From 574d9fee52966cc4d29f01aec93cc20c9766671c Mon Sep 17 00:00:00 2001 From: Miyoung Choi Date: Wed, 3 Jun 2026 09:27:46 -0700 Subject: [PATCH] docs: refresh 0.0.57 release docs --- .../nemoclaw-user-agent-skills/SKILL.md | 10 +- .../SKILL.md | 335 +++- .../references/inference-options.md | 64 +- .../references/set-up-sub-agent.md | 30 +- .../references/switch-inference-providers.md | 303 +++- .../references/tool-calling-reliability.md | 56 +- .../references/best-practices.md | 99 +- .../references/credential-storage.md | 87 +- .../references/openclaw-controls.md | 8 +- .../nemoclaw-user-deploy-remote/SKILL.md | 92 +- .../references/brev-web-ui.md | 10 +- .../references/install-openclaw-plugins.md | 52 +- .../references/sandbox-hardening.md | 48 +- .../skills/nemoclaw-user-get-started/SKILL.md | 37 +- .../references/prerequisites.md | 20 +- .../references/quickstart-hermes.md | 75 +- .../references/windows-preparation.md | 46 +- .../nemoclaw-user-manage-policy/SKILL.md | 203 ++- .../references/approve-network-requests.md | 12 +- .../references/integration-policy-examples.md | 395 +++- .../nemoclaw-user-manage-sandboxes/SKILL.md | 382 +++- .../references/backup-restore.md | 233 ++- .../references/install-plugins-hermes.md | 116 ++ .../references/messaging-channels.md | 293 ++- .../references/runtime-controls.md | 78 +- .../references/workspace-files.md | 49 +- .../nemoclaw-user-monitor-sandbox/SKILL.md | 88 +- .../skills/nemoclaw-user-overview/SKILL.md | 3 +- .../references/ecosystem-hermes.md | 95 + .../references/ecosystem.md | 14 +- .../references/how-it-works.md | 61 +- .../references/overview.md | 32 +- .../references/release-notes.md | 31 +- .../skills/nemoclaw-user-reference/SKILL.md | 7 +- .../references/architecture.md | 76 +- .../references/cli-selection-guide.md | 112 +- .../references/commands-nemohermes.md | 1602 +++++++++++++++++ .../references/commands.md | 820 ++++++--- .../references/network-policies.md | 23 +- .../references/troubleshooting.md | 404 +++-- docs/about/release-notes.mdx | 11 + docs/inference/switch-inference-providers.mdx | 12 + docs/manage-sandboxes/lifecycle.mdx | 2 + docs/manage-sandboxes/messaging-channels.mdx | 4 + docs/reference/architecture.mdx | 2 +- docs/reference/network-policies.mdx | 2 +- 46 files changed, 5131 insertions(+), 1403 deletions(-) create mode 100644 .agents/skills/nemoclaw-user-manage-sandboxes/references/install-plugins-hermes.md create mode 100644 .agents/skills/nemoclaw-user-overview/references/ecosystem-hermes.md create mode 100644 .agents/skills/nemoclaw-user-reference/references/commands-nemohermes.md diff --git a/.agents/skills/nemoclaw-user-agent-skills/SKILL.md b/.agents/skills/nemoclaw-user-agent-skills/SKILL.md index 1d87704186..bc00725e15 100644 --- a/.agents/skills/nemoclaw-user-agent-skills/SKILL.md +++ b/.agents/skills/nemoclaw-user-agent-skills/SKILL.md @@ -26,11 +26,11 @@ This page is for users who installed NemoClaw with the installer and do not have Fetch only the skills from the NemoClaw repository without downloading the full source tree. -```console -$ git clone --filter=blob:none --no-checkout https://github.com/NVIDIA/NemoClaw.git -$ cd NemoClaw -$ git sparse-checkout set --no-cone '/.agents/skills/nemoclaw-user-*/**' '/.agents/skills/nemoclaw-skills-guide/**' '/.claude/**' '/AGENTS.md' '/CLAUDE.md' -$ git checkout +```bash +git clone --filter=blob:none --no-checkout https://github.com/NVIDIA/NemoClaw.git +cd NemoClaw +git sparse-checkout set --no-cone '/.agents/skills/nemoclaw-user-*/**' '/.agents/skills/nemoclaw-skills-guide/**' '/.claude/**' '/AGENTS.md' '/CLAUDE.md' +git checkout ``` Open the `NemoClaw` directory in your AI coding assistant. diff --git a/.agents/skills/nemoclaw-user-configure-inference/SKILL.md b/.agents/skills/nemoclaw-user-configure-inference/SKILL.md index af6255ceda..3644caced4 100644 --- a/.agents/skills/nemoclaw-user-configure-inference/SKILL.md +++ b/.agents/skills/nemoclaw-user-configure-inference/SKILL.md @@ -15,9 +15,14 @@ license: "Apache-2.0" ## Prerequisites -- NemoClaw installed. + + +- NemoClaw installed. Refer to the Quickstart (use the `nemoclaw-user-get-started` skill) if you have not installed yet. +- NemoClaw installed. Refer to Quickstart with Hermes (use the `nemoclaw-user-get-started` skill) if you have not installed yet. - A local model server running, or a supported Ollama, vLLM, or NIM setup that the NemoClaw onboard wizard can use, start, or install. +import { AgentOnly } from "../_components/AgentGuide"; + NemoClaw can route inference to a model server running on your machine instead of a cloud API. This page covers Ollama, compatible-endpoint paths for other servers, and experimental managed options for vLLM and NVIDIA NIM. @@ -28,13 +33,14 @@ OpenShell intercepts inference traffic and forwards it to the local endpoint you ## Ollama Ollama is the default local inference option. -The onboard wizard detects Ollama automatically when it is installed or running on the host. +The onboard wizard detects Ollama automatically when you have installed it or started it on the host. -If Ollama is installed but not running, NemoClaw starts it for you. +If you installed Ollama but have not started it, NemoClaw starts it for you. On macOS and Linux, the wizard can also offer to install Ollama when it is not present. When the host Ollama is below the minimum version NemoClaw expects for its starter models (currently `0.7.0`), the wizard surfaces an explicit **Upgrade Ollama** entry in the provider menu instead of silently reusing the older daemon, and the express setup path resolves to that entry. The wizard inspects both the CLI binary (`ollama --version`) and the locally running daemon (`/api/version` on `:11434`) so the upgrade entry still appears when only one side is stale, for example a fresh user-local binary paired with the original system daemon. -The gate skips Windows-host Ollama reached from WSL via `host.docker.internal`; the separate **Use / Start / Install Ollama on Windows host** entries handle that case and run their own actions on the Windows side. +The gate skips Windows-host Ollama reached from WSL through `host.docker.internal`. +The separate **Use / Start / Install Ollama on Windows host** entries handle that case and run their own actions on the Windows side. On macOS, the wizard runs the platform install or upgrade path with `brew upgrade ollama`. On Linux, the wizard runs the official `https://ollama.com/install.sh` path. Upgrades on Linux always take the sudo-driven system path because the sudo-free user-local fallback would leave the existing system daemon on `:11434` serving the stale binary. @@ -45,7 +51,7 @@ On WSL, the wizard can use, start, restart, or install Ollama on the Windows hos ### Linux Install Modes -On native Linux, the install path picks between a system install (under `/usr/local`, via the official `https://ollama.com/install.sh`) and a sudo-free user-local install (under `${HOME}/.local`). +On native Linux, the install path picks between a system install (under `/usr/local`, using the official `https://ollama.com/install.sh`) and a sudo-free user-local install (under `${HOME}/.local`). NemoClaw selects the mode automatically: - Running as root or with passwordless sudo (`sudo -n true` returns 0) selects the system install. @@ -56,21 +62,30 @@ NemoClaw selects the mode automatically: Override the detection with `NEMOCLAW_OLLAMA_INSTALL_MODE=system` or `NEMOCLAW_OLLAMA_INSTALL_MODE=user`. The user-local install replicates only the binary extraction step of the official installer. -It downloads the release tarball, extracts it to `${HOME}/.local`, and launches `${HOME}/.local/bin/ollama serve` once. -It does not configure a systemd service, does not create the `ollama` system user, and does not install CUDA drivers, so the daemon must be relaunched manually after a reboot. +It downloads the release tarball, extracts it to `${HOME}/.local`, and launches `${HOME}/.local/bin/ollama serve` one time. +It does not configure a systemd service, does not create the `ollama` system user, and does not install CUDA drivers, so you must relaunch the daemon manually after a reboot. NemoClaw also prints a one-line `PATH` hint if `${HOME}/.local/bin` is not already on your `PATH`; you can add `export PATH="${HOME}/.local/bin:$PATH"` to your shell profile to invoke `ollama` directly. Both modes rely on `zstd` for archive extraction. On Debian and Ubuntu, the system path uses `sudo apt-get` to install `zstd` automatically and explains the prompt before continuing. -The user-local path cannot bootstrap system packages without elevation, so if `zstd` is missing it prints per-distro install hints and exits — install `zstd` manually, then rerun onboarding. +The user-local path cannot bootstrap system packages without elevation. +If `zstd` is missing, it prints per-distro install hints and exits. +Install `zstd` manually, then rerun onboarding. Run the onboard wizard. -```console -$ nemoclaw onboard + +```bash +nemoclaw onboard +``` + + +```bash +nemohermes onboard ``` + Select **Local Ollama** from the provider list. -NemoClaw lists installed models or offers starter models if none are installed. +NemoClaw lists installed models or offers starter models if you have not installed any. On hosts where the larger starter models fit the currently available GPU memory, the starter list includes `qwen3.6:35b` and selects it by default. When another GPU workload is using most of the memory at onboard time, NemoClaw downgrades the menu to the largest model that still fits. It pulls the selected model, loads it into memory, and validates it before continuing. @@ -86,8 +101,8 @@ On WSL, if you choose the Windows-host Ollama path, NemoClaw uses `host.docker.i When NemoClaw runs inside WSL, the provider menu can include Windows-host Ollama actions: - Use Ollama on Windows host when the Windows daemon is already reachable. -- Restart Ollama on Windows host when the daemon is installed but only bound to Windows loopback. -- Start Ollama on Windows host when Ollama is installed but not running. +- Restart Ollama on Windows host when you installed the daemon but bound it only to Windows loopback. +- Start Ollama on Windows host when you installed Ollama but have not started it. - Install Ollama on Windows host when Windows does not have Ollama installed. The install and restart paths set `OLLAMA_HOST=0.0.0.0:11434` on the Windows side so Docker and WSL can reach the daemon through `host.docker.internal`. @@ -113,8 +128,7 @@ tool, switch to vLLM with `--enable-auto-tool-choice` and the correct On non-WSL hosts, NemoClaw keeps Ollama bound to `127.0.0.1:11434` and starts a token-gated reverse proxy on `0.0.0.0:11435`. The native install/start paths also reset NemoClaw-managed systemd launches to the loopback binding. -Containers and other hosts on the local network reach Ollama only through the -proxy, which validates a Bearer token before forwarding requests. +Containers and other hosts on the local network reach Ollama only through the proxy, which validates a Bearer token before forwarding requests. On that native path, NemoClaw never exposes Ollama without authentication. WSL Ollama paths do not use this proxy. @@ -134,22 +148,27 @@ For non-WSL Ollama setups, the onboard wizard manages the proxy automatically: On native Linux hosts, a firewall can allow the host proxy health check while still blocking sandbox containers on the OpenShell Docker bridge. When the sandbox-side proxy probe fails with a TCP error, onboarding exits before it saves the inference route and prints a command like: -```console -$ sudo ufw allow from to any port 11435 proto tcp -$ nemoclaw onboard + +```bash +sudo ufw allow from to any port 11435 proto tcp +nemoclaw onboard ``` + + +```bash +sudo ufw allow from to any port 11435 proto tcp +nemohermes onboard +``` + If the probe cannot run, for example because Docker Desktop or WSL uses a different host routing model, onboarding continues and relies on the regular proxy health check. -The sandbox provider is configured to use proxy port `11435` with the generated -token as its `OPENAI_API_KEY` credential. -OpenShell's L7 proxy injects the token at egress, so the agent inside the -sandbox never sees the token directly. +NemoClaw configures the sandbox provider to use proxy port `11435` with the generated token as its `OPENAI_API_KEY` credential. +OpenShell's L7 proxy injects the token at egress, so the agent inside the sandbox never sees the token directly. All proxy endpoints require the Bearer token, including `GET /api/tags`. -Internal health and reachability checks run via the proxy treat any HTTP -response (including `401`) as proof the proxy is alive — they only fail -when nothing answers at all. +Internal health and reachability checks run through the proxy treat any HTTP response, including `401`, as proof the proxy is alive. +They fail only when nothing answers at all. If Ollama is already running on a non-loopback address when you start onboard, the wizard restarts it on `127.0.0.1:11434` so the proxy is the only network @@ -163,18 +182,28 @@ This does not delete downloaded model files. ### Non-Interactive Setup -```console -$ NEMOCLAW_PROVIDER=ollama \ + +```bash +NEMOCLAW_PROVIDER=ollama \ NEMOCLAW_MODEL=qwen2.5:14b \ nemoclaw onboard --non-interactive --yes ``` + + +```bash +NEMOCLAW_PROVIDER=ollama \ + NEMOCLAW_MODEL=qwen2.5:14b \ + nemohermes onboard --non-interactive --yes +``` + If `NEMOCLAW_MODEL` is not set, NemoClaw selects a default model based on available memory. If `NEMOCLAW_MODEL` names a known bootstrap model (for example `qwen3.6:35b`) that does not fit the host's currently available GPU memory, NemoClaw warns and falls back to the largest known model that does fit. Unknown or custom tags (any value the bootstrap registry has not seen) are still passed through; the Ollama runner validates the choice itself. -`--yes` (or `NEMOCLAW_YES=1`) authorises the Ollama model download without an interactive confirmation prompt. -Under `--non-interactive`, `--yes` (or `NEMOCLAW_YES=1`) is required to authorise the download — onboard exits otherwise, since it cannot prompt. +`--yes` (or `NEMOCLAW_YES=1`) authorizes the Ollama model download without an interactive confirmation prompt. +Under `--non-interactive`, include `--yes` (or `NEMOCLAW_YES=1`) to authorize the download. +Onboard exits otherwise because it cannot prompt. Run onboard without `--non-interactive` to get the interactive `[y/N]` prompt that shows the model size before downloading. | Variable | Purpose | @@ -193,15 +222,23 @@ To opt in to `/v1/responses`, set `NEMOCLAW_PREFERRED_API=openai-responses` befo Start your model server. The examples below use vLLM, but any OpenAI-compatible server works. -```console -$ vllm serve meta-llama/Llama-3.1-8B-Instruct --port 8000 +```bash +vllm serve meta-llama/Llama-3.1-8B-Instruct --port 8000 ``` Run the onboard wizard. -```console -$ nemoclaw onboard + +```bash +nemoclaw onboard +``` + + + +```bash +nemohermes onboard ``` + When the wizard asks you to choose an inference provider, select **Other OpenAI-compatible endpoint**. Enter the base URL of your local server, for example `http://localhost:8000/v1`. @@ -219,13 +256,25 @@ Route, configuration, and authentication failures still fail immediately. Set the following environment variables for scripted or CI/CD deployments. -```console -$ NEMOCLAW_PROVIDER=custom \ + +```bash +NEMOCLAW_PROVIDER=custom \ NEMOCLAW_ENDPOINT_URL=http://localhost:8000/v1 \ NEMOCLAW_MODEL=meta-llama/Llama-3.1-8B-Instruct \ COMPATIBLE_API_KEY=dummy \ nemoclaw onboard --non-interactive ``` + + + +```bash +NEMOCLAW_PROVIDER=custom \ + NEMOCLAW_ENDPOINT_URL=http://localhost:8000/v1 \ + NEMOCLAW_MODEL=meta-llama/Llama-3.1-8B-Instruct \ + COMPATIBLE_API_KEY=dummy \ + nemohermes onboard --non-interactive +``` + | Variable | Purpose | |---|---| @@ -242,9 +291,16 @@ without probing the Responses API. To opt in to `/v1/responses`, set `NEMOCLAW_PREFERRED_API` before running onboard: -```console -$ NEMOCLAW_PREFERRED_API=openai-responses nemoclaw onboard + +```bash +NEMOCLAW_PREFERRED_API=openai-responses nemoclaw onboard +``` + + +```bash +NEMOCLAW_PREFERRED_API=openai-responses nemohermes onboard ``` + The wizard then probes `/v1/responses` and only selects it when streaming support is complete. @@ -256,39 +312,62 @@ You can use this variable in both interactive and non-interactive mode. |---|---|---| | `NEMOCLAW_PREFERRED_API` | `openai-completions`, `openai-responses` | `openai-completions` for compatible endpoints | -If you already onboarded and the sandbox is failing at runtime, re-run -`nemoclaw onboard` to re-probe the endpoint and bake the correct API path + +If you already onboarded and the sandbox is failing at runtime, re-run `nemoclaw onboard` to re-probe the endpoint and bake the correct API path into the image. -Refer to [Switch Inference Models](references/switch-inference-providers.md) for details. + + +If you already onboarded and the sandbox is failing at runtime, re-run `nemohermes onboard` to re-probe the endpoint and bake the correct API path +into the image. + +Refer to [Switch Inference Models](references/switch-inference-providers.md) for more information. ## Anthropic-Compatible Server If your local server implements the Anthropic Messages API (`/v1/messages`), choose **Other Anthropic-compatible endpoint** during onboarding instead. -```console -$ nemoclaw onboard + +```bash +nemoclaw onboard ``` - + + +```bash +nemohermes onboard +``` + For non-interactive setup, use `NEMOCLAW_PROVIDER=anthropicCompatible` and set `COMPATIBLE_ANTHROPIC_API_KEY`. -```console -$ NEMOCLAW_PROVIDER=anthropicCompatible \ + +```bash +NEMOCLAW_PROVIDER=anthropicCompatible \ NEMOCLAW_ENDPOINT_URL=http://localhost:8080 \ NEMOCLAW_MODEL=my-model \ COMPATIBLE_ANTHROPIC_API_KEY=dummy \ nemoclaw onboard --non-interactive ``` + + +```bash +NEMOCLAW_PROVIDER=anthropicCompatible \ + NEMOCLAW_ENDPOINT_URL=http://localhost:8080 \ + NEMOCLAW_MODEL=my-model \ + COMPATIBLE_ANTHROPIC_API_KEY=dummy \ + nemohermes onboard --non-interactive +``` + ## vLLM When vLLM is already running on `localhost:8000`, NemoClaw can detect it automatically and query the `/v1/models` endpoint to determine the loaded model. On supported Linux hosts with NVIDIA GPUs, the onboard wizard can also install or start a managed vLLM container for you. + For an already-running vLLM server, run `nemoclaw onboard` and select **Local vLLM [experimental]** from the provider list. - -```console -$ nemoclaw onboard -``` + + +For an already-running vLLM server, run `nemohermes onboard` and select **Local vLLM [experimental]** from the provider list. + If vLLM is already running, NemoClaw detects the running model and validates the endpoint. If vLLM is not running and your host matches a DGX Spark or DGX Station managed profile, NemoClaw shows the **Install vLLM** or **Start vLLM** entry by default. @@ -301,7 +380,7 @@ Managed vLLM uses these profiles: | Host profile | Default model | |---|---| -| DGX Spark | `Qwen/Qwen3.6-27B-FP8` | +| DGX Spark | `nvidia/Qwen3.6-35B-A3B-NVFP4` | | DGX Station | `Qwen/Qwen3.6-27B-FP8` | | Linux with an NVIDIA GPU | `nvidia/NVIDIA-Nemotron-3-Nano-4B-FP8` | @@ -314,18 +393,34 @@ The vLLM `/v1/responses` endpoint does not run the `--tool-call-parser`, so tool Use an already-running vLLM server: -```console -$ NEMOCLAW_PROVIDER=vllm \ + +```bash +NEMOCLAW_PROVIDER=vllm \ nemoclaw onboard --non-interactive ``` + + +```bash +NEMOCLAW_PROVIDER=vllm \ + nemohermes onboard --non-interactive +``` + -Install or start managed vLLM when a supported profile is detected. +Install or start managed vLLM when NemoClaw detects a supported profile. On DGX Spark and DGX Station, `NEMOCLAW_PROVIDER=install-vllm` is enough for non-interactive runs; add `NEMOCLAW_EXPERIMENTAL=1` on generic Linux NVIDIA GPU hosts. -```console -$ NEMOCLAW_PROVIDER=install-vllm \ + +```bash +NEMOCLAW_PROVIDER=install-vllm \ nemoclaw onboard --non-interactive ``` + + +```bash +NEMOCLAW_PROVIDER=install-vllm \ + nemohermes onboard --non-interactive +``` + NemoClaw records the model returned by vLLM's `/v1/models` endpoint. Start vLLM with the model you want before onboarding if you manage the server yourself. @@ -335,27 +430,38 @@ Start vLLM with the model you want before onboarding if you manage the server yo Managed vLLM serves the profile default unless you select a different registry entry. Export `NEMOCLAW_VLLM_MODEL=` before invoking the installer to choose a different model from the registry. NemoClaw uses the matching `vllm serve` flags, including the reasoning parser, tool-call parser, and `--max-model-len`. -Recognised slugs: +Recognized slugs are: | Slug | Hugging Face model | Notes | |---|---|---| -| `qwen3.6-27b` | `Qwen/Qwen3.6-27B-FP8` | Default on DGX Spark and DGX Station profiles | +| `qwen3.6-27b` | `Qwen/Qwen3.6-27B-FP8` | Default on the DGX Station profile | +| `qwen3.6-35b-a3b-nvfp4` | `nvidia/Qwen3.6-35B-A3B-NVFP4` | Default on the DGX Spark profile | | `nemotron-3-nano-4b` | `nvidia/NVIDIA-Nemotron-3-Nano-4B-FP8` | Default on the generic Linux + NVIDIA GPU profile | | `deepseek-r1-distill-70b` | `deepseek-ai/DeepSeek-R1-Distill-Llama-70B` | Gated. Requires Hugging Face license acceptance | The slug is case-insensitive; the full Hugging Face id is also accepted. -An unrecognised value fails fast with a list of valid slugs. +An unrecognized value fails fast with a list of valid slugs. Gated models require a Hugging Face token; export it before onboarding so NemoClaw can forward it into the managed vLLM container: -```console -$ export HF_TOKEN= -$ NEMOCLAW_PROVIDER=install-vllm \ + +```bash +export HF_TOKEN= +NEMOCLAW_PROVIDER=install-vllm \ NEMOCLAW_VLLM_MODEL=deepseek-r1-distill-70b \ nemoclaw onboard --non-interactive ``` + + +```bash +export HF_TOKEN= +NEMOCLAW_PROVIDER=install-vllm \ + NEMOCLAW_VLLM_MODEL=deepseek-r1-distill-70b \ + nemohermes onboard --non-interactive +``` + -`HUGGING_FACE_HUB_TOKEN` is accepted as an alternative. +NemoClaw accepts `HUGGING_FACE_HUB_TOKEN` as an alternative. The token check runs on the host before any docker pull, so a missing or empty token aborts onboarding before bandwidth is spent on a 401. ## NVIDIA NIM (Experimental) @@ -364,18 +470,30 @@ NemoClaw can pull, start, and manage a NIM container on hosts with a NIM-capable Set the experimental flag and run onboard. -```console -$ NEMOCLAW_EXPERIMENTAL=1 nemoclaw onboard + +```bash +NEMOCLAW_EXPERIMENTAL=1 nemoclaw onboard ``` + + +```bash +NEMOCLAW_EXPERIMENTAL=1 nemohermes onboard +``` + Select **Local NVIDIA NIM [experimental]** from the provider list. NemoClaw filters available models by GPU VRAM, pulls the NIM container image, starts it, and waits for it to become healthy before continuing. On hosts with mixed NVIDIA GPU models, the preflight summary shows each detected GPU model and the total VRAM so you can confirm which device class the model selection used. -NIM container images are hosted on `nvcr.io` and require NGC registry authentication before `docker pull` succeeds. +NVIDIA hosts NIM container images on `nvcr.io`, and `docker pull` requires NGC registry authentication. If Docker is not already logged in to `nvcr.io`, onboard prompts for an [NGC API key](https://org.ngc.nvidia.com/setup/api-key) and runs `docker login nvcr.io` over `--password-stdin` so the key is never written to disk or shell history. -The prompt masks the key during input and retries once on a bad key before failing. +The prompt masks the key during input and retries one time on a bad key before failing. + In non-interactive mode, onboard exits with login instructions if Docker is not already authenticated; run `docker login nvcr.io` yourself, then re-run `nemoclaw onboard --non-interactive`. + + +In non-interactive mode, onboard exits with login instructions if Docker is not already authenticated; run `docker login nvcr.io` yourself, then re-run `nemohermes onboard --non-interactive`. + If `NGC_API_KEY` or `NVIDIA_API_KEY` is already exported, NemoClaw passes it into the managed NIM container through the process environment instead of command-line arguments. If the NIM container exits before the health endpoint becomes ready, onboarding stops early and prints the last container log lines. @@ -386,11 +504,20 @@ The same `chat/completions` API path restriction applies. ### Non-Interactive Setup -```console -$ NEMOCLAW_EXPERIMENTAL=1 \ + +```bash +NEMOCLAW_EXPERIMENTAL=1 \ NEMOCLAW_PROVIDER=nim \ nemoclaw onboard --non-interactive ``` + + +```bash +NEMOCLAW_EXPERIMENTAL=1 \ + NEMOCLAW_PROVIDER=nim \ + nemohermes onboard --non-interactive +``` + To select a specific model, set `NEMOCLAW_MODEL`. @@ -401,26 +528,49 @@ Large prompts on hardware such as DGX Spark can exceed shorter timeouts, so Nemo To override the timeout, set the `NEMOCLAW_LOCAL_INFERENCE_TIMEOUT` environment variable before onboarding: -```console -$ export NEMOCLAW_LOCAL_INFERENCE_TIMEOUT=300 -$ nemoclaw onboard + +```bash +export NEMOCLAW_LOCAL_INFERENCE_TIMEOUT=300 +nemoclaw onboard +``` + + +```bash +export NEMOCLAW_LOCAL_INFERENCE_TIMEOUT=300 +nemohermes onboard ``` + The value is in seconds. -This setting is baked into the sandbox at build time. +NemoClaw bakes this setting into the sandbox at build time. + Changing it after onboarding requires re-running `nemoclaw onboard`. + + +Changing it after onboarding requires re-running `nemohermes onboard`. + `NEMOCLAW_LOCAL_INFERENCE_TIMEOUT` only governs the inference-server validation probe. During local Ollama setup, NemoClaw treats host-side curl process timeouts as retryable probe failures and retries with a larger timeout before it reports a validation failure. NemoClaw also retries Docker runtime detection with a longer `docker info` timeout before it chooses the local inference route. The post-create readiness wait (image build, gateway upload, in-sandbox boot) has its own budget, `NEMOCLAW_SANDBOX_READY_TIMEOUT`, also defaulting to 180 seconds. -On hosts where the sandbox image takes minutes to build or upload — large quantised models, DGX Station first runs, or remote VMs over a slow link — raise both together: - -```console -$ export NEMOCLAW_LOCAL_INFERENCE_TIMEOUT=300 -$ export NEMOCLAW_SANDBOX_READY_TIMEOUT=600 -$ nemoclaw onboard +On hosts where the sandbox image takes minutes to build or upload, raise both settings together. +Examples include large quantized models, DGX Station first runs, and remote VMs over a slow link. + + +```bash +export NEMOCLAW_LOCAL_INFERENCE_TIMEOUT=300 +export NEMOCLAW_SANDBOX_READY_TIMEOUT=600 +nemoclaw onboard +``` + + +```bash +export NEMOCLAW_LOCAL_INFERENCE_TIMEOUT=300 +export NEMOCLAW_SANDBOX_READY_TIMEOUT=600 +nemohermes onboard ``` + If onboard ends with `Sandbox '' was created but did not become ready within 180s`, refer to Troubleshooting (use the `nemoclaw-user-reference` skill). @@ -428,9 +578,16 @@ If onboard ends with `Sandbox '' was created but did not become ready with After onboarding completes, confirm the active provider and model. -```console -$ nemoclaw status + +```bash +nemoclaw status ``` + + +```bash +nemohermes status +``` + The output shows the provider label (for example, "Local vLLM" or "Other OpenAI-compatible endpoint") and the active model. For Local Ollama, status also checks the authenticated proxy when a proxy token is available. @@ -443,18 +600,30 @@ Refer to [Switch Inference Models](references/switch-inference-providers.md) for For compatible endpoints, the command is: -```console -$ nemoclaw inference set --provider compatible-endpoint --model + +```bash +nemoclaw inference set --provider compatible-endpoint --model +``` + + +```bash +nemohermes inference set --provider compatible-endpoint --model ``` + + If the provider itself needs to change (for example, switching from vLLM to a cloud API), pass the new provider to `nemoclaw inference set`. + + +If the provider itself needs to change (for example, switching from vLLM to a cloud API), pass the new provider to `nemohermes inference set`. + ## References - **Load [references/switch-inference-providers.md](references/switch-inference-providers.md)** when switching inference providers, changing the model runtime, or reconfiguring inference routing. Changes the active inference model without restarting the sandbox. - **Load [references/set-up-sub-agent.md](references/set-up-sub-agent.md)** when users ask how to add a second model, configure a sub-agent model, use Omni for vision tasks, configure agents.list, or use sessions_spawn in NemoClaw. Shows the NemoClaw-specific file paths and update flow for adding an auxiliary OpenClaw sub-agent model. - **Load [references/inference-options.md](references/inference-options.md)** when explaining which providers are available, what the onboard wizard presents, or how inference routing works. Lists all inference providers offered during NemoClaw onboarding. -- **[references/tool-calling-reliability.md](references/tool-calling-reliability.md)** — Explains Ollama tool-call leak symptoms, when vLLM with a tool-call parser is recommended, and how to repoint NemoClaw to a parser-aware local endpoint. +- **[references/tool-calling-reliability.md](references/tool-calling-reliability.md)** — Explains Ollama tool-call leak symptoms, when to use vLLM with a tool-call parser, and how to repoint NemoClaw to a parser-aware local endpoint. ## Related Skills diff --git a/.agents/skills/nemoclaw-user-configure-inference/references/inference-options.md b/.agents/skills/nemoclaw-user-configure-inference/references/inference-options.md index 1a7e7a3a03..1ef2d12773 100644 --- a/.agents/skills/nemoclaw-user-configure-inference/references/inference-options.md +++ b/.agents/skills/nemoclaw-user-configure-inference/references/inference-options.md @@ -2,9 +2,21 @@ # NemoClaw Inference Options +import { AgentOnly } from "../_components/AgentGuide"; + NemoClaw supports multiple inference providers. -During onboarding, the `nemoclaw onboard` wizard presents a numbered list of providers to choose from. -Your selection determines where the agent's inference traffic is routed. +During onboarding, the NemoClaw onboarding wizard presents a numbered list of providers to choose from. +Your selection determines where NemoClaw routes the agent's inference traffic. + + +For OpenClaw onboarding, use `nemoclaw onboard`. +The provider flow is the same, with the NVIDIA Endpoints route available for OpenClaw Agent. + + + +For Hermes onboarding, use `nemohermes onboard`. +The provider flow is the same, with the Hermes Provider route available for Hermes Agent. + ## How Inference Routing Works @@ -37,7 +49,7 @@ NemoClaw uses provider-specific local tokens for those routes, and rebuilds of l The onboard wizard presents the following provider options by default. The first six are always available. -Ollama appears when it is installed or running on the host. +Ollama appears when you have installed or started it on the host. Local vLLM appears when NemoClaw detects a running vLLM server. The managed install/start vLLM entry appears by default on DGX Spark and DGX Station, and appears on generic Linux NVIDIA GPU hosts after opt-in. @@ -57,7 +69,7 @@ The managed install/start vLLM entry appears by default on DGX Spark and DGX Sta NVIDIA Nemotron models expose OpenAI-compatible APIs across every supported deployment surface, so two onboarding options can route to Nemotron. -| Where Nemotron is hosted | Onboard wizard option | Why | +| Nemotron Host | Onboard Wizard Option | Why | |---|---|---| | `build.nvidia.com` (NVIDIA-hosted) | **Option 1: NVIDIA Endpoints** | NemoClaw sets the base URL to `https://integrate.api.nvidia.com/v1` for you and validates the model against the build catalog. | | Self-hosted NIM container | **Option 3: Other OpenAI-compatible endpoint** | NIM exposes an OpenAI-compatible `/v1/chat/completions` route. Point the base URL at your NIM service and enter the Nemotron model ID. | @@ -116,11 +128,19 @@ The sandbox never sees raw API keys. To use the router in scripted setup, set: -```console -$ NEMOCLAW_PROVIDER=routed NVIDIA_API_KEY= nemoclaw onboard --non-interactive + +```bash +NEMOCLAW_PROVIDER=routed NVIDIA_API_KEY= nemoclaw onboard --non-interactive ``` + -### Host Python requirement + +```bash +NEMOCLAW_PROVIDER=routed NVIDIA_API_KEY= nemohermes onboard --non-interactive +``` + + +### Host Python Requirement The Model Router runs in a host-side virtual environment that NemoClaw creates during onboarding. NemoClaw probes `python3.13`, `python3.12`, `python3.11`, `python3.10`, and bare `python3`, and adopts the first interpreter that satisfies both of: @@ -131,20 +151,34 @@ NemoClaw probes `python3.13`, `python3.12`, `python3.11`, `python3.10`, and bare If no candidate qualifies, onboarding aborts and prints the real failure for each candidate. This surfaces issues like Homebrew `python@3.14` whose `pyexpat` extension fails to dlopen against the older system `libexpat` on macOS. + To pin a specific interpreter, set `NEMOCLAW_MODEL_ROUTER_PYTHON` to its absolute path before running `nemoclaw onboard`: + + +To pin a specific interpreter, set `NEMOCLAW_MODEL_ROUTER_PYTHON` to its absolute path before running `nemohermes onboard`: + + + +```bash +NEMOCLAW_MODEL_ROUTER_PYTHON=/opt/homebrew/bin/python3.12 nemoclaw onboard +``` + -```console -$ NEMOCLAW_MODEL_ROUTER_PYTHON=/opt/homebrew/bin/python3.12 nemoclaw onboard + +```bash +NEMOCLAW_MODEL_ROUTER_PYTHON=/opt/homebrew/bin/python3.12 nemohermes onboard ``` + The pin is strict. NemoClaw probes only that interpreter and aborts with the failure reason if it does not qualify, rather than silently falling back to a different python on `PATH`. -Relative command names such as `python3.12` are rejected; use `command -v python3.12` to find the absolute path. +NemoClaw rejects relative command names such as `python3.12`. +Use `command -v python3.12` to find the absolute path. If `python -m venv` itself fails for a probe-clean interpreter (for example, a corrupt ensurepip seed), NemoClaw retries with the next healthy candidate when no pin is set; with a pin set, the failure stops onboarding so you can fix or repoint the pinned python. ## Caveated Local Options -The following local inference options are caveated. +The following local inference options have caveats. Local NIM and generic Linux managed vLLM install/start require `NEMOCLAW_EXPERIMENTAL=1`; DGX Spark and DGX Station managed vLLM entries appear by default. An already-running vLLM server appears directly in the onboarding selection list. @@ -159,20 +193,20 @@ For setup instructions, refer to [Use a Local Inference Server](../SKILL.md). NemoClaw validates the selected provider and model before creating the sandbox. If credential validation fails, the wizard asks whether to re-enter the API key, choose a different provider, retry, or exit. -Transient upstream validation failures are retried before the wizard reports a provider failure. +The wizard retries transient upstream validation failures before it reports a provider failure. The `nvapi-` prefix check applies only to `NVIDIA_API_KEY`. Other provider credentials, such as `OPENAI_API_KEY`, `ANTHROPIC_API_KEY`, `GEMINI_API_KEY`, and compatible endpoint keys, use