied, such as `telegram`, `discord`, `slack`, `wechat`, or `whatsapp`, NemoClaw also removes that preset so the upstream API is no longer allow-listed after the channel is gone. +If the matching built-in policy preset is applied, such as `telegram`, `discord`, `slack`, or `whatsapp`, NemoClaw also removes that preset so the upstream API is no longer allow-listed after the channel is gone. ```console $ nemoclaw my-assistant channels remove telegram @@ -642,7 +641,7 @@ Host-side removal is the supported path because agent channel config is baked in ### `nemoclaw channels stop ` -Pause a single messaging bridge (`telegram`, `discord`, `slack`, `wechat`, or `whatsapp`) without clearing its credentials. +Pause a single messaging bridge (`telegram`, `discord`, `slack`, or `whatsapp`) without clearing its credentials. The channel is marked disabled in the per-sandbox registry, and the sandbox is rebuilt so the onboard step skips registering the bridge with the gateway. The provider stays registered with the OpenShell gateway, so a later `channels start` brings the bridge back without re-entering tokens. diff --git a/.agents/skills/nemoclaw-user-reference/references/network-policies.md b/.agents/skills/nemoclaw-user-reference/references/network-policies.md index fe28e71d8e..dae511f6fc 100644 --- a/.agents/skills/nemoclaw-user-reference/references/network-policies.md +++ b/.agents/skills/nemoclaw-user-reference/references/network-policies.md @@ -44,7 +44,7 @@ GitHub access (`github.com`, `api.github.com`) is not included in the baseline p Apply the `github` preset during onboarding if your agent needs GitHub access. See Customize the Network Policy (use the `nemoclaw-user-manage-policy` skill). -The baseline policy does not include messaging endpoints for Telegram, Discord, Slack, WeChat, and WhatsApp. +The baseline policy does not include messaging endpoints for Telegram, Discord, Slack, and WhatsApp. Enable the channel during onboarding or apply the matching messaging preset so the sandbox can reach that platform. @@ -58,7 +58,7 @@ The baseline policy is always applied regardless of the selected tier. |------|------------------|-------------| | Restricted | None | Base sandbox only. No third-party network access beyond inference and core agent tooling. | | Balanced (default) | `npm`, `pypi`, `huggingface`, `brew`, `brave when supported` | Full dev tooling and web search for agents that support web search. No messaging platform access. | -| Open | `npm`, `pypi`, `huggingface`, `brew`, `brave when supported`, `slack`, `discord`, `telegram`, `wechat`, `whatsapp`, `jira`, `outlook` | Broad access across third-party services including messaging and productivity. | +| Open | `npm`, `pypi`, `huggingface`, `brew`, `brave when supported`, `slack`, `discord`, `telegram`, `whatsapp`, `jira`, `outlook` | Broad access across third-party services including messaging and productivity. | After selecting a tier, a combined preset and access-mode screen lets you include or exclude individual presets and toggle each between read (GET only) and read-write (GET + POST/PUT/PATCH) access. Tier-default presets are pre-selected; additional presets can be added from the full list. diff --git a/.agents/skills/nemoclaw-user-reference/references/troubleshooting.md b/.agents/skills/nemoclaw-user-reference/references/troubleshooting.md index 33dca94423..5b309407b5 100644 --- a/.agents/skills/nemoclaw-user-reference/references/troubleshooting.md +++ b/.agents/skills/nemoclaw-user-reference/references/troubleshooting.md @@ -514,7 +514,7 @@ Follow these steps to reconnect. $ nemoclaw tunnel start ``` - OpenShell-managed channel messaging handles Telegram, Discord, Slack, WeChat, and WhatsApp at onboarding, not through a separate bridge process from `nemoclaw tunnel start`. + OpenShell-managed channel messaging handles Telegram, Discord, Slack, and WhatsApp at onboarding, not through a separate bridge process from `nemoclaw tunnel start`. To pause a single bridge without destroying the sandbox, use `nemoclaw channels stop `. **If the sandbox does not recover:** @@ -723,8 +723,8 @@ Run the equivalent host-side command instead: ```console $ nemoclaw channels list -$ nemoclaw channels add -$ nemoclaw channels remove +$ nemoclaw channels add +$ nemoclaw channels remove ``` `channels add` registers credentials with the OpenShell gateway and `channels remove` clears them; both offer to rebuild the sandbox so the image reflects the new channel set. @@ -733,7 +733,6 @@ In non-interactive mode (`NEMOCLAW_NON_INTERACTIVE=1`), the commands stage the c WhatsApp pairs entirely inside the sandbox. NemoClaw advertises WhatsApp for OpenClaw and Hermes sandboxes after you add the channel on the host. Run `openclaw channels login --channel whatsapp` inside OpenClaw sandboxes, or run `hermes whatsapp` inside Hermes sandboxes. -WeChat captures its token via a host-side QR during the host-side `nemoclaw channels add wechat` flow, so it does not need an in-sandbox `channels login` step. ### `openclaw config set` or `unset` is blocked inside the sandbox @@ -1191,7 +1190,7 @@ Skills that require macOS-only binaries cannot be enabled on Brev. Skills that require additional CLI binaries require a custom sandbox image rebuild. For credentials, use the supported host-side setup flow. -Re-run onboarding for inference or Brave Search credentials, or use `nemoclaw channels add ` for messaging channels. +Re-run onboarding for inference or Brave Search credentials, or use `nemoclaw channels add ` for messaging channels. To add a binary to the sandbox image, update the sandbox `Dockerfile.base` to install the required package, then rebuild: ```console diff --git a/docs/about/release-notes.mdx b/docs/about/release-notes.mdx index 2269c73a26..8469e5321f 100644 --- a/docs/about/release-notes.mdx +++ b/docs/about/release-notes.mdx @@ -11,6 +11,21 @@ content: --- NVIDIA NemoClaw is available in early preview starting March 16, 2026. Use this page to track changes. +## v0.0.46 + +NemoClaw v0.0.46 improves Windows setup, messaging channels, Hermes sandboxes, inference routing, and command compatibility: + +- Windows users can start from the bootstrap PowerShell script, and WSL installs can accept express install to use the Windows-host Ollama path automatically. +- Messaging channels add WhatsApp support. `channels add whatsapp` records the channel, rebuilds the sandbox, and then pairs through the agent-specific QR command inside the sandbox. +- `nemoclaw exec` runs non-interactive commands inside a running sandbox through OpenShell and exits with the remote command's status. +- Hermes sandboxes can use the managed tool gateway broker for supported tool routes, and Hermes startup recovers its readiness marker more reliably. +- Compatible Anthropic endpoint setup auto-detects Amazon Bedrock Runtime endpoints and starts the local adapter needed for OpenShell routing. +- Local Ollama setup on WSL native Docker now routes through NemoClaw's authenticated proxy, and subprocesses inherit the proxy bypass settings used by onboarding. +- Model Router setup probes supported host Python interpreters and falls back to the next usable one when virtual environment creation fails. +- The NemoClaw OpenClaw plugin registers the `/nemoclaw` command again after package metadata changes, and sandbox extension backups restore compatibility with current snapshots. +- Sandbox builds patch OpenClaw's tool catalog to reduce startup latency for Nemotron-focused sandboxes. +- `nemoclaw uninstall` docs now show how to pass flags through the hosted install script form. + ## v0.0.45 NemoClaw v0.0.45 improves onboarding recovery, local inference behavior, channel cleanup, sandbox sharing diagnostics, and uninstall cleanup: diff --git a/docs/index.mdx b/docs/index.mdx index ffac352199..405f391bc0 100644 --- a/docs/index.mdx +++ b/docs/index.mdx @@ -58,11 +58,7 @@ curl -fsSL https://www.nvidia.com/nemoclaw.sh | bash -For getting started guidance, see [Quickstart](/get-started/quickstart). - -Learn about the NemoClaw architecture in [Architecture Overview](/about/how-it-works), [Ecosystem](/about/ecosystem), and [Architecture Details](/reference/architecture). - -Find NemoClaw user skills for your host AI coding assistant in [Agent Skills](/resources/agent-skills). +For more detailed guidance on getting started, refer to [Quickstart](/get-started/quickstart). --- @@ -78,7 +74,7 @@ Learn what NemoClaw is, what capabilities it provides, and when to use it. Concept - + Understand the host CLI, plugin, blueprint, sandbox lifecycle, and protection layers. @@ -99,6 +95,76 @@ Track NemoClaw release changes and component version policy. Reference + + +Install NemoClaw, verify prerequisites, and run your first sandboxed agent. + +Guide + + + + +Choose how NemoClaw routes model requests and configures inference providers. + +Guide + + + + +Create, inspect, update, and clean up NemoClaw sandboxes. + +Guide + + + + +Approve, deny, and customize sandbox network access. + +Guide + + + + +Deploy NemoClaw to remote GPU instances and manage deployment-specific setup. + +Guide + + + + +Inspect sandbox health, logs, and agent behavior during runtime. + +Guide + + + + +Review sandbox controls, credential handling, and security trade-offs. + +Guide + + + + +Look up architecture details, CLI commands, policies, and troubleshooting guidance. + +Reference + + + + +Learn about the NemoClaw architecture, plugin structure, and