provider-aware validation during retry. | Provider type | Validation method | |---|---| | OpenAI | Tries `/responses` first, then `/chat/completions`. | -| NVIDIA Endpoints | Validates via `/v1/chat/completions` only; the `/v1/responses` probe is skipped because NVIDIA Build does not expose `/v1/responses` (returns 404 for every model). | -| Google Gemini | Validates via Gemini's OpenAI-compatible chat-completions path only; the `/v1/responses` probe is skipped because Gemini does not support the Responses API. | +| NVIDIA Endpoints | Validates through `/v1/chat/completions` only; NemoClaw skips the `/v1/responses` probe because NVIDIA Build does not expose `/v1/responses` (returns 404 for every model). | +| Google Gemini | Validates through Gemini's OpenAI-compatible chat-completions path only; NemoClaw skips the `/v1/responses` probe because Gemini does not support the Responses API. | | Other OpenAI-compatible endpoint | Tries `/v1/responses` first with a tool-calling probe; falls back to `/v1/chat/completions`. Selected runtime API defaults to `/v1/chat/completions`; set `NEMOCLAW_PREFERRED_API=openai-responses` to allow `/v1/responses` at runtime when validation succeeds. | | Anthropic-compatible | Tries `/v1/messages`. | | NVIDIA Endpoints (manual model entry) | Validates the model name against the catalog API. | | Compatible endpoints | Sends a real inference request because many proxies do not expose a `/models` endpoint. For OpenAI-compatible endpoints, the probe tries `/v1/responses` first then falls back to `/v1/chat/completions`; the selected runtime API defaults to `/v1/chat/completions`. Set `NEMOCLAW_PREFERRED_API=openai-responses` to allow `/v1/responses` at runtime when validation succeeds. | -| Local NVIDIA NIM | Validates via `/v1/chat/completions` only; the `/v1/responses` probe is skipped (same as NVIDIA Endpoints). | +| Local NVIDIA NIM | Validates through `/v1/chat/completions` only; NemoClaw skips the `/v1/responses` probe (same as NVIDIA Endpoints). | ## Next Steps diff --git a/.agents/skills/nemoclaw-user-configure-inference/references/set-up-sub-agent.md b/.agents/skills/nemoclaw-user-configure-inference/references/set-up-sub-agent.md index 148eaf0e7e..272b093974 100644 --- a/.agents/skills/nemoclaw-user-configure-inference/references/set-up-sub-agent.md +++ b/.agents/skills/nemoclaw-user-configure-inference/references/set-up-sub-agent.md @@ -37,17 +37,17 @@ It keeps the primary `main` agent on the normal NemoClaw inference route and add | Sub-agent model | `nvidia-omni/private/nvidia/nemotron-3-nano-omni-reasoning-30b-a3b` | | Delegation tool | `sessions_spawn` | -Omni is used as the specialist model for image tasks. +The sub-agent uses Omni as the specialist model for image tasks. The primary orchestration model remains responsible for conversation, planning, and deciding when to delegate. ## Update the Sandbox Config Fetch the current OpenClaw config from the sandbox, patch it with your auxiliary provider and `agents.list` changes, then upload it back. -```console -$ export SANDBOX=my-assistant -$ export DOCKER_CTR=openshell-cluster-nemoclaw -$ docker exec "$DOCKER_CTR" kubectl exec -n openshell "$SANDBOX" -c agent -- cat /sandbox/.openclaw/openclaw.json > /tmp/openclaw.json +```bash +export SANDBOX=my-assistant +export DOCKER_CTR=openshell-cluster-nemoclaw +docker exec "$DOCKER_CTR" kubectl exec -n openshell "$SANDBOX" -c agent -- cat /sandbox/.openclaw/openclaw.json > /tmp/openclaw.json ``` Create `/tmp/openclaw.updated.json` with the OpenClaw sub-agent config. @@ -56,13 +56,13 @@ For the Omni example, the demo provides `vlm-demo/vlm-subagent/openclaw-patch.py Upload the patched config and refresh the hash. In the default mutable state, this keeps the local hash consistent but does not make it tamper-proof; lock the config root-owned and read-only afterward if the sandbox should enforce config integrity at startup. -```console -$ docker exec "$DOCKER_CTR" kubectl exec -n openshell "$SANDBOX" -c agent -- chmod 644 /sandbox/.openclaw/openclaw.json -$ docker exec "$DOCKER_CTR" kubectl exec -n openshell "$SANDBOX" -c agent -- chmod 644 /sandbox/.openclaw/.config-hash -$ cat /tmp/openclaw.updated.json | docker exec -i "$DOCKER_CTR" kubectl exec -i -n openshell "$SANDBOX" -c agent -- sh -c 'cat > /sandbox/.openclaw/openclaw.json' -$ docker exec "$DOCKER_CTR" kubectl exec -n openshell "$SANDBOX" -c agent -- /bin/bash -c "cd /sandbox/.openclaw && sha256sum openclaw.json > .config-hash" -$ docker exec "$DOCKER_CTR" kubectl exec -n openshell "$SANDBOX" -c agent -- chmod 444 /sandbox/.openclaw/openclaw.json -$ docker exec "$DOCKER_CTR" kubectl exec -n openshell "$SANDBOX" -c agent -- chmod 444 /sandbox/.openclaw/.config-hash +```bash +docker exec "$DOCKER_CTR" kubectl exec -n openshell "$SANDBOX" -c agent -- chmod 644 /sandbox/.openclaw/openclaw.json +docker exec "$DOCKER_CTR" kubectl exec -n openshell "$SANDBOX" -c agent -- chmod 644 /sandbox/.openclaw/.config-hash +cat /tmp/openclaw.updated.json | docker exec -i "$DOCKER_CTR" kubectl exec -i -n openshell "$SANDBOX" -c agent -- sh -c 'cat > /sandbox/.openclaw/openclaw.json' +docker exec "$DOCKER_CTR" kubectl exec -n openshell "$SANDBOX" -c agent -- /bin/bash -c "cd /sandbox/.openclaw && sha256sum openclaw.json > .config-hash" +docker exec "$DOCKER_CTR" kubectl exec -n openshell "$SANDBOX" -c agent -- chmod 444 /sandbox/.openclaw/openclaw.json +docker exec "$DOCKER_CTR" kubectl exec -n openshell "$SANDBOX" -c agent -- chmod 444 /sandbox/.openclaw/.config-hash ``` Check `/tmp/gateway.log` after upload and confirm the gateway hot-reloaded the provider or `agents.list` change. @@ -77,10 +77,10 @@ For the Omni example: ``` Use the same provider ID that appears in `models.providers`, such as `nvidia-omni`. -After uploading the auth profile, make sure the sub-agent directory is owned by the sandbox user: +After uploading the auth profile, make sure the sandbox user owns the sub-agent directory: -```console -$ docker exec "$DOCKER_CTR" kubectl exec -n openshell "$SANDBOX" -c agent -- chown -R sandbox:sandbox /sandbox/.openclaw/agents/vision-operator +```bash +docker exec "$DOCKER_CTR" kubectl exec -n openshell "$SANDBOX" -c agent -- chown -R sandbox:sandbox /sandbox/.openclaw/agents/vision-operator ``` ## Allow Auxiliary Provider Egress diff --git a/.agents/skills/nemoclaw-user-configure-inference/references/switch-inference-providers.md b/.agents/skills/nemoclaw-user-configure-inference/references/switch-inference-providers.md index c5a623c42e..c9640d3af8 100644 --- a/.agents/skills/nemoclaw-user-configure-inference/references/switch-inference-providers.md +++ b/.agents/skills/nemoclaw-user-configure-inference/references/switch-inference-providers.md @@ -2,8 +2,10 @@ # Switch Inference Models at Runtime +import { AgentOnly } from "../_components/AgentGuide"; + Change the active inference model while the sandbox is running. -No restart is required. +You do not need to restart the sandbox. ## Prerequisites @@ -12,106 +14,191 @@ No restart is required. ## Switch to a Different Model + Use `nemoclaw inference set` with the provider and model that match the upstream you want to use. The command updates the OpenShell inference route and synchronizes the running agent config. For OpenClaw, it updates `agents.defaults.model.primary` and the matching provider namespace. + + +Use `nemohermes inference set` with the provider and model that match the upstream you want to use. +The command updates the OpenShell inference route and synchronizes the running agent config. For Hermes, it updates `/sandbox/.hermes/config.yaml` (`model.default`, `model.base_url`, and `model.provider: custom`) without rebuilding or restarting Hermes. +Pass `--sandbox ` when you do not want to use the default registered sandbox. +Under `nemohermes`, pass `--sandbox ` when you have registered more than one Hermes sandbox. + + Pass `--sandbox ` when you do not want to use the default registered sandbox. -Under `nemohermes`, pass `--sandbox ` when more than one Hermes sandbox is registered. + ### NVIDIA Endpoints -```console -$ nemoclaw inference set --provider nvidia-prod --model nvidia/nemotron-3-super-120b-a12b + +```bash +nemoclaw inference set --provider nvidia-prod --model nvidia/nemotron-3-super-120b-a12b +``` + + +```bash +nemohermes inference set --provider nvidia-prod --model nvidia/nemotron-3-super-120b-a12b ``` + ### OpenAI -```console -$ nemoclaw inference set --provider openai-api --model gpt-5.4 + +```bash +nemoclaw inference set --provider openai-api --model gpt-5.4 +``` + + +```bash +nemohermes inference set --provider openai-api --model gpt-5.4 ``` + ### Anthropic -```console -$ nemoclaw inference set --provider anthropic-prod --model claude-sonnet-4-6 + +```bash +nemoclaw inference set --provider anthropic-prod --model claude-sonnet-4-6 ``` + + +```bash +nemohermes inference set --provider anthropic-prod --model claude-sonnet-4-6 +``` + ### Google Gemini -```console -$ nemoclaw inference set --provider gemini-api --model gemini-2.5-flash + +```bash +nemoclaw inference set --provider gemini-api --model gemini-2.5-flash ``` + + +```bash +nemohermes inference set --provider gemini-api --model gemini-2.5-flash +``` + ### Compatible Endpoints If you onboarded a custom compatible endpoint, switch models with the provider created for that endpoint: -```console -$ nemoclaw inference set --provider compatible-endpoint --model + + +```bash +nemoclaw inference set --provider compatible-endpoint --model ``` -```console -$ nemoclaw inference set --provider compatible-anthropic-endpoint --model +```bash +nemoclaw inference set --provider compatible-anthropic-endpoint --model +``` + + + + +```bash +nemohermes inference set --provider compatible-endpoint --model ``` +```bash +nemohermes inference set --provider compatible-anthropic-endpoint --model +``` + + + + + ### Hermes Provider For a NemoClaw-managed Hermes sandbox, use the Hermes alias with the registered Hermes Provider route: -```console -$ nemohermes inference set --provider hermes-provider --model openai/gpt-5.4-mini +```bash +nemohermes inference set --provider hermes-provider --model openai/gpt-5.4-mini ``` + + #### Switching from Responses API to Chat Completions -If onboarding selected `/v1/responses` but the agent fails at runtime (for -example, because the backend does not emit the streaming events OpenClaw -requires), re-run onboarding so the wizard re-probes the endpoint and bakes -the correct API path into the image: +If onboarding selected `/v1/responses` but the agent fails at runtime, re-run onboarding so the wizard re-probes the endpoint and bakes the correct API path into the image. +This can happen when the backend does not emit the streaming events OpenClaw requires. -```console -$ nemoclaw onboard + +```bash +nemoclaw onboard ``` - + + +```bash +nemohermes onboard +``` + Select the same provider and endpoint again. -The updated streaming probe will detect incomplete `/v1/responses` support -and select `/v1/chat/completions` automatically. +The updated streaming probe detects incomplete `/v1/responses` support and selects `/v1/chat/completions` automatically. -For the compatible-endpoint provider, NemoClaw uses `/v1/chat/completions` by -default, so no env var is required to keep the safe path. -To opt in to `/v1/responses` for a backend you have verified end to end, set -`NEMOCLAW_PREFERRED_API` before onboarding: +For the compatible-endpoint provider, NemoClaw uses `/v1/chat/completions` by default, so you do not need an environment variable to keep the safe path. +To opt in to `/v1/responses` for a backend you have verified end to end, set `NEMOCLAW_PREFERRED_API` before onboarding: -```console -$ NEMOCLAW_PREFERRED_API=openai-responses nemoclaw onboard + +```bash +NEMOCLAW_PREFERRED_API=openai-responses nemoclaw onboard +``` + + +```bash +NEMOCLAW_PREFERRED_API=openai-responses nemohermes onboard ``` + **Note:** -`NEMOCLAW_INFERENCE_API_OVERRIDE` patches the config at container startup but -does not update the Dockerfile ARG baked into the image. -If you recreate the sandbox without the override env var, the image reverts to -the original API path. +`NEMOCLAW_INFERENCE_API_OVERRIDE` patches the config at container startup but does not update the Dockerfile ARG baked into the image. +If you recreate the sandbox without the override environment variable, the image reverts to the original API path. + A fresh `nemoclaw onboard` is the reliable fix because it updates both the session and the baked image. + + +A fresh `nemohermes onboard` is the reliable fix because it updates both the +session and the baked image. + ## Cross-Provider Switching + Switching to a different provider family (for example, from NVIDIA Endpoints to Anthropic) also uses `nemoclaw inference set`. The command updates both the gateway route and the OpenClaw provider namespace in the running sandbox config. -```console -$ nemoclaw inference set --provider anthropic-prod --model claude-sonnet-4-6 --no-verify +```bash +nemoclaw inference set --provider anthropic-prod --model claude-sonnet-4-6 --no-verify ``` + + +Switching to a different provider family (for example, from NVIDIA Endpoints to Anthropic) also uses `nemohermes inference set`. +The command updates both the gateway route and `/sandbox/.hermes/config.yaml`. + +```bash +nemohermes inference set --provider anthropic-prod --model claude-sonnet-4-6 --no-verify +``` + + + Use `--no-verify` only when OpenShell cannot verify the provider at switch time but you have already confirmed the provider and credential. ## Tune Model Metadata The sandbox image bakes model metadata (context window, max output tokens, reasoning mode, and accepted input modalities) into `openclaw.json` at build time. + To change these values, set the corresponding environment variables before running `nemoclaw onboard` so they patch into the Dockerfile before the image builds. + + +To change these values, set the corresponding environment variables before running `nemohermes onboard` so they patch into the Dockerfile before the image builds. + | Variable | Values | Default | |---|---|---| @@ -122,27 +209,52 @@ To change these values, set the corresponding environment variables before runni | `NEMOCLAW_AGENT_TIMEOUT` | Positive integer (seconds) | `600` | | `NEMOCLAW_AGENT_HEARTBEAT_EVERY` | Go-style duration (`30m`, `1h`, `0m` to disable) | `unset` (OpenClaw default) | -Invalid values are ignored, and the default bakes into the image. +NemoClaw ignores invalid values and bakes the default into the image. For Local Ollama, onboarding loads the selected model first and uses Ollama's reported runtime context length when `NEMOCLAW_CONTEXT_WINDOW` is unset. Use `NEMOCLAW_INFERENCE_INPUTS=text,image` only for a model that accepts image input through the selected provider. -```console -$ export NEMOCLAW_CONTEXT_WINDOW=65536 -$ export NEMOCLAW_MAX_TOKENS=8192 -$ export NEMOCLAW_REASONING=true -$ export NEMOCLAW_INFERENCE_INPUTS=text,image -$ export NEMOCLAW_AGENT_TIMEOUT=1800 -$ export NEMOCLAW_AGENT_HEARTBEAT_EVERY=0m -$ nemoclaw onboard -``` - -`NEMOCLAW_AGENT_TIMEOUT` controls the per-request inference timeout baked into -`agents.defaults.timeoutSeconds`. Increase it for slow local inference (for -example, CPU-only Ollama or vLLM on modest hardware). NemoClaw writes this -value into `openclaw.json` during onboarding. The default sandbox may keep that -file writable for agent state, but direct in-sandbox edits are not the supported -or durable way to change NemoClaw-managed defaults. Rebuild the sandbox via -`nemoclaw onboard` to apply a new value. + +```bash +export NEMOCLAW_CONTEXT_WINDOW=65536 +export NEMOCLAW_MAX_TOKENS=8192 +export NEMOCLAW_REASONING=true +export NEMOCLAW_INFERENCE_INPUTS=text,image +export NEMOCLAW_AGENT_TIMEOUT=1800 +export NEMOCLAW_AGENT_HEARTBEAT_EVERY=0m +nemoclaw onboard +``` + + +```bash +export NEMOCLAW_CONTEXT_WINDOW=65536 +export NEMOCLAW_MAX_TOKENS=8192 +export NEMOCLAW_REASONING=true +export NEMOCLAW_INFERENCE_INPUTS=text,image +export NEMOCLAW_AGENT_TIMEOUT=1800 +export NEMOCLAW_AGENT_HEARTBEAT_EVERY=0m +nemohermes onboard +``` + + + + +`NEMOCLAW_AGENT_TIMEOUT` controls the per-request inference timeout baked into `agents.defaults.timeoutSeconds`. +Increase it for slow local inference, such as CPU-only Ollama or vLLM on modest hardware. +NemoClaw writes this value into `openclaw.json` during onboarding. +The default sandbox can keep that file writable for agent state, but direct in-sandbox edits are not the supported or durable way to change NemoClaw-managed defaults. +Rebuild the sandbox with `nemoclaw onboard` to apply a new value. + + + + +`NEMOCLAW_AGENT_TIMEOUT` controls the per-request inference timeout baked into the Hermes sandbox image. +Increase it for slow local inference, such as CPU-only Ollama or vLLM on modest hardware. +Direct in-sandbox edits are not the supported or durable way to change NemoClaw-managed defaults. +Rebuild the sandbox with `nemohermes onboard` to apply a new value. + + + + `NEMOCLAW_AGENT_HEARTBEAT_EVERY` sets `agents.defaults.heartbeat.every`. This controls OpenClaw's periodic main-session agent turn. @@ -151,19 +263,38 @@ The OpenClaw default is 30 minutes (1 hour for Anthropic OAuth / Claude CLI reus Tune the cadence with a duration string like `5m` or `2h`, or set `0m` to disable the periodic turns entirely. Disabling also drops `HEARTBEAT.md` from normal-run bootstrap context per upstream behavior, so the model no longer sees heartbeat-only instructions. NemoClaw writes this value into `openclaw.json` during onboarding. -The in-sandbox `openclaw config set` command is not the supported path for -NemoClaw-managed build-time defaults, and direct file edits are overwritten by a -rebuild. Rebuild the sandbox via `nemoclaw onboard --resume` to apply a new value. +The in-sandbox `openclaw config set` command is not the supported path for NemoClaw-managed build-time defaults, and a rebuild overwrites direct file edits. +Rebuild the sandbox with `nemoclaw onboard --resume` to apply a new value. + + + + +Hermes does not use OpenClaw's `HEARTBEAT.md` wake-up mechanism. +Rebuild the sandbox with `nemohermes onboard --resume` to apply build-time inference metadata changes. + + These variables are build-time settings. If you change them on an existing sandbox, recreate the sandbox so the new values bake into the image: -```console -$ nemoclaw onboard --resume --recreate-sandbox + + +```bash +nemoclaw onboard --resume --recreate-sandbox ``` + + + +```bash +nemohermes onboard --resume --recreate-sandbox +``` + + + ## Verify the Active Model + Use `nemoclaw inference get` to print the provider and model the gateway is currently routing to. Run it before `nemoclaw inference set` to confirm the starting state, or after a switch to verify the new route. @@ -183,25 +314,73 @@ $ nemoclaw inference get --json } ``` + + +Use `nemohermes inference get` to print the provider and model the gateway is currently routing to. +Run it before `nemohermes inference set` to confirm the starting state, or after a switch to verify the new route. + +```console +$ nemohermes inference get +Provider: nvidia-prod +Model: nvidia/nemotron-3-super-120b-a12b +``` + +Pass `--json` for machine-readable output. + +```console +$ nemohermes inference get --json +{ + "provider": "nvidia-prod", + "model": "nvidia/nemotron-3-super-120b-a12b" +} +``` + + + The command exits non-zero with `OpenShell inference route is not configured.` when the gateway has no registered inference route. + Run `nemoclaw onboard` to configure one. + + +Run `nemohermes onboard` to configure one. + Run the status command when you also need sandbox, service, and messaging health: -```console -$ nemoclaw status + +```bash +nemoclaw status +``` + + +```bash +nemohermes status ``` + The status output includes the active provider, model, and endpoint with the rest of the sandbox state. ## Notes + + - The host keeps provider credentials. - The sandbox continues to use `inference.local`. - `nemoclaw inference set` patches the selected running OpenClaw or Hermes sandbox config and recomputes its config hash. - Use `nemoclaw onboard --resume --recreate-sandbox` for build-time settings such as context window, max tokens, reasoning mode, heartbeat cadence, or image contents. - Local Ollama and local vLLM routes use local provider tokens rather than `OPENAI_API_KEY`. Rebuilds of older local-inference sandboxes clear the stale OpenAI credential requirement automatically. + + + +- The host keeps provider credentials. +- The sandbox continues to use `inference.local`. +- `nemohermes inference set` patches the selected running Hermes sandbox config and recomputes its config hash. +- Use `nemohermes onboard --resume --recreate-sandbox` for build-time settings such as context window, max tokens, reasoning mode, heartbeat cadence, or image contents. +- Local Ollama and local vLLM routes use local provider tokens rather than `OPENAI_API_KEY`. Rebuilds of older local-inference sandboxes clear the stale OpenAI credential requirement automatically. + + + ## Related Topics - [Inference Options](inference-options.md) for the full list of providers available during onboarding. diff --git a/.agents/skills/nemoclaw-user-configure-inference/references/tool-calling-reliability.md b/.agents/skills/nemoclaw-user-configure-inference/references/tool-calling-reliability.md index 01f2c36115..06afbf284c 100644 --- a/.agents/skills/nemoclaw-user-configure-inference/references/tool-calling-reliability.md +++ b/.agents/skills/nemoclaw-user-configure-inference/references/tool-calling-reliability.md @@ -2,10 +2,8 @@ # Tool-Calling Reliability for Local Inference -Local inference is useful for privacy, cost control, and offline development, but -tool-calling agents place stricter demands on the model server than simple chat. -The model server must return structured `tool_calls`, not a JSON-looking string -inside normal assistant text. +Local inference is useful for privacy, cost control, and offline development, but tool-calling agents place stricter demands on the model server than simple chat. +The model server must return structured `tool_calls`, not a JSON-looking string inside normal assistant text. Use this page when the TUI shows raw JSON such as: @@ -13,8 +11,7 @@ Use this page when the TUI shows raw JSON such as: {"arguments":{"query":"robotics"},"name":"memory_search"} ``` -If that appears as text in the assistant reply, OpenClaw cannot dispatch the -tool because the inference response did not include a structured tool call. +If that appears as text in the assistant reply, OpenClaw cannot dispatch the tool because the inference response did not include a structured tool call. ## Quick Choice Guide @@ -28,9 +25,8 @@ tool because the inference response did not include a structured tool call. | Multi-turn tool dispatch | Risky | Yes | Ollama can work well for lightweight local chat and some simple tool surfaces. -For OpenClaw-style agent loops with multiple tools, long instructions, or -multi-turn dispatch, use a server that exposes OpenAI-compatible -`/v1/chat/completions` with a tool-call parser. vLLM is the common local choice. +For OpenClaw-style agent loops with multiple tools, long instructions, or multi-turn dispatch, use a server that exposes OpenAI-compatible `/v1/chat/completions` with a tool-call parser. +vLLM is the common local choice. ## Symptom @@ -41,20 +37,17 @@ The common failure mode is: - The gateway treats the response as normal text. - No tool runs, and the user sees raw JSON in the TUI. -This is different from a network or policy block. `nemoclaw status`, -`nemoclaw logs`, and `nemoclaw debug --quick` can all look healthy while -tool dispatch still fails inside the conversation. +This is different from a network or policy block. +`nemoclaw status`, `nemoclaw logs`, and `nemoclaw debug --quick` can all look healthy while tool dispatch still fails inside the conversation. ## Recommended Fix -For persistent NemoClaw use, start vLLM with auto tool choice and the parser that -matches your model family, then rerun onboarding and select **Local vLLM -[experimental]** or **Other OpenAI-compatible endpoint**. +For persistent NemoClaw use, start vLLM with auto tool choice and the parser that matches your model family, then rerun onboarding and select **Local vLLM [experimental]** or **Other OpenAI-compatible endpoint**. For Hermes 3 style models, a known-good vLLM command shape is: -```console -$ vllm serve /models/Hermes-3-Llama-3.1-8B \ +```bash +vllm serve /models/Hermes-3-Llama-3.1-8B \ --served-model-name hermes-3-llama-3.1-8b \ --enable-auto-tool-choice \ --tool-call-parser hermes \ @@ -93,22 +86,20 @@ services: Then onboard against that endpoint: -```console -$ NEMOCLAW_PROVIDER=custom \ +```bash +NEMOCLAW_PROVIDER=custom \ NEMOCLAW_ENDPOINT_URL=http://localhost:8002/v1 \ NEMOCLAW_MODEL=hermes-3-llama-3.1-8b \ COMPATIBLE_API_KEY=$VLLM_API_KEY \ nemoclaw onboard --non-interactive ``` -If the endpoint does not require authentication, set `COMPATIBLE_API_KEY` to any -non-empty placeholder, such as `dummy`. +If the endpoint does not require authentication, set `COMPATIBLE_API_KEY` to any non-empty placeholder, such as `dummy`. ## Advanced Temporary Repointing -NemoClaw-managed sandboxes normally block direct `openclaw config set` writes -inside the sandbox because those edits do not survive rebuilds. Prefer rerunning -`nemoclaw onboard` for a persistent provider change. +NemoClaw-managed sandboxes normally block direct `openclaw config set` writes inside the sandbox because those edits do not survive rebuilds. +Prefer rerunning `nemoclaw onboard` for a persistent provider change. If you are intentionally testing a mutable OpenClaw config, prepare a batch file like this: @@ -134,15 +125,13 @@ like this: } ``` -Apply it only in environments where OpenClaw config writes are allowed: +Apply it only in environments where OpenClaw allows config writes: -```console -$ openclaw config set --batch-file /sandbox/.openclaw/vllm-tool-calls.json +```bash +openclaw config set --batch-file /sandbox/.openclaw/vllm-tool-calls.json ``` -After testing, persist the working provider through `nemoclaw onboard` so the -sandbox image, OpenShell inference route, and host-managed credentials stay in -sync. +After testing, persist the working provider through `nemoclaw onboard` so the sandbox image, OpenShell inference route, and host-managed credentials stay in sync. ## Verify the Fix @@ -150,12 +139,9 @@ After switching to vLLM, ask for an action that should use a tool. Good signs: - The TUI does not show JSON blobs as assistant text. - The gateway log shows tool dispatch and a follow-up answer. -- `nemoclaw status` reports the local vLLM or compatible endpoint as the - active provider. +- `nemoclaw status` reports the local vLLM or compatible endpoint as the active provider. -If JSON still appears as text, confirm that vLLM was started with both -`--enable-auto-tool-choice` and the correct `--tool-call-parser` value for your -model. +If JSON still appears as text, confirm that you started vLLM with both `--enable-auto-tool-choice` and the correct `--tool-call-parser` value for your model. ## Next Steps diff --git a/.agents/skills/nemoclaw-user-configure-security/references/best-practices.md b/.agents/skills/nemoclaw-user-configure-security/references/best-practices.md index 7252ad40af..2302f351bb 100644 --- a/.agents/skills/nemoclaw-user-configure-security/references/best-practices.md +++ b/.agents/skills/nemoclaw-user-configure-security/references/best-practices.md @@ -2,23 +2,25 @@ # NemoClaw Security Best Practices: Controls, Risks, and Posture Profiles +import { AgentOnly } from "../_components/AgentGuide"; + NemoClaw ships with deny-by-default security controls across four layers: network, filesystem, process, and inference. You can tune every control, but each change shifts the risk profile. -This page documents every configurable knob, its default, what it protects, the concrete risk of relaxing it, and a recommendation for common use cases. +This page documents each configurable control, its default, what it protects, the concrete risk of relaxing it, and a recommendation for common use cases. For background on how the layers fit together, refer to How It Works (use the `nemoclaw-user-overview` skill). ## Protection Layers at a Glance NemoClaw enforces security at four layers. -NemoClaw locks some when it creates the sandbox and requires a restart to change them. +NemoClaw locks some controls when it creates the sandbox and requires a restart to change them. You can hot-reload others while the sandbox runs. -The following diagram shows the default posture immediately after `nemoclaw onboard`, before you approve any endpoints or apply any presets. +The following diagram shows the default posture immediately after onboarding, before you approve any endpoints or apply any presets. ```mermaid flowchart TB - subgraph HOST["Your Machine: default posture after nemoclaw onboard"] + subgraph HOST["Your Machine: default posture after onboarding"] direction TB YOU["👤 Operator"] @@ -70,7 +72,7 @@ flowchart TB | Network | Unauthorized outbound connections and data exfiltration. | OpenShell gateway | Yes. Use `openshell policy set` or operator approval. | | Filesystem | System binary tampering, credential theft, config manipulation. | Landlock LSM + container mounts | Landlock layout: no. Requires sandbox re-creation. Use host-side NemoClaw commands for durable config changes. | | Process | Privilege escalation, fork bombs, syscall abuse. | Container runtime (Docker/K8s `securityContext`) | No. Requires sandbox re-creation. | -| Inference | Credential exposure, unauthorized model access, cost overruns. | OpenShell gateway | Yes. Use `nemoclaw inference set`. | +| Inference | Credential exposure, unauthorized model access, cost overruns. | OpenShell gateway | Yes. Use the NemoClaw inference switching command. | ## Network Controls @@ -78,7 +80,7 @@ NemoClaw controls which hosts, ports, and HTTP methods the sandbox can reach, an ### Deny-by-Default Egress -The sandbox blocks all outbound connections unless you explicitly list the endpoint in the policy file `nemoclaw-blueprint/policies/openclaw-sandbox.yaml`. +The sandbox blocks all outbound connections unless you explicitly list the endpoint in the applicable baseline policy files. | Aspect | Detail | |---|---| @@ -92,7 +94,7 @@ The sandbox blocks all outbound connections unless you explicitly list the endpo Each network policy entry restricts which executables can reach the endpoint using the `binaries` field. OpenShell identifies the calling binary by reading `/proc//exe` (the kernel-trusted executable path, not `argv[0]`), walking the process tree for ancestor binaries, and computing a SHA256 hash of each binary on first use. -If someone replaces a binary while the sandbox runs, the hash mismatch triggers an immediate deny. +If someone replaces a binary while the sandbox runs, the hash mismatch immediately denies the request. | Aspect | Detail | |---|---| @@ -126,12 +128,12 @@ The `protocol` field on an endpoint controls whether the proxy also inspects ind ### Operator Approval Flow -When the agent reaches an unlisted endpoint, OpenShell blocks the request and prompts the operator in the TUI. +When the agent reaches an unlisted endpoint, OpenShell blocks the request and prompts you in the TUI. | Aspect | Detail | |---|---| | Default | Enabled. The gateway blocks all unlisted endpoints and requires approval. | -| What you can change | The system merges approved endpoints into the sandbox's policy as a new durable revision. They persist across sandbox restarts within the same sandbox instance. However, when you destroy and recreate the sandbox (for example, by running `nemoclaw onboard`), the policy resets to the baseline defined in the blueprint. | +| What you can change | The system merges approved endpoints into the sandbox's policy as a new durable revision. They persist across sandbox restarts within the same sandbox instance. However, when you destroy and recreate the sandbox through onboarding, the policy resets to the baseline defined in the blueprint. | | Risk if relaxed | Approving an endpoint permanently widens the running sandbox's policy. If you approve a broad domain (such as a CDN that hosts arbitrary content), the agent can fetch anything from that domain until you destroy and recreate the sandbox. | | Recommendation | Review each blocked request before approving. If you find yourself approving the same endpoint repeatedly, add it to the baseline policy with appropriate binary and path restrictions. To reset approved endpoints, destroy and recreate the sandbox. | @@ -143,6 +145,7 @@ NemoClaw ships preset policy files in `nemoclaw-blueprint/policies/presets/` for |---|---|---| | `brave` | Brave Search API. | Agent can issue search queries. | | `brew` | Homebrew (Linuxbrew) package manager. The sandbox base image includes the `brew` binary; this preset opens network egress to GitHub and the Homebrew formulae index so `brew install` can fetch bottles. | Allows installing arbitrary Homebrew packages, which may contain malicious code. | +| `claude-code` | Claude Code CLI API, telemetry, and crash-report endpoints. | Allows a separately installed Claude Code CLI to reach Anthropic and telemetry hosts with its own credentials. Do not use this preset for NemoClaw inference routing. | | `discord` | Discord REST API, WebSocket gateway, CDN. | CDN endpoint (`cdn.discordapp.com`) allows GET to any path. WebSocket uses `access: full` (no inspection). | | `github` | GitHub and GitHub REST API. | Gives agent read/write access to repositories and issues via `git`. | | `huggingface` | Hugging Face Hub (download-only) and inference router. | Allows downloading arbitrary models and datasets. POST is restricted to the inference router only. | @@ -173,6 +176,8 @@ The container mounts system directories read-only to prevent the agent from modi ### Agent Config Directory + + The `/sandbox/.openclaw` directory contains the OpenClaw gateway configuration (model routing, CORS settings, channel config). The current entrypoint reads the gateway auth token from OpenClaw config when present, exports it as `OPENCLAW_GATEWAY_TOKEN`, and writes it to `/tmp/nemoclaw-proxy-env.sh` so interactive sandbox sessions can reach the gateway through system-wide shell hooks. In root mode, the gateway process still runs as the separate `gateway` user, but the token is intentionally available to sandbox shells for local gateway access. @@ -180,7 +185,7 @@ In root mode, the gateway process still runs as the separate `gateway` user, but Writable agent state such as plugins, skills, hooks, and workspace metadata lives directly under `/sandbox/.openclaw`. By default, this directory starts writable so the agent can manage its own config, install skills, and write to standard home-directory paths natively. -For sensitive workloads, use a reviewed host-side immutability workflow after initial setup so config and high-risk state entry points cannot be changed by the sandbox user. +For sensitive workloads, use a reviewed host-side immutability workflow after initial setup so the sandbox user cannot change config and high-risk state entry points. The immutability workflow locks high-risk state directories (`skills`, `hooks`, `cron`, `agents`, `extensions`, `plugins`, `workspace`, `memory`, `devices`, `canvas`, `telegram`, `wechat`, `whatsapp`, `platforms`, `weixin`, `profiles`, `skins`) to `root:sandbox` with `chmod -R go-w`. The OpenClaw gateway (a member of the `sandbox` group) keeps read access to plugin and agent code; the sandbox user can no longer write them. The same workflow also locks the secret-bearing directories (`credentials`, `identity`, `pairing`) to `root:root 700` with `chmod -R go-rwX`. @@ -190,7 +195,7 @@ The list is the union of state directories declared by every shipped agent manif Two exemption kinds keep runtime data writable. The lock inventory omits top-level Hermes runtime dirs (`sessions/`, `memories/`, `logs/`, `cache/`, `plans/`) and the image-build-regenerated `openclaw-weixin/`; the lock helper never touches those paths. Inside a locked tree, the helper restores `agents//sessions/` to `sandbox:sandbox 2770` after the surrounding `agents/` lock so the OpenClaw TUI can create and write session metadata under an otherwise root-owned parent. -If any high-risk state-dir root is a symlink when the lock runs, it refuses to proceed and reports "Config not locked: state dir root is a symlink" rather than silently following the link with privileged `chown -R` / `chmod -R`. +If any high-risk state-dir root is a symlink when the lock runs, the lock helper refuses to proceed and reports "Config not locked: state dir root is a symlink" instead of following the link with privileged `chown -R` / `chmod -R`. - **DAC permissions (default).