blueprint design in detail. + +Reference + + + + +Use NemoClaw's packaged agent skills to guide coding assistants through common workflows. + +Resource + + diff --git a/docs/manage-sandboxes/messaging-channels.mdx b/docs/manage-sandboxes/messaging-channels.mdx index 287155e5fb..9f4e853ef8 100644 --- a/docs/manage-sandboxes/messaging-channels.mdx +++ b/docs/manage-sandboxes/messaging-channels.mdx @@ -3,16 +3,16 @@ # SPDX-License-Identifier: Apache-2.0 title: "Messaging Channels" sidebar-title: "Set Up Messaging Channels" -description: "Connect Telegram, Discord, Slack, WeChat, or WhatsApp to your sandboxed OpenClaw or Hermes agent using OpenShell-managed channel messaging." -description-agent: "Explains how Telegram, Discord, Slack, WeChat, and WhatsApp reach sandboxed OpenClaw and Hermes agents through OpenShell-managed processes and NemoClaw channel commands. Use when setting up messaging channels, chat interfaces, or integrations without relying on nemoclaw tunnel start for bridges." -keywords: ["nemoclaw messaging channels", "nemoclaw telegram", "nemoclaw discord", "nemoclaw slack", "nemoclaw wechat", "nemoclaw whatsapp", "openshell channel messaging"] +description: "Connect Telegram, Discord, Slack, or WhatsApp to your sandboxed OpenClaw or Hermes agent using OpenShell-managed channel messaging." +description-agent: "Explains how Telegram, Discord, Slack, and WhatsApp reach sandboxed OpenClaw and Hermes agents through OpenShell-managed processes and NemoClaw channel commands. Use when setting up messaging channels, chat interfaces, or integrations without relying on nemoclaw tunnel start for bridges." +keywords: ["nemoclaw messaging channels", "nemoclaw telegram", "nemoclaw discord", "nemoclaw slack", "nemoclaw whatsapp", "openshell channel messaging"] content: type: "how_to" skill: priority: 30 --- -Telegram, Discord, Slack, WeChat, and WhatsApp reach your OpenClaw or Hermes agent through OpenShell-managed processes and gateway constructs. -For token-based channels, NemoClaw registers credentials with OpenShell providers; WeChat captures a static token through a host-side QR scan; WhatsApp pairs inside the sandbox via QR scan and intentionally stores mutable session state there. +Telegram, Discord, Slack, and WhatsApp reach your OpenClaw or Hermes agent through OpenShell-managed processes and gateway constructs. +For token-based channels, NemoClaw registers credentials with OpenShell providers; WhatsApp pairs inside the sandbox via QR scan and intentionally stores mutable session state there. NemoClaw bakes the selected channel configuration into the sandbox image and keeps runtime delivery under OpenShell control. You can enable channels during `nemoclaw onboard` or add them later with host-side `nemoclaw channels` commands. @@ -25,7 +25,7 @@ For details, refer to [Commands](/reference/commands). ## Prerequisites - A machine where you can run `nemoclaw onboard` (local or remote host that runs the gateway and sandbox). -- A token for each token-based messaging platform you want to enable, or a phone you can use to scan the QR code for WeChat or WhatsApp pairing. +- A token for each token-based messaging platform you want to enable, or a phone you can use to scan the QR code for WhatsApp pairing. - A network policy preset for each enabled channel, or equivalent custom egress rules. ## Channel Requirements @@ -35,7 +35,6 @@ For details, refer to [Commands](/reference/commands). | Telegram | `TELEGRAM_BOT_TOKEN` | `TELEGRAM_ALLOWED_IDS` for DM allowlisting, `TELEGRAM_REQUIRE_MENTION` for group-chat replies | | Discord | `DISCORD_BOT_TOKEN` | `DISCORD_SERVER_ID`, `DISCORD_USER_ID`, `DISCORD_REQUIRE_MENTION` | | Slack | `SLACK_BOT_TOKEN`, `SLACK_APP_TOKEN` | `SLACK_ALLOWED_USERS` for DM and channel `@mention` user allowlisting | -| WeChat | Captured by host-side QR during interactive setup | `WECHAT_ALLOWED_IDS` for DM allowlisting | | WhatsApp | None. Pair via QR after rebuild | None | Telegram uses a bot token from [BotFather](https://t.me/BotFather). @@ -56,11 +55,6 @@ Use `SLACK_BOT_TOKEN` for the bot user OAuth token (`xoxb-...