** The sandbox user owns `/sandbox/.openclaw` with mode `2770` (setgid `sandbox:sandbox`) and `openclaw.json` with mode `660`, so the agent and its group can read and write config directly. A reviewed host-side immutability workflow should compare the intended ownership and mode with the live sandbox filesystem before treating the config tree as locked. - **Config integrity hash.** The image includes a SHA256 hash of `openclaw.json`. In the default mutable state, `.config-hash` is sandbox-owned and is not a tamper-proof trust anchor, so startup does not fail closed on that hash. When the hash is root-owned and read-only, startup enforces it and refuses to start if the hash does not match. @@ -209,6 +214,25 @@ If any high-risk state-dir root is a symlink when the lock runs, it refuses to p | Risk of default | A writable `.openclaw` directory lets the agent modify its own gateway config: disabling CORS or redirecting inference to an attacker-controlled endpoint. | | Recommendation | For always-on assistants handling sensitive workloads, lock config after initial setup. For development workflows, the writable default is appropriate. | + + + +The `/sandbox/.hermes` directory contains Hermes runtime configuration, generated environment settings, logs, platform state, and durable database state. +NemoClaw writes `config.yaml` and `.env` during onboarding and rebuilds. +Direct edits to these files can be overwritten when NemoClaw regenerates the image. + +Hermes also stores runtime state such as `state.db`, logs, and platform sessions under the `.hermes` tree. +Messaging sessions such as WhatsApp pairing can remain mutable by design so they survive rebuilds. + +| Aspect | Detail | +|---|---| +| Default | The Hermes config tree contains NemoClaw-generated config plus mutable runtime state. | +| What you can change | Use host-side NemoClaw commands for durable model, provider, messaging, and policy changes; inspect files directly only for debugging. | +| Risk of direct edits | Direct edits to generated config can drift from the host registry and may be lost on rebuild. | +| Recommendation | For sensitive workloads, keep generated config under NemoClaw control and back up Hermes state before destructive operations. | + + + ### Writable Paths The agent has read-write access to `/sandbox`, `/tmp`, and `/dev/null`. @@ -244,20 +268,20 @@ When the entrypoint switches from root to the `sandbox` and `gateway` users, it The initial entrypoint drop removes `cap_sys_admin`, `cap_sys_ptrace`, `cap_net_raw`, `cap_dac_override`, `cap_sys_chroot`, `cap_fsetid`, `cap_setfcap`, `cap_mknod`, `cap_audit_write`, and `cap_net_bind_service`. During `setpriv` step-down, the child process also loses `cap_setuid`, `cap_setgid`, `cap_fowner`, `cap_chown`, and `cap_kill`. -This is best-effort: if `capsh` is not available or `CAP_SETPCAP` is not in the bounding set, the entrypoint logs a warning and continues with the default capability set. +This behavior is best effort: if `capsh` is not available or `CAP_SETPCAP` is not in the bounding set, the entrypoint logs a warning and continues with the default capability set. If `setpriv` is unavailable, the entrypoint falls back to `gosu` and logs a warning that the remaining bounding-set capabilities were retained for the child process. -For additional protection, pass `--cap-drop=ALL` with `docker run` or Compose (see Sandbox Hardening (use the `nemoclaw-user-deploy-remote` skill)). +For additional protection, pass `--cap-drop=ALL` with `docker run` or Compose (see Sandbox Hardening). | Aspect | Detail | |---|---| | Default | The entrypoint drops dangerous capabilities at startup using `capsh`, then uses `setpriv` during user step-down when possible. Best-effort. | -| What you can change | When launching with `docker run` directly, pass `--cap-drop=ALL --cap-add=NET_BIND_SERVICE` for stricter enforcement. In the standard NemoClaw flow (with `nemoclaw onboard`), the entrypoint handles capability dropping automatically. | +| What you can change | When launching with `docker run` directly, pass `--cap-drop=ALL --cap-add=NET_BIND_SERVICE` for stricter enforcement. In the standard NemoClaw onboarding flow, the entrypoint handles capability dropping automatically. | | Risk if relaxed | `CAP_SYS_ADMIN` and `CAP_SYS_PTRACE` expand kernel and process attack surface. `CAP_NET_RAW` allows raw socket access for network sniffing. `CAP_DAC_OVERRIDE` bypasses filesystem permission checks. If `capsh` or `setpriv` cannot run, the container retains more of the runtime-provided capability set. | | Recommendation | Run on an image that includes `capsh` and `setpriv` (the NemoClaw image includes them). For defense-in-depth, also pass `--cap-drop=ALL` at the container runtime level. | ### Gateway Process Isolation -The OpenClaw gateway runs as a separate `gateway` user, not as the `sandbox` user that runs the agent. +The in-sandbox gateway runs as a separate `gateway` user, not as the `sandbox` user that runs the agent. | Aspect | Detail | |---|---| @@ -281,7 +305,7 @@ The `no-new-privileges` flag prevents processes from gaining additional privileg A process limit caps the number of processes the sandbox user can spawn. The entrypoint sets both soft and hard limits using `ulimit -u 512`. -This is best-effort: if the container runtime restricts `ulimit` modification, the entrypoint logs a security warning and continues without the limit. +This behavior is best effort: if the container runtime restricts `ulimit` modification, the entrypoint logs a security warning and continues without the limit. | Aspect | Detail | |---|---| @@ -334,7 +358,7 @@ A registry compromise or accidental force-push cannot silently swap the sandbox | Default | `nemoclaw-blueprint/blueprint.yaml` pins the sandbox image by digest. A CI regression test blocks any mutable-tag reference from merging. | | What you can change | Contributors bumping the sandbox image must update the digest in `blueprint.yaml`. Release tooling should rewrite the digest automatically. | | Risk if relaxed | Reverting to a mutable tag (`:latest`) allows a registry-side change to replace the sandbox image without any blueprint update, which is a supply-chain risk. | -| Recommendation | Always reference the sandbox image by digest. If you build a custom image with `nemoclaw onboard --from`, the digest constraint does not apply to your local build. | +| Recommendation | Always reference the sandbox image by digest. If you build a custom image with the onboarding `--from` path, the digest constraint does not apply to your local build. | ### Auth Profile Permissions @@ -350,6 +374,8 @@ This prevents other users on the host from reading stored credentials. ## Gateway Authentication Controls + + The OpenClaw gateway authenticates devices that connect to the Control UI dashboard. NemoClaw hardens these defaults at image build time. @@ -397,6 +423,15 @@ The auto-pair watcher automatically approves device pairing requests from recogn | Risk if relaxed | Approving all device types without validation lets rogue or unexpected clients pair with the gateway unchallenged. | | Recommendation | No action needed. The entrypoint handles this automatically. If you see `[auto-pair] rejected unknown client=...` in the logs, investigate the source of the unexpected connection. | + + + +Hermes exposes an OpenAI-compatible API on the forwarded Hermes port and can optionally expose the native Hermes dashboard. +Do not publish those endpoints on shared or public networks unless you put them behind your own access controls. +NemoClaw still keeps provider credentials in OpenShell and routes model traffic through `inference.local`. + + + ### CLI Secret Redaction The CLI automatically redacts secret patterns (API keys, bearer tokens, provider credentials) from command output and error messages before logging them. @@ -406,10 +441,12 @@ The CLI automatically redacts secret patterns (API keys, bearer tokens, provider | Default | Enabled. The runner redacts secrets from stdout, stderr, and thrown error messages. | | What you can change | This is not a user-facing knob. The CLI enforces it on all command output paths. | | Risk if relaxed | Without redaction, secrets could appear in terminal scrollback, log files, or debug output shared in bug reports. | -| Recommendation | No action needed. If you share `nemoclaw debug` output, verify that no secrets appear in the collected diagnostics. | +| Recommendation | No action needed. If you share NemoClaw debug output, verify that no secrets appear in the collected diagnostics. | ### Memory Secret Scanner + + The NemoClaw plugin blocks the agent from writing likely secrets (API keys, tokens, private keys) into persistent memory files. The scanner intercepts Write, Edit, and similar tool calls targeting memory and workspace paths before they reach disk. @@ -421,6 +458,14 @@ The scanner intercepts Write, Edit, and similar tool calls targeting memory and | Risk if relaxed | Without scanning, the agent could persist API keys or tokens in memory files that survive across sessions and backups. | | Recommendation | No action needed. If a write is blocked, the agent receives an actionable error listing the detected patterns. | + + + +Hermes does not use the OpenClaw NemoClaw plugin memory scanner. +Keep secrets in environment variables or OpenShell providers, and avoid writing raw credentials to Hermes state files or workspace content. + + + ## Inference Controls OpenShell routes all inference traffic through the gateway to isolate provider credentials from the sandbox. @@ -435,7 +480,7 @@ The agent never receives the provider API key. | Default | The agent talks to `inference.local`. The host owns the credential and upstream endpoint. | | What you can change | You cannot configure this architecture. The system always enforces it. | | Risk if bypassed | If the agent could reach an inference endpoint directly (by adding it to the network policy), it would need an API key. Since the sandbox does not contain credentials, this acts as defense-in-depth. However, adding an inference provider's host to the network policy without going through OpenShell routing could let the agent use a stolen or hardcoded key. | -| Recommendation | Do not add inference provider hosts (such as `api.openai.com` or `api.anthropic.com`) to the network policy. Use OpenShell inference routing instead. | +| Recommendation | Do not add inference provider hosts (such as `api.openai.com` or `api.anthropic.com`) to the network policy for NemoClaw model traffic. Use OpenShell inference routing instead. The `claude-code` preset is a separate opt-in exception for running the Claude Code CLI with its own credentials, not a way to configure NemoClaw inference. | ### Provider Trust Tiers @@ -454,12 +499,14 @@ Different inference providers have different trust and cost profiles. ### Experimental Providers -The `NEMOCLAW_EXPERIMENTAL=1` environment variable gates local NVIDIA NIM and generic Linux managed vLLM install/start. DGX Spark and DGX Station managed vLLM entries are offered by default, and an already-running vLLM server on `localhost:8000` is offered in the menu without a flag, because selecting either is an explicit user action. +The `NEMOCLAW_EXPERIMENTAL=1` environment variable gates local NVIDIA NIM and generic Linux managed vLLM install/start. +DGX Spark and DGX Station managed vLLM entries appear by default. +An already-running vLLM server on `localhost:8000` also appears in the menu without a flag because selecting it is an explicit user action. | Aspect | Detail | |---|---| | Default | Local NVIDIA NIM and generic Linux managed vLLM install/start are hidden. DGX Spark and DGX Station managed vLLM entries, plus already-running vLLM on `localhost:8000`, are offered when detected. | -| What you can change | Set `NEMOCLAW_EXPERIMENTAL=1` before running `nemoclaw onboard` to surface Local NIM and generic Linux managed vLLM. To request only the managed vLLM path non-interactively, set `NEMOCLAW_PROVIDER=install-vllm`. | +| What you can change | Set `NEMOCLAW_EXPERIMENTAL=1` before onboarding to surface Local NIM and generic Linux managed vLLM. To request only the managed vLLM path non-interactively, set `NEMOCLAW_PROVIDER=install-vllm`. | | Risk if selected | NemoClaw has not fully validated these providers. NIM requires a NIM-capable GPU. The managed vLLM path pulls a container image and starts it on a supported NVIDIA GPU host. Misconfiguration can cause failed inference or unexpected behavior. | | Recommendation | Use experimental providers only for evaluation. Do not rely on them for always-on assistants. | @@ -505,16 +552,16 @@ The following patterns weaken security without providing meaningful benefit. | Omitting `protocol: rest` on REST API endpoints without a compatibility reason | Endpoints without a `protocol` field use L4-only enforcement. The proxy allows the TCP stream through after checking host, port, and binary, but cannot see or filter individual HTTP requests. | Add `protocol: rest` with explicit `rules` to enable per-request method and path control on REST APIs. Use L4 pass-through only for documented cases such as npm/Yarn on Node 22, where the client requires a CONNECT tunnel that L7 inspection would break. | | Adding endpoints to the baseline policy for one-off requests | Adding an endpoint to the baseline policy makes it permanently reachable across all sandbox instances. | Use operator approval. Approved endpoints persist within the sandbox instance but reset when you destroy and recreate the sandbox. | | Relying solely on the entrypoint for capability drops | The entrypoint drops dangerous capabilities using `capsh`, but this is best-effort. If `capsh` is unavailable or `CAP_SETPCAP` is not in the bounding set, the container runs with the default capability set. | Pass `--cap-drop=ALL` at the container runtime level as defense-in-depth. | -| Leaving `/sandbox/.openclaw` writable on sensitive workloads | This directory contains the OpenClaw gateway configuration. A writable `.openclaw` lets the agent disable CORS, redirect inference routing, or weaken gateway protections. | Lock config for always-on assistants handling sensitive data. | -| Adding inference provider hosts to the network policy | Direct network access to an inference host bypasses credential isolation and usage tracking. | Use OpenShell inference routing instead of adding hosts like `api.openai.com` or `api.anthropic.com` to the network policy. | +| Leaving generated agent config writable on sensitive workloads | The generated config tree contains model routing, channel settings, and runtime integration state (`/sandbox/.openclaw` for OpenClaw, `/sandbox/.hermes` for Hermes). Writable config lets the agent drift from host-managed policy and routing. | Keep generated config under NemoClaw control for always-on assistants handling sensitive data. | +| Adding inference provider hosts to the network policy for NemoClaw inference | Direct network access to an inference host bypasses credential isolation and usage tracking. | Use OpenShell inference routing instead of adding hosts like `api.openai.com` or `api.anthropic.com` to the network policy. Apply `claude-code` only when intentionally running the separate Claude Code CLI inside the sandbox. | | Disabling device auth for remote deployments | Without device auth, any device on the network can connect to the gateway without pairing. Combined with a cloudflared tunnel, this makes the dashboard publicly accessible and unauthenticated. | Keep `NEMOCLAW_DISABLE_DEVICE_AUTH` at its default (`0`). Only set it to `1` for local headless or development environments. | ## Known Limitations | Limitation | Impact | Mitigation | |-----------|--------|------------| -| `openclaw agent --local` bypasses gateway | Secret scanning, network policy, and inference auth are not enforced when the agent runs in local mode. | A runtime warning is emitted when `--local` is detected. Avoid `--local` for production workflows. A future OpenClaw-level hook will close this gap. | -| Direct filesystem writes bypass secret scanner | The scanner intercepts OpenClaw tool calls, not raw filesystem writes (e.g., `echo secret > file`). | Landlock restricts writable paths. The scanner is application-layer defense-in-depth, not a filesystem-level control. | +| Bypassing managed gateway paths | Network policy and inference auth are not enforced when an agent runtime is launched outside the NemoClaw-managed gateway path. | Use NemoClaw-managed sandbox entrypoints for production workflows. | +| Direct filesystem writes bypass application-layer scanners | Application-layer scanners can intercept agent tool calls, not arbitrary raw filesystem writes (e.g., `echo secret > file`). | Landlock restricts writable paths. Application-layer scanning is defense-in-depth, not a filesystem-level control. | | Base64/hex-encoded secrets are not detected | Content-based regex scanning cannot detect encoded or obfuscated secrets. | Use environment variables or credential stores instead of writing secrets to files. | ## Related Topics @@ -522,6 +569,6 @@ The following patterns weaken security without providing meaningful benefit. - Network Policies (use the `nemoclaw-user-reference` skill) for the full baseline policy reference. - Customize the Network Policy (use the `nemoclaw-user-manage-policy` skill) for static and dynamic policy changes. - Approve or Deny Network Requests (use the `nemoclaw-user-manage-policy` skill) for the operator approval flow. -- Sandbox Hardening (use the `nemoclaw-user-deploy-remote` skill) for container-level security measures. +- Sandbox Hardening for container-level security measures. - Inference Options (use the `nemoclaw-user-configure-inference` skill) for provider configuration details. - How It Works (use the `nemoclaw-user-overview` skill) for the protection layer architecture. diff --git a/.agents/skills/nemoclaw-user-configure-security/references/credential-storage.md b/.agents/skills/nemoclaw-user-configure-security/references/credential-storage.md index b40b676a20..b80719272a 100644 --- a/.agents/skills/nemoclaw-user-configure-security/references/credential-storage.md +++ b/.agents/skills/nemoclaw-user-configure-security/references/credential-storage.md @@ -2,30 +2,50 @@ # Credential Storage +import { AgentOnly } from "../_components/AgentGuide"; + NemoClaw does not persist provider credentials to host disk. The OpenShell gateway is the only system of record for stored credentials. -When you provide a provider credential — interactively during `nemoclaw onboard` or via an environment variable — NemoClaw holds the value in memory only long enough to register it with the OpenShell gateway through `openshell provider create` or `openshell provider update`. + +When you provide a provider credential, either interactively during `nemoclaw onboard` or through an environment variable, NemoClaw holds the value in memory only long enough to register it with the OpenShell gateway through `openshell provider create` or `openshell provider update`. + + +When you provide a provider credential, either interactively during `nemohermes onboard` or through an environment variable, NemoClaw holds the value in memory only long enough to register it with the OpenShell gateway through `openshell provider create` or `openshell provider update`. + The gateway stores the credential and the OpenShell L7 proxy substitutes it into outbound requests at egress, so sandboxed agents see placeholders instead of the raw secret. + The sandbox-side OpenClaw gateway token is generated at container startup and is not rotated through provider credential commands. + + +Hermes API credentials and provider credentials are managed through the same OpenShell provider boundary; generated Hermes runtime files are recreated during rebuilds. + ## Where Credentials Live Provider credentials live in the OpenShell gateway store. List what is registered with: -```console -$ openshell provider list +```bash +openshell provider list ``` Or, equivalently, through NemoClaw: -```console -$ nemoclaw credentials list + +```bash +nemoclaw credentials list +``` + + +```bash +nemohermes credentials list ``` + -Both surface the provider names that the gateway holds credentials for. The values themselves cannot be read back from the CLI; this is a deliberate property of OpenShell. +Both commands show the provider names registered with the gateway. +The values themselves cannot be read back from the CLI; this is a deliberate property of OpenShell. NemoClaw still keeps non-secret operational state under `~/.nemoclaw/` (such as the sandbox registry). That directory is created with mode `0700` and contains no credential material. @@ -35,17 +55,28 @@ That directory is created with mode `0700` and contains no credential material. When a NemoClaw command needs a credential value during a single run (for example to forward it to an `openshell provider` registration), it reads from `process.env` first. This means you can: + + - Prefix any command with the credential to override the gateway-stored value: `NVIDIA_API_KEY=nvapi-... nemoclaw onboard` - Use short-lived or rotated credentials in CI by exporting them once per pipeline run - Avoid registering credentials in the gateway entirely if your environment supplies them + + + +- Prefix any command with the credential to override the gateway-stored value: `NVIDIA_API_KEY=nvapi-... nemohermes onboard` +- Use short-lived or rotated credentials in CI by exporting them once per pipeline run +- Avoid registering credentials in the gateway entirely if your environment supplies them + + + ## Deploy Reads from Environment Only `nemoclaw deploy` (which provisions a remote Brev box) cannot read secrets back from the gateway, so it requires every credential to be present in the host environment at invocation time. A typical deploy invocation looks like: -```console -$ NVIDIA_API_KEY=nvapi-... \ +```bash +NVIDIA_API_KEY=nvapi-... \ HF_TOKEN=hf_... \ TELEGRAM_BOT_TOKEN=... \ nemoclaw deploy my-instance @@ -61,7 +92,8 @@ When a private repo requires authentication NemoClaw runs `gh auth token`, which The GitHub CLI prefers an OS keychain when one is reachable: macOS Keychain on macOS, Windows Credential Manager on Windows, and Linux Secret Service (libsecret + a running D-Bus session) on Linux. On hosts where no keychain is reachable (CI runners, headless launches, WSL without a session bus, macOS contexts where Keychain access is blocked, etc.) `gh auth login` falls back to a `gh`-managed file under `~/.config/gh/` with mode `0600`. -NemoClaw treats both backends identically: `gh auth token` returns the value, and NemoClaw stages it in `process.env` for the current run only. +NemoClaw treats both backends identically. +`gh auth token` returns the value, and NemoClaw stages it in `process.env` for the current run only. If `gh` is not installed or not logged in, NemoClaw prompts for a personal access token for that single run; the prompted value is held in process memory and is not written to host disk. Run `gh auth login` if you want a persistent backing store (whichever one applies on your host) so future runs do not prompt. @@ -69,7 +101,12 @@ Run `gh auth login` if you want a persistent backing store (whichever one applie ## Migration From Earlier Releases Earlier NemoClaw releases stored credentials as plaintext JSON in `~/.nemoclaw/credentials.json` with mode `0600`. + On first `nemoclaw onboard` after upgrading, NemoClaw automatically: + + +On first `nemohermes onboard` after upgrading, NemoClaw automatically: + 1. Reads the legacy file. 2. Stages allowlisted credential values into `process.env` for the rest of the run. @@ -78,23 +115,47 @@ On first `nemoclaw onboard` after upgrading, NemoClaw automatically: You will see a one-line stderr notice the first time this happens. Credential lookup paths such as rebuild also stage allowlisted legacy values so interrupted upgrades can keep working, but those staging-only paths do not delete the plaintext file because they cannot prove every legacy value was registered with the gateway. + If `~/.nemoclaw/credentials.json` remains after a rebuild or other credential lookup, run `nemoclaw onboard` to complete the verified gateway migration and cleanup. + + +If `~/.nemoclaw/credentials.json` remains after a rebuild or other credential lookup, run `nemohermes onboard` to complete the verified gateway migration and cleanup. + ## Rotate or Remove a Stored Credential The simplest way to replace a stored value is to rerun onboarding with the new value in your environment: -```console -$ NVIDIA_API_KEY=nvapi-new-value nemoclaw onboard + +```bash +NVIDIA_API_KEY=nvapi-new-value nemoclaw onboard ``` + + +```bash +NVIDIA_API_KEY=nvapi-new-value nemohermes onboard +``` + To remove a credential from the gateway entirely: -```console -$ nemoclaw credentials reset + +```bash +nemoclaw credentials reset +``` + + +```bash +nemohermes credentials reset ``` + + `` is the OpenShell provider name (run `nemoclaw credentials list` first if you are not sure). + + +`` is the OpenShell provider name (run `nemohermes credentials list` first if you are not sure). + On the next run NemoClaw prompts again unless the credential is supplied through the environment. ## Security Recommendations diff --git a/.agents/skills/nemoclaw-user-configure-security/references/openclaw-controls.md b/.agents/skills/nemoclaw-user-configure-security/references/openclaw-controls.md index 2ced0c76de..6d3696be69 100644 --- a/.agents/skills/nemoclaw-user-configure-security/references/openclaw-controls.md +++ b/.agents/skills/nemoclaw-user-configure-security/references/openclaw-controls.md @@ -7,7 +7,7 @@ It delegates all application-layer security to OpenClaw. This page documents areas where NemoClaw adds no independent protection beyond what OpenClaw already provides. The details below reflect the OpenClaw documentation at the time of writing. -Consult the [OpenClaw Security docs](https://docs.openclaw.ai/gateway/security/index) for the current state. +Consult the [OpenClaw Security docs](https://docs.openclaw.ai/gateway/security) for the current state. ## Prompt Injection Detection and Prevention @@ -58,7 +58,7 @@ OpenClaw blocks environment variables that could enable code injection, privileg ## Security Audit Framework -OpenClaw runs automated security checks (50+ distinct check types) that cover configuration, credential handling, and sandbox posture. +OpenClaw runs more than 50 distinct automated security checks that cover configuration, credential handling, and sandbox posture. Run `openclaw security audit` to see all findings for your deployment. These checks include: @@ -94,7 +94,7 @@ OpenClaw controls who can interact with the agent through direct messages and gr | Control | Detail | |---|---| -| DM policy modes | 4 modes: open, disabled, pairing, allowlist | +| DM policy modes | Four modes: open, disabled, pairing, allowlist | | Group policies | Per-group access rules | | Per-sender authorization | Individual sender gating | | Command authorization | Command-level access control | @@ -112,7 +112,7 @@ OpenClaw restricts what supplemental context the agent can see and how it can mo ## Safe Regex (ReDoS Prevention) -OpenClaw includes safe regex compilation to prevent Regular Expression Denial of Service (ReDoS) attacks. +OpenClaw includes safe regex compilation to prevent regular expression denial of service (ReDoS) attacks. The implementation detects unsafe nested quantifiers, bounds input length, and caches results. ## Next Steps diff --git a/.agents/skills/nemoclaw-user-deploy-remote/SKILL.md b/.agents/skills/nemoclaw-user-deploy-remote/SKILL.md index d2ac40e834..73395a6e63 100644 --- a/.agents/skills/nemoclaw-user-deploy-remote/SKILL.md +++ b/.agents/skills/nemoclaw-user-deploy-remote/SKILL.md @@ -12,7 +12,7 @@ license: "Apache-2.0" ## Gotchas - The `nemoclaw deploy` command is deprecated. -- On Brev, set `CHAT_UI_URL` in the launchable environment configuration so it is available when the installer builds the sandbox image. +- On Brev, set `CHAT_UI_URL` in the launchable environment configuration so the installer can read it when it builds the sandbox image. ## Prerequisites @@ -24,20 +24,6 @@ license: "Apache-2.0" Run NemoClaw on a remote GPU instance through [Brev](https://brev.nvidia.com). The preferred path is to provision the VM, run the standard NemoClaw installer on that host, and then run `nemoclaw onboard`. -## Quick Start - -If your Brev instance is already up and has already been onboarded with a sandbox, start with the standard sandbox chat flow: - -```console -$ nemoclaw my-assistant connect -$ openclaw tui -``` - -This gets you into the sandbox shell first and opens the OpenClaw chat UI right away. -If the VM is fresh, run the standard installer on that host and then run `nemoclaw onboard` before trying `nemoclaw my-assistant connect`. - -If you are connecting from your local machine and still need to provision the remote VM, you can still use `nemoclaw deploy ` as the legacy compatibility path described below. - ## Deploy the Instance **Warning:** @@ -47,8 +33,8 @@ Prefer provisioning the remote host separately, then running the standard NemoCl Create a Brev instance and run the legacy compatibility flow: -```console -$ nemoclaw deploy +```bash +nemoclaw deploy ``` Replace `` with a name for your remote instance, for example `my-gpu-box`. @@ -61,7 +47,7 @@ The legacy compatibility flow performs the following steps on the VM: 1. Installs Docker and the NVIDIA Container Toolkit if a GPU is present. 2. Installs the OpenShell CLI. 3. Runs `nemoclaw onboard` (the setup wizard) to create the gateway, register providers, and launch the sandbox. -4. Starts optional host auxiliary services (for example the cloudflared tunnel) when `cloudflared` is available. Channel messaging is configured during onboarding and runs through OpenShell-managed processes, not through `nemoclaw tunnel start`. +4. Starts optional host auxiliary services, such as the cloudflared tunnel, when `cloudflared` is available. Onboarding configures channel messaging, and the channels run through OpenShell-managed processes, not through `nemoclaw tunnel start`. By default, the compatibility wrapper asks Brev to provision on `gcp`. Override this with `NEMOCLAW_BREV_PROVIDER` if you need a different Brev cloud provider. If you export `HF_TOKEN` or `HUGGING_FACE_HUB_TOKEN`, the wrapper forwards those values to the VM so remote setup can pull gated Hugging Face model repositories. @@ -71,47 +57,43 @@ If you export `HF_TOKEN` or `HUGGING_FACE_HUB_TOKEN`, the wrapper forwards those After deployment finishes, the deploy command opens an interactive shell inside the remote sandbox. To reconnect after closing the session, run the command again: -```console -$ nemoclaw deploy +```bash +nemoclaw deploy ``` ## Monitor the Remote Sandbox SSH to the instance and run the OpenShell TUI to monitor activity and approve network requests: -```console -$ ssh 'cd ~/nemoclaw && set -a && . .env && set +a && openshell term' +```bash +ssh 'cd ~/nemoclaw && set -a && . .env && set +a && openshell term' ``` ## Verify Inference Run a test agent prompt inside the remote sandbox: -```console -$ openclaw agent --agent main -m "Hello from the remote sandbox" --session-id test +```bash +openclaw agent --agent main -m "Hello from the remote sandbox" --session-id test ``` ## Remote Dashboard Access -The NemoClaw dashboard validates the browser origin against an allowlist baked -into the sandbox image at build time. By default the allowlist only contains -`http://127.0.0.1:18789`. When accessing the dashboard from a remote browser -(for example through a Brev public URL or an SSH port-forward), set -`CHAT_UI_URL` to the origin the browser will use **before** running setup: +The NemoClaw dashboard validates the browser origin against an allowlist baked into the sandbox image at build time. +By default, the allowlist only contains `http://127.0.0.1:18789`. +When you access the dashboard from a remote browser, for example through a Brev public URL or an SSH port-forward, set `CHAT_UI_URL` to the origin the browser uses before running setup: -```console -$ export CHAT_UI_URL="https://openclaw0-.brevlab.com" -$ nemoclaw deploy +```bash +export CHAT_UI_URL="https://openclaw0-.brevlab.com" +nemoclaw deploy ``` -For SSH port-forwarding, the origin is typically `http://127.0.0.1:18789` (the -default), so no extra configuration is needed. +For SSH port-forwarding, the origin is typically the default `http://127.0.0.1:18789`, so you do not need extra configuration. **Warning:** -On Brev, set `CHAT_UI_URL` in the launchable environment configuration so it is -available when the installer builds the sandbox image. If `CHAT_UI_URL` is not -set on a headless host, the compatibility wrapper prints a warning. +On Brev, set `CHAT_UI_URL` in the launchable environment configuration so the installer can read it when it builds the sandbox image. +If you do not set `CHAT_UI_URL` on a headless host, the compatibility wrapper prints a warning. `NEMOCLAW_DISABLE_DEVICE_AUTH` is also evaluated at image build time. When `CHAT_UI_URL` points at a non-loopback origin, NemoClaw disables OpenClaw device pairing in the generated sandbox configuration because browser-only remote users cannot complete terminal-based pairing. @@ -119,37 +101,37 @@ Any device that can reach the configured dashboard origin can connect without pa ## First-Run Readiness Budget -On a remote GPU host, the first `nemoclaw onboard` typically does the slowest work of the