`) and `SLACK_APP_T Set `SLACK_ALLOWED_USERS` to comma-separated Slack member IDs to authorize those users for DMs and for channel `@mention` events in channels where the Slack app is present. Channel messages still require an explicit bot mention. -WeChat uses a host-side QR flow. -When you enable it interactively, NemoClaw shows a QR code; scan it with WeChat on your phone. -NemoClaw saves the captured token as `WECHAT_BOT_TOKEN`, stores account metadata for rebuilds, and adds the scanning user's ID to `WECHAT_ALLOWED_IDS` unless you provide an allowlist. -Fresh WeChat setup cannot run non-interactively because it requires QR login. - WhatsApp Web does not use a host-side token or OpenShell credential provider. NemoClaw advertises WhatsApp for both OpenClaw and Hermes sandboxes, and each agent completes pairing with its own in-sandbox command. Pairing happens inside the sandbox after the rebuild completes and creates mutable session credentials there. @@ -78,10 +72,9 @@ Pair only one sandbox per WhatsApp account at a time. ## Enable Channels During Onboarding -When the wizard reaches **Messaging channels**, it lists Telegram, Discord, Slack, WeChat, and WhatsApp. +When the wizard reaches **Messaging channels**, it lists Telegram, Discord, Slack, and WhatsApp. Press a channel number to toggle it on or off, then press **Enter** when done. If a token-based channel token is not already in the environment or credential store, the wizard prompts for it and saves it. -WeChat uses host-side QR pairing, so the wizard displays a QR code to scan. WhatsApp uses QR pairing instead of a host-side token, so the wizard does not prompt. It prints pairing instructions and you complete the pairing inside the sandbox after rebuild. NemoClaw also selects the matching network policy preset during policy setup so the channel can reach its provider API. @@ -121,15 +114,14 @@ Add the channel you want: $ nemoclaw my-assistant channels add telegram $ nemoclaw my-assistant channels add discord $ nemoclaw my-assistant channels add slack -$ nemoclaw my-assistant channels add wechat $ nemoclaw my-assistant channels add whatsapp ``` -`channels add` collects whatever each channel needs (token prompts for Telegram, Discord, and Slack; a host-side QR scan for WeChat; nothing for WhatsApp because pairing happens in-sandbox after rebuild), registers bridge providers with the OpenShell gateway when tokens were captured, records the channel in the sandbox registry, and asks whether to rebuild immediately. +`channels add` collects whatever each channel needs (token prompts for Telegram, Discord, and Slack; nothing for WhatsApp because pairing happens in-sandbox after rebuild), registers bridge providers with the OpenShell gateway when tokens were captured, records the channel in the sandbox registry, and asks whether to rebuild immediately. The command accepts mixed-case input such as `Telegram`, then stores and prints the canonical lowercase channel name. If a matching built-in network policy preset exists, `channels add` applies it to the sandbox automatically before the rebuild so the bridge has egress to its upstream API; if applying the preset fails, NemoClaw warns and tells you to re-apply manually with `nemoclaw policy-add ` after the rebuild. Choose the rebuild so the running sandbox image picks up the new channel. -If you need optional channel settings such as `TELEGRAM_ALLOWED_IDS`, `TELEGRAM_REQUIRE_MENTION`, `DISCORD_SERVER_ID`, `DISCORD_USER_ID`, `DISCORD_REQUIRE_MENTION`, or `WECHAT_ALLOWED_IDS`, export them before the rebuild starts. +If you need optional channel settings such as `TELEGRAM_ALLOWED_IDS`, `TELEGRAM_REQUIRE_MENTION`, `DISCORD_SERVER_ID`, `DISCORD_USER_ID`, or `DISCORD_REQUIRE_MENTION`, export them before the rebuild starts. If you defer the rebuild, apply the change later: ```console @@ -183,13 +175,13 @@ If NemoClaw only has legacy channel metadata and cannot compare credential hashe Use `channels stop` when you want to pause one bridge and keep the sandbox running. Use `nemoclaw tunnel stop` or its deprecated alias `nemoclaw stop` when you want to stop host auxiliary services and also ask NemoClaw to stop the OpenClaw gateway inside the selected sandbox. -Stopping the in-sandbox gateway stops Telegram, Discord, Slack, WeChat, and WhatsApp polling for that sandbox until you restart the sandbox or gateway. +Stopping the in-sandbox gateway stops Telegram, Discord, Slack, and WhatsApp polling for that sandbox until you restart the sandbox or gateway. ## Confirm Delivery After the sandbox is running, send a message to the configured bot or app. If delivery fails, use `openshell term` on the host, check gateway logs, and verify network policy allows the channel API. -Use the matching policy preset (`telegram`, `discord`, `slack`, `wechat`, or `whatsapp`) or review [Common Integration Policy Examples](/network-policy/integration-policy-examples). +Use the matching policy preset (`telegram`, `discord`, `slack`, or `whatsapp`) or review [Common Integration Policy Examples](/network-policy/integration-policy-examples). ## Tunnel Command diff --git a/docs/manage-sandboxes/runtime-controls.mdx b/docs/manage-sandboxes/runtime-controls.mdx index c779273ae2..177dd987d0 100644 --- a/docs/manage-sandboxes/runtime-controls.mdx +++ b/docs/manage-sandboxes/runtime-controls.mdx @@ -3,21 +3,15 @@ # SPDX-License-Identifier: Apache-2.0 title: "Runtime Controls and Sandbox Mutability" sidebar-title: "Runtime Controls" -description: "Consolidated reference for what you can change on a running NemoClaw sandbox, what requires rebuild or re-onboard, and the operator-only `shields up` / `shields down` / `shields status` commands." -description-agent: "Single page that answers 'what can I change at runtime vs. what requires a rebuild' for NemoClaw sandboxes, and documents the operator-only shields lockdown commands (shields up, shields down with timeout/reason/policy, shields status). Use when an operator needs to temporarily lower or restore the sandbox security posture, or when a user is trying to figure out whether a config change needs a rebuild." -keywords: ["nemoclaw shields", "shields up", "shields down", "shields status", "sandbox mutability", "sandbox runtime configuration", "sandbox lockdown"] +description: "Consolidated reference for what you can change on a running NemoClaw sandbox and what requires rebuild or re-onboard." +description-agent: "Single page that answers what can change at runtime versus what requires a rebuild for NemoClaw sandboxes." +keywords: ["sandbox mutability", "sandbox runtime configuration", "sandbox rebuild"] content: type: "how_to" skill: priority: 10 --- -This page is the single reference for two related operator questions about a running NemoClaw sandbox: - -1. *Which parts of my sandbox can I change while it is running, and which require a rebuild or re-onboard?* -2. *How do I temporarily lower or restore the sandbox security posture for an operator session?* - -The mutability table below answers question 1. -The shields commands answer question 2. +This page explains which parts of a running NemoClaw sandbox can change immediately and which changes require a rebuild or re-onboard. ## What you can change at runtime @@ -39,62 +33,11 @@ The table below maps each commonly changed item to the layer that owns it and th | Filesystem layout (Landlock zones, read-only mounts, container caps) | **Locked at creation** — no runtime change | Re-onboard with `nemoclaw onboard --recreate-sandbox` | | Sandbox name | **Locked at creation** | Re-onboard with a different `--name` | | GPU passthrough enable / device selector | **Locked at creation** | Re-onboard with `--gpu` / `--sandbox-gpu-device` | -| Shields posture (locked ↔ default mutable) | Runtime (operator-only) | `nemoclaw shields up` / `shields down` — see the next section | -| Agents allow-list (`agents.list` in `openclaw.json`) | Runtime — hot-reloaded by OpenClaw on config change | Edit `openclaw.json` while shields are down | -| `openclaw.json` keys (general — model, agents.list, web.backend, channel config, etc.) | Mixed: locked under `shields up`, runtime-editable under `shields down`. Individual keys still follow the rebuild rules in the rows above (e.g. provider switch requires rebuild even after editing the JSON). | `nemoclaw shields down`, edit `/opt/nemoclaw/openclaw.json` inside the sandbox, then `nemoclaw shields up` | +| Agents allow-list (`agents.list` in `openclaw.json`) | Runtime — hot-reloaded by OpenClaw on config change | Prefer agent or NemoClaw commands that keep host and sandbox state aligned | +| `openclaw.json` keys (general — model, agents.list, web.backend, channel config, etc.) | Mixed. Individual keys still follow the rebuild rules in the rows above, such as provider switch requiring rebuild even after editing the JSON. | Prefer NemoClaw host commands so the host registry and rebuilt image stay aligned | If a row above conflicts with what you observe, the runtime source of truth inside the sandbox is `/opt/nemoclaw/openclaw.json`; the host registry caches metadata but the image and OpenClaw read from the in-sandbox file. -## Shields commands - -Shields are an operator-only switch that toggles the sandbox between its default mutable state and a locked-down posture. -The sandbox itself cannot raise or lower its own shields — every transition is initiated from the host so a compromised agent cannot escape its policy by editing config. - -Three commands manage the posture. -The commands are hidden from the standard `--help` output because they are operator workflows, not developer workflows; everything below documents the full surface. - -### `shields status` - -Print the current shields mode (`mutable_default`, `locked`, or `temporarily_unlocked`), the active policy preset, and any pending automatic restore timer. - -```console -$ nemoclaw my-assistant shields status -Shields: locked -Policy: strict -Auto-restore: not scheduled (use `shields down --timeout 10m` to schedule) -``` - -### `shields up` - -Raise shields: lock `openclaw.json` (and other mutable config files) against in-sandbox edits and apply the restrictive network policy that was captured the last time the sandbox was shielded. -This is the default expected state for a sandbox the operator has handed off to an agent. - -```console -$ nemoclaw my-assistant shields up -✓ Shields raised: config locked, restrictive policy applied -``` - -`shields up` takes no flags. -If no saved snapshot exists yet (a fresh sandbox), the snapshot is taken from the current state. - -### `shields down` - -Lower shields: unlock config and apply a permissive (or operator-named) network policy so the operator can edit `openclaw.json`, swap presets, or run interactive maintenance. - -```console -$ nemoclaw my-assistant shields down --timeout 10m --reason "rotating slack token" -✓ Shields lowered for 10m (policy: permissive); auto-restore at 14:32 UTC -``` - -| Flag | Default | Effect | -|---|---|---| -| `--timeout ` | *no auto-restore* | After the duration elapses, a detached host-side timer re-runs `shields up` automatically. Accepts `5m`, `30s`, `1h`, etc. | -| `--reason ` | *empty* | Recorded in the shields audit log on the host. Required by some org policies; recommended for any cross-team session. | -| `--policy ` | `permissive` | Apply this named policy preset while shields are down instead of the default permissive set. Use a tighter preset (e.g. `messaging-only`) when the maintenance window only needs a subset of egress. | - -The auto-restore timer is detached from the `shields down` invocation — closing your terminal does not cancel the restore. -If the timer process is killed before the deadline (e.g. host reboot), `shields status` will surface the inconsistency on the next check (see #3112 for the fail-open fix). - ## See also The mutability table above is a consolidated index of information that lives in more detail on per-topic pages: diff --git a/docs/network-policy/customize-network-policy.mdx b/docs/network-policy/customize-network-policy.mdx index 5500842b8d..bb8d071a6b 100644 --- a/docs/network-policy/customize-network-policy.mdx +++ b/docs/network-policy/customize-network-policy.mdx @@ -183,7 +183,6 @@ Available presets: | `pypi` | Python Package Index | | `slack` | Slack API and webhooks | | `telegram` | Telegram Bot API | -| `wechat` | WeChat messaging | | `whatsapp` | WhatsApp Web messaging | To apply a preset to a running sandbox: diff --git a/docs/network-policy/integration-policy-examples.mdx b/docs/network-policy/integration-policy-examples.mdx index fd6d42520f..debd07fb58 100644 --- a/docs/network-policy/integration-policy-examples.mdx +++ b/docs/network-policy/integration-policy-examples.mdx @@ -65,7 +65,6 @@ NemoClaw ships maintained policy presets for common services in `nemoclaw-bluepr | Python Package Index | `pypi` | | Slack messaging | `slack` | | Telegram Bot API | `telegram` | -| WeChat messaging | `wechat` | | WhatsApp Web messaging | `whatsapp` | Preview the endpoints before applying: @@ -126,7 +125,7 @@ If delivery fails, open the TUI and send a test message to the bot: $ openshell term ``` -The matching preset for each supported messaging channel is the channel name (`telegram`, `discord`, `slack`, `wechat`, or `whatsapp`). +The matching preset for each supported messaging channel is the channel name (`telegram`, `discord`, `slack`, or `whatsapp`). ## Slack or Discord Messaging @@ -272,5 +271,5 @@ Use `nemoclaw my-assistant policy-add` for maintained NemoClaw presets. - [Approve or Deny Agent Network Requests](/network-policy/approve-network-requests) for the interactive OpenShell TUI flow. - [Customize the Sandbox Network Policy](/network-policy/customize-network-policy) for static policy edits and raw OpenShell policy files. -- [Messaging Channels](/manage-sandboxes/messaging-channels) for Telegram, Discord, Slack, WeChat, and WhatsApp channel configuration. +- [Messaging Channels](/manage-sandboxes/messaging-channels) for Telegram, Discord, Slack, and WhatsApp channel configuration. - [Commands](/reference/commands) for the full `policy-add`, `policy-list`, `policy-remove`, and `channels` command reference. diff --git a/docs/project.json b/docs/project.json index ac6de3af67..beaadfbf23 100644 --- a/docs/project.json +++ b/docs/project.json @@ -1 +1 @@ -{"name": "nemoclaw", "version": "0.0.45"} +{"name": "nemoclaw", "version": "0.0.46"} diff --git a/docs/reference/architecture.mdx b/docs/reference/architecture.mdx index ab41177238..0bde7c8a6c 100644 --- a/docs/reference/architecture.mdx +++ b/docs/reference/architecture.mdx @@ -1,8 +1,8 @@ --- # SPDX-FileCopyrightText: Copyright (c) 2026 NVIDIA CORPORATION & AFFILIATES. All rights reserved. # SPDX-License-Identifier: Apache-2.0 -title: "Architecture" -sidebar-title: "Architecture" +title: "Architecture Details" +sidebar-title: "Architecture Details" description: "Learn how NemoClaw combines a host CLI, sandbox plugin, and versioned blueprint to move OpenClaw into a controlled sandbox." description-agent: "Describes the NemoClaw plugin and blueprint architecture and how they orchestrate the OpenClaw sandbox. Use when looking up architecture, plugin structure, or blueprint design." keywords: ["nemoclaw architecture", "nemoclaw plugin blueprint structure"] diff --git a/docs/reference/commands.mdx b/docs/reference/commands.mdx index 090df528f7..8c1028330c 100644 --- a/docs/reference/commands.mdx +++ b/docs/reference/commands.mdx @@ -594,7 +594,7 @@ $ nemoclaw my-assistant hosts-remove searxng.local ### `nemoclaw channels list` -List the messaging channels NemoClaw knows about (`telegram`, `discord`, `slack`, `wechat`, `whatsapp`) with a short description. +List the messaging channels NemoClaw knows about (`telegram`, `discord`, `slack`, `whatsapp`) with a short description. The command is a static reference; it does not consult credentials or the running sandbox. ```console @@ -607,7 +607,6 @@ Register a messaging channel with the sandbox and rebuild so the image picks up Channels fall into three login modes: - **Token paste** (`telegram`, `discord`, `slack`): the command prompts for any missing token and registers it with the OpenShell gateway. -- **Host-side QR** (`wechat`): the command runs an interactive host-side QR scan to capture a static session token, then registers it with the gateway. - **In-sandbox QR** (`whatsapp`): the command records the channel without a host-side token or OpenShell credential provider. NemoClaw advertises WhatsApp for OpenClaw and Hermes sandboxes; after rebuild, run `openclaw channels login --channel whatsapp` for OpenClaw or `hermes whatsapp` for Hermes. This intentionally leaves QR-created mutable session state in the sandbox until you unpair it or clear the durable agent state. @@ -633,7 +632,7 @@ When `NEMOCLAW_NON_INTERACTIVE=1` is set, any missing token fails fast and no re Clear the stored credentials for a messaging channel and rebuild the sandbox so the image drops the channel. Running `remove` for a channel that was never configured is a no-op against the credentials file and still triggers the rebuild prompt. When the bridge provider is attached to a live sandbox, NemoClaw detaches it before deleting the provider from the OpenShell gateway. -If the matching built-in policy preset is applied, such as `telegram`, `discord`, `slack`, `wechat`, or `whatsapp`, NemoClaw also removes that preset so the upstream API is no longer allow-listed after the channel is gone. +If the matching built-in policy preset is applied, such as `telegram`, `discord`, `slack`, or `whatsapp`, NemoClaw also removes that preset so the upstream API is no longer allow-listed after the channel is gone. ```console $ nemoclaw my-assistant channels remove telegram @@ -649,7 +648,7 @@ Host-side removal is the supported path because agent channel config is baked in ### `nemoclaw channels stop ` -Pause a single messaging bridge (`telegram`, `discord`, `slack`, `wechat`, or `whatsapp`) without clearing its credentials. +Pause a single messaging bridge (`telegram`, `discord`, `slack`, or `whatsapp`) without clearing its credentials. The channel is marked disabled in the per-sandbox registry, and the sandbox is rebuilt so the onboard step skips registering the bridge with the gateway. The provider stays registered with the OpenShell gateway, so a later `channels start` brings the bridge back without re-entering tokens. diff --git a/docs/reference/network-policies.mdx b/docs/reference/network-policies.mdx index faa011ed68..19dc4cc295 100644 --- a/docs/reference/network-policies.mdx +++ b/docs/reference/network-policies.mdx @@ -50,7 +50,7 @@ GitHub access (`github.com`, `api.github.com`) is not included in the baseline p Apply the `github` preset during onboarding if your agent needs GitHub access. See [Customize the Network Policy](/network-policy/customize-network-policy). -The baseline policy does not include messaging endpoints for Telegram, Discord, Slack, WeChat, and WhatsApp. +The baseline policy does not include messaging endpoints for Telegram, Discord, Slack, and WhatsApp. Enable the channel during onboarding or apply the matching messaging preset so the sandbox can reach that platform. @@ -64,7 +64,7 @@ The baseline policy is always applied regardless of the selected tier. |------|------------------|-------------| | Restricted | None | Base sandbox only. No third-party network access beyond inference and core agent tooling. | | Balanced (default) | `npm`, `pypi`, `huggingface`, `brew`, `brave