lifecycle: the sandbox image is built locally and uploaded into the OpenShell gateway, which can stream hundreds of MiB over the VM's link before the readiness wait even starts. -The post-create readiness wait defaults to 180 seconds (`NEMOCLAW_SANDBOX_READY_TIMEOUT`), which is sized for warm-cache, workstation-class onboarding and can be exceeded on: +On a remote GPU host, the first `nemoclaw onboard` typically does the slowest work of the lifecycle: the host builds the sandbox image locally and uploads it into the OpenShell gateway, which can stream hundreds of MiB over the VM's link before the readiness wait even starts. +The post-create readiness wait defaults to 180 seconds (`NEMOCLAW_SANDBOX_READY_TIMEOUT`), which fits warm-cache, workstation-class onboarding but can be too short for: -- DGX Station first runs with large quantised models (70B+ parameter footprints, NVFP4 weights). +- DGX Station first runs with large quantized models (70B+ parameter footprints, NVFP4 weights). - Cloud VMs where the local image-build cache is cold and the upload runs over the public network. - Hosts onboarding the Brave Web Search preset on the first run (the egress policy stack adds boot work). Raise the budget before re-running onboard: -```console -$ export NEMOCLAW_SANDBOX_READY_TIMEOUT=600 -$ nemoclaw onboard +```bash +export NEMOCLAW_SANDBOX_READY_TIMEOUT=600 +nemoclaw onboard ``` -If onboard ends with `Sandbox '' was created but did not become ready within 180s`, onboard deletes the partially-created sandbox first, so the next attempt with the raised budget starts from a clean state. -For the inference-probe budget that runs earlier in onboarding, see `NEMOCLAW_LOCAL_INFERENCE_TIMEOUT` (use the `nemoclaw-user-configure-inference` skill). +If onboard ends with `Sandbox '' was created but did not become ready within 180s`, onboard first deletes the partially created sandbox, so the next attempt with the raised budget starts from a clean state. +For the inference-probe budget that runs earlier in onboarding, refer to `NEMOCLAW_LOCAL_INFERENCE_TIMEOUT` (use the `nemoclaw-user-configure-inference` skill). ## Proxy Configuration NemoClaw routes sandbox traffic through a gateway proxy that defaults to `10.200.0.1:3128`. If your network requires a different proxy, set `NEMOCLAW_PROXY_HOST` and `NEMOCLAW_PROXY_PORT` before onboarding: -```console -$ export NEMOCLAW_PROXY_HOST=proxy.example.com -$ export NEMOCLAW_PROXY_PORT=8080 -$ nemoclaw onboard +```bash +export NEMOCLAW_PROXY_HOST=proxy.example.com +export NEMOCLAW_PROXY_PORT=8080 +nemoclaw onboard ``` -These values are baked into the sandbox image at build time. -They are also forwarded into the runtime container during sandbox creation, so `/tmp/nemoclaw-proxy-env.sh` uses the same host and port that the image build used. -Only alphanumeric characters, dots, hyphens, and colons are accepted for the host. +NemoClaw bakes these values into the sandbox image at build time. +NemoClaw also forwards them into the runtime container during sandbox creation, so `/tmp/nemoclaw-proxy-env.sh` uses the same host and port that the image build used. +NemoClaw accepts only alphanumeric characters, dots, hyphens, and colons for the host. The port must be numeric (0-65535). Changing the proxy after onboarding requires re-running `nemoclaw onboard`. @@ -159,9 +141,9 @@ The deploy script uses the `NEMOCLAW_GPU` environment variable to select the GPU The default value is `a2-highgpu-1g:nvidia-tesla-a100:1`. Set this variable before running `nemoclaw deploy` to use a different GPU configuration: -```console -$ export NEMOCLAW_GPU="a2-highgpu-1g:nvidia-tesla-a100:2" -$ nemoclaw deploy +```bash +export NEMOCLAW_GPU="a2-highgpu-1g:nvidia-tesla-a100:2" +nemoclaw deploy ``` ## References diff --git a/.agents/skills/nemoclaw-user-deploy-remote/references/brev-web-ui.md b/.agents/skills/nemoclaw-user-deploy-remote/references/brev-web-ui.md index 517e14b48d..29a603eb25 100644 --- a/.agents/skills/nemoclaw-user-deploy-remote/references/brev-web-ui.md +++ b/.agents/skills/nemoclaw-user-deploy-remote/references/brev-web-ui.md @@ -29,7 +29,8 @@ You do not need to install local software for this flow. ## Get Your NVIDIA API Key -If you already have an NVIDIA API key skip this section. Otherwise, follow these steps to generate a new key: +If you already have an NVIDIA API key, skip this section. +Otherwise, follow these steps to generate a new key: 1. Go to [build.nvidia.com](https://build.nvidia.com). 2. Sign in or create an account. @@ -48,7 +49,7 @@ Use the [NemoClaw Brev launchable](https://brev.nvidia.com/launchable/deploy/now 2. Review the instance type, cloud provider, and estimated hourly cost on the NemoClaw setup page. 3. Click **Deploy NemoClaw**. -The right-side deployment panel shows progress while Brev deploys the CPU instance and prepares VM mode. +The deployment panel on the right shows progress while Brev deploys the CPU instance and prepares VM mode. Keep this page open until the deployment completes. When the panel shows the **NemoClaw** button, click it to open the agent setup page. @@ -98,7 +99,8 @@ Click **Chat With Agent** to open the OpenClaw dashboard. The dashboard might initially show a **Pairing required** warning. This means the gateway is still completing pairing in the background. -Wait for about a few minutes for pairing to finish automatically. Refresh the dashboard to see if the warning is resolved and the connection is established. +Wait a few minutes for pairing to finish automatically. +Refresh the dashboard to check whether the warning has cleared and the dashboard has connected. If pairing does not finish, go to the **Overview** page in the OpenClaw UI, find the **Gateway Access** panel, and click **Connect**. ## Start a Chat @@ -110,7 +112,7 @@ Hello! What can you do for me? What skills do you have available? ``` The agent reads its workspace files and introduces itself. -The starter workspace includes example skills such as: +The starter workspace includes these example skills: - **Weather** gets current weather and forecasts. - **Healthcheck** runs security audit and hardening checks. diff --git a/.agents/skills/nemoclaw-user-deploy-remote/references/install-openclaw-plugins.md b/.agents/skills/nemoclaw-user-deploy-remote/references/install-openclaw-plugins.md index b4b2f5beb8..dcfd4e7886 100644 --- a/.agents/skills/nemoclaw-user-deploy-remote/references/install-openclaw-plugins.md +++ b/.agents/skills/nemoclaw-user-deploy-remote/references/install-openclaw-plugins.md @@ -2,21 +2,19 @@ # Install OpenClaw Plugins -OpenClaw plugins extend the OpenClaw runtime with hooks, services, tools, or -provider integrations. They are different from NemoClaw-managed agent skills: +OpenClaw plugins extend the OpenClaw runtime with hooks, services, tools, or provider integrations. +They are different from NemoClaw-managed agent skills: - **Plugins** are code packages loaded by OpenClaw. - **Skills** are `SKILL.md` directories that teach an agent how to perform a task. - **Policy presets** are network-egress rules that control what sandboxed code can reach. -Today, the supported NemoClaw path for OpenClaw plugins is to bake the plugin -into a custom sandbox image and onboard from that Dockerfile. +The supported NemoClaw path for OpenClaw plugins is to bake the plugin into a custom sandbox image and onboard from that Dockerfile. ## Prepare a Build Directory Put the Dockerfile and everything it needs to `COPY` in one directory. -`nemoclaw onboard --from ` uses the Dockerfile's parent directory as -the Docker build context. +`nemoclaw onboard --from ` uses the Dockerfile's parent directory as the Docker build context. ```text my-plugin-sandbox/ @@ -28,8 +26,7 @@ my-plugin-sandbox/ ## Example Dockerfile -Use the custom image to copy the plugin into the OpenClaw extensions directory -and let OpenClaw refresh its config before NemoClaw starts the sandbox. +Use the custom image to copy the plugin into the OpenClaw extensions directory and let OpenClaw refresh its config before NemoClaw starts the sandbox. ```dockerfile ARG SANDBOX_BASE=ghcr.io/nvidia/nemoclaw/sandbox-base:latest @@ -46,48 +43,37 @@ RUN mkdir -p /sandbox/.openclaw/extensions \ WORKDIR /opt/nemoclaw ``` -If the plugin needs configuration in `openclaw.json`, apply it after -`openclaw doctor --fix` so the base config exists first. +If the plugin needs configuration in `openclaw.json`, apply it after `openclaw doctor --fix` so the base config exists first. ## Create the Sandbox Point `nemoclaw onboard --from` at the Dockerfile in the build directory. -```console -$ nemoclaw onboard --from ./my-plugin-sandbox/Dockerfile +```bash +nemoclaw onboard --from ./my-plugin-sandbox/Dockerfile ``` -If you need a second sandbox alongside an existing one, use a dedicated build -directory and rerun onboarding with the sandbox name and ports you intend to -use. +If you need a second sandbox alongside an existing one, use a dedicated build directory and rerun onboarding with the sandbox name and ports you intend to use. ## Network Access -Plugins still run inside the sandbox policy boundary. If a plugin needs network -egress, add or update a policy preset for the required hostnames and binaries -before rebuilding the sandbox. +Plugins still run inside the sandbox policy boundary. +If a plugin needs network egress, add or update a policy preset for the required hostnames and binaries before rebuilding the sandbox. -For example, see Network Policies (use the `nemoclaw-user-reference` skill) for -policy concepts and Customize Network Policy (use the `nemoclaw-user-manage-policy` skill) -for custom preset workflows. +For policy concepts, refer to Network Policies (use the `nemoclaw-user-reference` skill). +For custom preset workflows, refer to Customize Network Policy (use the `nemoclaw-user-manage-policy` skill). ## Common Mistakes -These are the most common places where plugin installation gets mixed up with -other NemoClaw extension paths. +These are the most common places where plugin installation gets mixed up with other NemoClaw extension paths. -- Do not use `nemoclaw skill install` for OpenClaw plugins. That - command only installs `SKILL.md` agent skills. -- Do not put a Dockerfile in a broad directory such as `/tmp` unless you intend - to send that whole directory as the Docker build context. +- Do not use `nemoclaw skill install` for OpenClaw plugins. That command only installs `SKILL.md` agent skills. +- Do not put a Dockerfile in a broad directory such as `/tmp` unless you intend to send that whole directory as the Docker build context. - Keep plugin dependencies in the build stage or plugin directory; avoid copying unrelated host files into the sandbox image. ## Next Steps -- Review [Sandbox Hardening](sandbox-hardening.md) before adding plugin code to a - shared or long-lived sandbox. -- Review Network Policies (use the `nemoclaw-user-reference` skill) to plan plugin - egress rules. -- Follow Customize Network Policy (use the `nemoclaw-user-manage-policy` skill) - if the plugin needs a custom preset. +- Review [Sandbox Hardening](sandbox-hardening.md) before adding plugin code to a shared or long-lived sandbox. +- Review Network Policies (use the `nemoclaw-user-reference` skill) to plan plugin egress rules. +- Follow Customize Network Policy (use the `nemoclaw-user-manage-policy` skill) if the plugin needs a custom preset. diff --git a/.agents/skills/nemoclaw-user-deploy-remote/references/sandbox-hardening.md b/.agents/skills/nemoclaw-user-deploy-remote/references/sandbox-hardening.md index 79d2032ce7..9ac5393022 100644 --- a/.agents/skills/nemoclaw-user-deploy-remote/references/sandbox-hardening.md +++ b/.agents/skills/nemoclaw-user-deploy-remote/references/sandbox-hardening.md @@ -2,49 +2,41 @@ # Sandbox Image Hardening -The NemoClaw sandbox image applies several security measures to reduce attack -surface and limit the blast radius of untrusted workloads. +The NemoClaw sandbox image applies several security measures to reduce attack surface and limit the blast radius of untrusted workloads. ## Removed Unnecessary Tools -Build toolchains (`gcc`, `g++`, `make`) and network probes (`netcat`) are -explicitly purged from the runtime image. These tools are not needed at runtime -and would unnecessarily widen the attack surface. +NemoClaw explicitly purges build toolchains (`gcc`, `g++`, `make`) and network probes (`netcat`) from the runtime image. +These tools are not needed at runtime and would unnecessarily widen the attack surface. -The runtime image keeps a small set of operational utilities for normal sandbox -workflows, including `vi`, `jq`, and `dos2unix`. Use these for lightweight -inspection and file cleanup inside the sandbox, but make durable image or policy -changes in the NemoClaw source tree and rebuild the sandbox. +The runtime image keeps a small set of operational utilities for normal sandbox workflows, including `vi`, `jq`, and `dos2unix`. +Use these utilities for lightweight inspection and file cleanup inside the sandbox, but make durable image or policy changes in the NemoClaw source tree and rebuild the sandbox. -If you need a compiler during build, use the existing multi-stage build -(the `builder` stage has full Node.js tooling) and copy only artifacts into the -runtime stage. +If you need a compiler during build, use the existing multi-stage build. +The `builder` stage has full Node.js tooling. +Copy only artifacts into the runtime stage. ## Process Limits -The container ENTRYPOINT sets `ulimit -u 512` to cap the number of processes -a sandbox user can spawn. This mitigates fork-bomb attacks. The startup script -(`nemoclaw-start.sh`) applies the same limit. +The container ENTRYPOINT sets `ulimit -u 512` to cap the number of processes a sandbox user can spawn. +This mitigates fork-bomb attacks. +The startup script (`nemoclaw-start.sh`) applies the same limit. -Adjust the value via the `--ulimit nproc=512:512` flag if launching with -`docker run` directly. +Adjust the value with the `--ulimit nproc=512:512` flag if you launch with `docker run` directly. ## Dropping Linux Capabilities -The NemoClaw entrypoint drops dangerous capabilities from the process bounding -set before it starts agent services. +The NemoClaw entrypoint drops dangerous capabilities from the process bounding set before it starts agent services. It removes `CAP_SYS_ADMIN`, `CAP_SYS_PTRACE`, `CAP_NET_RAW`, `CAP_DAC_OVERRIDE`, `CAP_SYS_CHROOT`, `CAP_FSETID`, `CAP_SETFCAP`, `CAP_MKNOD`, `CAP_AUDIT_WRITE`, and `CAP_NET_BIND_SERVICE`. -When `setpriv` is available, the entrypoint also removes the remaining -privilege-separation capabilities during the switch from root to the -`sandbox` and `gateway` users. +When `setpriv` is available, the entrypoint also removes the remaining privilege-separation capabilities during the switch from root to the `sandbox` and `gateway` users. For defense-in-depth, also drop all Linux capabilities at the container runtime when you launch the image directly: -```console -$ docker run --rm \ +```bash +docker run --rm \ --cap-drop=ALL \ --ulimit nproc=512:512 \ nemoclaw-sandbox @@ -83,7 +75,7 @@ The agent's home directory (`/sandbox`) is writable by default: | Path | Access | Purpose | |------|--------|---------| -| `/sandbox` | read-write | Home directory — agents can create files and use standard home paths | +| `/sandbox` | read-write | Home directory where agents can create files and use standard home paths | | `/sandbox/.openclaw` | read-write | Agent config, state, workspace, plugins | | `/sandbox/.nemoclaw` | read-write (Landlock); DAC-restricted | Parent directory is `root:root` mode `1755`; the sandbox user can write only to `state/`, `migration/`, `snapshots/`, `staging/`, and `config.json`. `blueprints/` and the parent itself are root-owned to prevent tampering. | | `/tmp` | read-write | Temporary files and logs | @@ -103,7 +95,7 @@ System paths remain read-only to prevent agents from: - Tampering with libraries or shell configuration outside `/sandbox` The image build pre-creates locked shell init files `.bashrc` and `.profile` without proxy entries. -Runtime proxy configuration is sourced from system-wide shell hooks that read `/tmp/nemoclaw-proxy-env.sh`. +System-wide shell hooks that read `/tmp/nemoclaw-proxy-env.sh` source the runtime proxy configuration. ### Landlock Kernel Requirements @@ -115,8 +107,8 @@ Files outside the writable paths would be inaccessible to the agent regardless o Operators should verify Landlock availability: -```console -$ ls /sys/kernel/security/landlock +```bash +ls /sys/kernel/security/landlock ``` For production deployments, kernel 5.13+ with Landlock enabled is strongly recommended. diff --git a/.agents/skills/nemoclaw-user-get-started/SKILL.md b/.agents/skills/nemoclaw-user-get-started/SKILL.md index abe6798008..8f77e8387a 100644 --- a/.agents/skills/nemoclaw-user-get-started/SKILL.md +++ b/.agents/skills/nemoclaw-user-get-started/SKILL.md @@ -13,7 +13,7 @@ Follow these steps to get started with NemoClaw and your first sandboxed OpenCla **Note:** -Make sure you have completed reviewing the [Prerequisites](references/prerequisites.md) before following this guide. +Review the [Prerequisites](references/prerequisites.md) before following this guide. **Use Agent Skills:** @@ -21,7 +21,7 @@ NemoClaw ships user skills for AI coding assistants. Load them when you want your assistant to walk through installation, inference choices, policy approvals, monitoring, or troubleshooting with NemoClaw-specific guidance. Refer to Agent Skills (use the `nemoclaw-user-agent-skills` skill). -## Install NemoClaw and