when supported` | Full dev tooling and web search for agents that support web search. No messaging platform access. | -| Open | `npm`, `pypi`, `huggingface`, `brew`, `brave when supported`, `slack`, `discord`, `telegram`, `wechat`, `whatsapp`, `jira`, `outlook` | Broad access across third-party services including messaging and productivity. | +| Open | `npm`, `pypi`, `huggingface`, `brew`, `brave when supported`, `slack`, `discord`, `telegram`, `whatsapp`, `jira`, `outlook` | Broad access across third-party services including messaging and productivity. | After selecting a tier, a combined preset and access-mode screen lets you include or exclude individual presets and toggle each between read (GET only) and read-write (GET + POST/PUT/PATCH) access. Tier-default presets are pre-selected; additional presets can be added from the full list. diff --git a/docs/reference/troubleshooting.mdx b/docs/reference/troubleshooting.mdx index 20d82351cb..e6b11aab8f 100644 --- a/docs/reference/troubleshooting.mdx +++ b/docs/reference/troubleshooting.mdx @@ -526,7 +526,7 @@ Follow these steps to reconnect. $ nemoclaw tunnel start ``` - OpenShell-managed channel messaging handles Telegram, Discord, Slack, WeChat, and WhatsApp at onboarding, not through a separate bridge process from `nemoclaw tunnel start`. + OpenShell-managed channel messaging handles Telegram, Discord, Slack, and WhatsApp at onboarding, not through a separate bridge process from `nemoclaw tunnel start`. To pause a single bridge without destroying the sandbox, use `nemoclaw channels stop `. @@ -736,8 +736,8 @@ Run the equivalent host-side command instead: ```console $ nemoclaw channels list -$ nemoclaw channels add -$ nemoclaw channels remove +$ nemoclaw channels add +$ nemoclaw channels remove ``` `channels add` registers credentials with the OpenShell gateway and `channels remove` clears them; both offer to rebuild the sandbox so the image reflects the new channel set. @@ -746,7 +746,6 @@ In non-interactive mode (`NEMOCLAW_NON_INTERACTIVE=1`), the commands stage the c WhatsApp pairs entirely inside the sandbox. NemoClaw advertises WhatsApp for OpenClaw and Hermes sandboxes after you add the channel on the host. Run `openclaw channels login --channel whatsapp` inside OpenClaw sandboxes, or run `hermes whatsapp` inside Hermes sandboxes. -WeChat captures its token via a host-side QR during the host-side `nemoclaw channels add wechat` flow, so it does not need an in-sandbox `channels login` step. ### `openclaw config set` or `unset` is blocked inside the sandbox @@ -1202,7 +1201,7 @@ Skills that require macOS-only binaries cannot be enabled on Brev. Skills that require additional CLI binaries require a custom sandbox image rebuild. For credentials, use the supported host-side setup flow. -Re-run onboarding for inference or Brave Search credentials, or use `nemoclaw channels add ` for messaging channels. +Re-run onboarding for inference or Brave Search credentials, or use `nemoclaw channels add ` for messaging channels. To add a binary to the sandbox image, update the sandbox `Dockerfile.base` to install the required package, then rebuild: ```console diff --git a/docs/security/best-practices.mdx b/docs/security/best-practices.mdx index 208c806e42..79334d2c61 100644 --- a/docs/security/best-practices.mdx +++ b/docs/security/best-practices.mdx @@ -82,7 +82,7 @@ flowchart TB | Layer | What it protects | Enforcement point | Changeable at runtime | | --- | --- | --- | --- | | Network | Unauthorized outbound connections and data exfiltration. | OpenShell gateway | Yes. Use `openshell policy set` or operator approval. | -| Filesystem | System binary tampering, credential theft, config manipulation. | Landlock LSM + container mounts | Landlock layout: no. Requires sandbox re-creation. Config lockdown posture: yes, with host-side shields commands. | +| Filesystem | System binary tampering, credential theft, config manipulation. | Landlock LSM + container mounts | Landlock layout: no. Requires sandbox re-creation. Use host-side NemoClaw commands for durable config changes. | | Process | Privilege escalation, fork bombs, syscall abuse. | Container runtime (Docker/K8s `securityContext`) | No. Requires sandbox re-creation. | | Inference | Credential exposure, unauthorized model access, cost overruns. | OpenShell gateway | Yes. Use `nemoclaw inference set`. | diff --git a/docs/versions1.json b/docs/versions1.json index 69a59569d1..ba91905347 100644 --- a/docs/versions1.json +++ b/docs/versions1.json @@ -1,6 +1,10 @@ [ { "preferred": true, + "version": "0.0.46", + "url": "https://docs.nvidia.com/nemoclaw/0.0.46/" + }, + { "version": "0.0.45", "url": "https://docs.nvidia.com/nemoclaw/0.0.45/" },