Onboard OpenClaw Agent +## Install NemoClaw and Onboard an OpenClaw Agent Download and run the installer script. The script installs Node.js if it is not already present, then runs the guided onboard wizard to create a sandbox, configure inference, and apply security policies. @@ -34,7 +34,7 @@ NemoClaw creates a fresh OpenClaw instance inside the sandbox during the onboard curl -fsSL https://www.nvidia.com/nemoclaw.sh | bash ``` -The third-party software notice runs before Node.js or the NemoClaw CLI is installed. +The third-party software notice runs before the installer installs Node.js or the NemoClaw CLI. The piped installer can prompt through your terminal when a TTY is available. In non-TTY contexts, such as CI, an SSH command with piped stdin, or a shell script, pass explicit acceptance to the `bash` side of the pipe: @@ -42,7 +42,7 @@ In non-TTY contexts, such as CI, an SSH command with piped stdin, or a shell scr curl -fsSL https://www.nvidia.com/nemoclaw.sh | NEMOCLAW_ACCEPT_THIRD_PARTY_SOFTWARE=1 bash ``` -or pass the installer flag through `bash -s`: +Or pass the installer flag through `bash -s`: ```bash curl -fsSL https://www.nvidia.com/nemoclaw.sh | bash -s -- --yes-i-accept-third-party-software @@ -62,13 +62,13 @@ If `nemoclaw` is not found after install, run `source ~/.bashrc` (or `source ~/. On Linux, the installer checks Docker before it installs NemoClaw. If Docker is missing, the installer downloads the official Docker convenience script, asks for `sudo`, installs Docker, and starts the Docker service when systemd is available. -If Docker is installed but your current shell cannot use the Docker socket yet, the installer adds your user to the `docker` group when needed and exits with a recovery command. +If you installed Docker but your current shell cannot use the Docker socket yet, the installer adds your user to the `docker` group when needed and exits with a recovery command. On macOS, the installer uses the Docker-driver OpenShell gateway path with Docker Desktop or Colima. -```console -$ newgrp docker -$ curl -fsSL https://www.nvidia.com/nemoclaw.sh | bash +```bash +newgrp docker +curl -fsSL https://www.nvidia.com/nemoclaw.sh | bash ``` On DGX Spark, DGX Station, and Windows WSL, an interactive installer offers express install after you accept the third-party software notice. @@ -78,7 +78,7 @@ On DGX Spark, express install uses `my-spark-assistant` as the sandbox name unle On WSL, express install selects the Windows-host Ollama setup path. Set `NEMOCLAW_NO_EXPRESS=1` to skip the express prompt, or set `NEMOCLAW_PROVIDER` before launching the installer when you want to choose a provider yourself. -The installer auto-launches `nemoclaw onboard` when it can locate the freshly-installed binary. +The installer auto-launches `nemoclaw onboard` when it can locate the freshly installed binary. If it cannot locate the binary, or if blocking host preflight checks fail, it does not launch the wizard automatically. In that case, the installer prints the relevant diagnostics and a `To finish setup, run:` block with the explicit `nemoclaw onboard` command. @@ -113,7 +113,7 @@ The inference provider prompt presents a numbered list. Pick the option that matches where you want inference traffic to go, then expand the matching helper below for the follow-up prompts and the API key environment variable to set. For the full list of providers and validation behavior, refer to Inference Options (use the `nemoclaw-user-configure-inference` skill). Local Ollama appears when NemoClaw detects a usable local Ollama path or can offer an install or start action for your platform. -The Model Router option appears when the blueprint router profile is enabled. +A configured blueprint router profile makes the Model Router option appear. **Tip:** @@ -214,13 +214,14 @@ Respond to the wizard as follows. Routes inference to a local Ollama instance. Depending on your platform, the wizard can use an existing daemon, start an installed daemon, or offer an install action. -No API key is required. On non-WSL hosts, NemoClaw generates a token and starts an authenticated proxy so containers can reach Ollama without exposing the daemon directly to your network. +Local Ollama does not require an API key. +On non-WSL hosts, NemoClaw generates a token and starts an authenticated proxy so containers can reach Ollama without exposing the daemon directly to your network. On WSL, NemoClaw can also use Ollama on the Windows host through `host.docker.internal`. Respond to the wizard as follows. 1. At the `Choose [1]:` prompt, type `7` to select **Local Ollama**. -2. At the `Choose model [1]:` prompt, pick from **Ollama models** if any are already installed. If none are installed, pick a **starter model** to pull and load now, or pick **Other...** to enter any Ollama model ID. +2. At the `Choose model [1]:` prompt, pick from **Ollama models** if you already installed any. If no local models exist, pick a **starter model** to pull and load now, or pick **Other...** to enter any Ollama model ID. For setup details, including GPU recommendations and starter model choices, refer to Use a Local Inference Server (use the `nemoclaw-user-configure-inference` skill). @@ -239,8 +240,8 @@ Respond to the wizard as follows. For scripted setup, set: -```console -$ NEMOCLAW_PROVIDER=routed NVIDIA_API_KEY= nemoclaw onboard --non-interactive +```bash +NEMOCLAW_PROVIDER=routed NVIDIA_API_KEY= nemoclaw onboard --non-interactive ``` The router listens on the host at port `4000`. @@ -249,7 +250,7 @@ The sandbox still calls `https://inference.local/v1`, so do not point in-sandbox **Local NIM and Local vLLM:** - **Local NVIDIA NIM** appears when `NEMOCLAW_EXPERIMENTAL=1` is set and the host has a NIM-capable GPU. NemoClaw pulls and manages a NIM container. -- **Local vLLM (already running)** appears whenever NemoClaw detects a vLLM server on `localhost:8000`. No flag is required for the menu entry. NemoClaw auto-detects the loaded model. +- **Local vLLM (already running)** appears whenever NemoClaw detects a vLLM server on `localhost:8000`. You do not need a flag for the menu entry. NemoClaw auto-detects the loaded model. - **Local vLLM (managed install/start)** appears by default on DGX Spark and DGX Station. Generic Linux NVIDIA GPU hosts require `NEMOCLAW_EXPERIMENTAL=1` or `NEMOCLAW_PROVIDER=install-vllm`. NemoClaw pulls and starts a vLLM container on supported hosts. For setup, refer to Use a Local Inference Server (use the `nemoclaw-user-configure-inference` skill). @@ -276,7 +277,7 @@ For example, if you picked an OpenAI-compatible endpoint, the summary looks like Apply this configuration? [Y/n]: ``` -The default is `Y`, so you can press Enter once to continue. Answer `n` to abort cleanly, fix the entries, and re-run `nemoclaw onboard`. +The default is `Y`, so you can press Enter one time to continue. Answer `n` to abort cleanly, fix the entries, and re-run `nemoclaw onboard`. Non-interactive runs (`NEMOCLAW_NON_INTERACTIVE=1`) print the summary for log clarity but skip the prompt. @@ -306,7 +307,7 @@ Press `r` to toggle a selected preset between read-only and read-write when the When the install completes, a summary confirms the running environment. Before printing the summary, NemoClaw verifies that the sandbox gateway and dashboard port forward are reachable. -Inference route and messaging bridge checks are reported as warnings when they need more time or additional configuration. +NemoClaw reports inference route and messaging bridge checks as warnings when they need more time or additional configuration. The `Model` and provider line reflects the inference option you picked during onboarding. The example below shows the result if you picked an OpenAI-compatible endpoint during onboarding. @@ -352,7 +353,7 @@ You can chat with the agent from the terminal or the browser. The onboard wizard starts a background port forward to the sandbox dashboard, then prints the dashboard URL in the install summary. The default host port is `18789`. If that port is already taken, NemoClaw uses the next free dashboard port, such as `18790`, and prints that port in the final URL. -If the chosen port becomes occupied after the sandbox build starts, onboarding rolls back the newly-created sandbox and asks you to retry instead of printing an unreachable dashboard URL. +If the chosen port becomes occupied after the sandbox build starts, onboarding rolls back the newly created sandbox and asks you to retry instead of printing an unreachable dashboard URL. The install transcript does not print the gateway token. If the browser requires authentication, use the `dashboard-url --quiet` command to print a complete URL explicitly. diff --git a/.agents/skills/nemoclaw-user-get-started/references/prerequisites.md b/.agents/skills/nemoclaw-user-get-started/references/prerequisites.md index 525945dfaa..102e7f5764 100644 --- a/.agents/skills/nemoclaw-user-get-started/references/prerequisites.md +++ b/.agents/skills/nemoclaw-user-get-started/references/prerequisites.md @@ -2,7 +2,7 @@ # Prerequisites -Before getting started, check the prerequisites to ensure you have the necessary software and hardware to run NemoClaw. +Before you start, verify that your machine has the software and hardware needed to run NemoClaw. ## Hardware @@ -12,7 +12,11 @@ Before getting started, check the prerequisites to ensure you have the necessary | RAM | 8 GB | 16 GB | | Disk | 20 GB free | 40 GB free | -The sandbox image is approximately 2.4 GB compressed. During image push, the Docker daemon, k3s, and the OpenShell gateway run alongside the export pipeline. The pipeline buffers decompressed layers in memory. On machines with less than 8 GB of RAM, this combined usage can trigger the OOM killer. If you cannot add memory, configuring at least 8 GB of swap can work around the issue at the cost of slower performance. +The sandbox image is approximately 2.4 GB compressed. +During image push, the Docker daemon, k3s, and the OpenShell gateway run alongside the export pipeline. +The pipeline buffers decompressed layers in memory. +On machines with less than 8 GB of RAM, this combined usage can trigger the OOM killer. +If you cannot add memory, configure at least 8 GB of swap to work around the issue at the cost of slower performance. ## Software @@ -27,7 +31,7 @@ On Linux, the installer can install Docker, start the Docker service, and add yo If the group change is not active in the current shell, the installer exits with `newgrp docker` guidance before it starts onboarding. If you choose the native Linux Ollama install path, the onboard wizard also requires `zstd` for Ollama archive extraction. -**Docker group access:** +**Docker Group Access:** NemoClaw needs Docker access. On personal Linux development machines, adding your user to the `docker` group is the standard way to run Docker without sudo. @@ -44,17 +48,17 @@ You do not need to install or sign a separate OpenShell VM driver helper for sta For NemoClaw-managed environments, use `nemoclaw onboard` when you need to create or recreate the OpenShell gateway or sandbox. Avoid `openshell self-update`, `npm update -g openshell`, `openshell gateway start --recreate`, or `openshell sandbox create` directly unless you intend to manage OpenShell separately and then rerun `nemoclaw onboard`. -**Docker storage driver:** +**Docker Storage Driver:** On Linux hosts running Docker 26 or later with the [containerd image store](https://docs.docker.com/engine/storage/containerd/) enabled (the install-time default for fresh `docker-ce` installations on Ubuntu 24.04 and similar distros), `nemoclaw onboard` transparently builds a `fuse-overlayfs`-enabled cluster image to bypass a kernel-level nested-overlay limitation in k3s. -No manual setup is required. -See the troubleshooting guide (use the `nemoclaw-user-reference` skill) for the override knobs and a manual `daemon.json` alternative. +You do not need manual setup. +Refer to the troubleshooting guide (use the `nemoclaw-user-reference` skill) for the override knobs and a manual `daemon.json` alternative. ## Platforms The following table lists tested platform and runtime combinations. Availability is not limited to these entries, but untested configurations can have issues. -The table is generated from [`ci/platform-matrix.json`](https://github.com/NVIDIA/NemoClaw/blob/main/ci/platform-matrix.json), the single source of truth kept in sync by CI and QA. +The table comes from [`ci/platform-matrix.json`](https://github.com/NVIDIA/NemoClaw/blob/main/ci/platform-matrix.json), the single source of truth kept in sync by CI and QA. | OS | Container runtime | Status | Notes | |----|-------------------|--------|-------| @@ -65,6 +69,6 @@ The table is generated from [`ci/platform-matrix.json`](https://github.com/NVIDI ## Next Steps -- [Prepare Windows for NemoClaw](windows-preparation.md) if you are using Windows. +- Prepare Windows for NemoClaw if you are using Windows. - [Quickstart](../SKILL.md) to install NemoClaw and launch your first sandbox. - Agent Skills (use the `nemoclaw-user-agent-skills` skill) to load NemoClaw guidance into an AI coding assistant before setup. diff --git a/.agents/skills/nemoclaw-user-get-started/references/quickstart-hermes.md b/.agents/skills/nemoclaw-user-get-started/references/quickstart-hermes.md index 361ddc502b..9642476615 100644 --- a/.agents/skills/nemoclaw-user-get-started/references/quickstart-hermes.md +++ b/.agents/skills/nemoclaw-user-get-started/references/quickstart-hermes.md @@ -6,7 +6,7 @@ Use NemoHermes when you want NemoClaw to create an OpenShell sandbox that runs H The `nemohermes` command is an alias for `nemoclaw` with the Hermes agent pre-selected. Review the [Prerequisites](prerequisites.md) before starting. -Docker must be installed, running, and reachable from the current shell before Hermes onboarding can build the sandbox image. +Install Docker, start it, and verify that the current shell can reach it before Hermes onboarding builds the sandbox image. On Linux, the installer can install Docker, start the service, and add your user to the `docker` group. If it changes group membership, run the printed `newgrp docker` recovery command before rerunning the installer. On macOS, start Docker Desktop or Colima before you run the installer. @@ -17,19 +17,19 @@ The first Hermes build can take several minutes because NemoClaw builds the Herm Start the installer with `NEMOCLAW_AGENT=hermes` set in your shell. The installer installs the CLI, selects the `nemohermes` alias, and runs the guided onboarding flow. -```console -$ export NEMOCLAW_AGENT=hermes -$ curl -fsSL https://www.nvidia.com/nemoclaw.sh | bash +```bash +export NEMOCLAW_AGENT=hermes +curl -fsSL https://www.nvidia.com/nemoclaw.sh | bash ``` If a headless host needs to expose the Hermes API through a remote URL or tunnel, set `CHAT_UI_URL` before onboarding. Use the externally reachable origin for port `8642`, without the `/v1` path. NemoClaw derives the forwarded port from this value, binds the forward for remote access when the origin is non-loopback, and prints the final OpenAI-compatible base URL with `/v1` in the ready summary. -```console -$ export NEMOCLAW_AGENT=hermes -$ export CHAT_UI_URL="https://hermes.example.com:8642" -$ curl -fsSL https://www.nvidia.com/nemoclaw.sh | bash +```bash +export NEMOCLAW_AGENT=hermes +export CHAT_UI_URL="https://hermes.example.com:8642" +curl -fsSL https://www.nvidia.com/nemoclaw.sh | bash ``` For SSH local port forwarding to `127.0.0.1:8642`, leave `CHAT_UI_URL` unset. @@ -38,8 +38,8 @@ Hermes API clients authenticate with the bearer token from the generated Hermes If NemoClaw is already installed, start Hermes onboarding directly. -```console -$ nemohermes onboard +```bash +nemohermes onboard ``` ## Respond to the Wizard @@ -58,7 +58,7 @@ Sandbox name [hermes]: my-hermes Choose the inference provider that matches where you want Hermes model traffic to go. The provider options and credential environment variables are the same as the standard NemoClaw quickstart. -For provider-specific prompts, refer to the [Respond to the Onboard Wizard](../SKILL.md#respond-to-the-onboard-wizard) section and the Inference Options (use the `nemoclaw-user-configure-inference` skill) page. +For provider-specific prompts, refer to the Inference Options (use the `nemoclaw-user-configure-inference` skill) page. The Hermes wizard does not ask for Brave Web Search because Hermes does not use NemoClaw's OpenClaw web-search configuration. After provider and model selection, review the summary and confirm the build. @@ -75,13 +75,13 @@ Hermes uses an agent-specific baseline policy that allows the Hermes binary and For CI or scripted installs, set the required environment variables before running the installer. The example below uses NVIDIA Endpoints and creates a sandbox named `my-hermes`. -```console -$ export NEMOCLAW_AGENT=hermes -$ export NEMOCLAW_NON_INTERACTIVE=1 -$ export NEMOCLAW_ACCEPT_THIRD_PARTY_SOFTWARE=1 -$ export NEMOCLAW_SANDBOX_NAME=my-hermes -$ export NVIDIA_API_KEY= -$ curl -fsSL https://www.nvidia.com/nemoclaw.sh | bash +```bash +export NEMOCLAW_AGENT=hermes +export NEMOCLAW_NON_INTERACTIVE=1 +export NEMOCLAW_ACCEPT_THIRD_PARTY_SOFTWARE=1 +export NEMOCLAW_SANDBOX_NAME=my-hermes +export NVIDIA_API_KEY= +curl -fsSL https://www.nvidia.com/nemoclaw.sh | bash ``` Use the provider variables from Inference Options (use the `nemoclaw-user-configure-inference` skill) when you choose a different provider. @@ -100,8 +100,7 @@ nemohermes onboard The dashboard uses port `9119` by default. Set `NEMOCLAW_HERMES_DASHBOARD_PORT` before onboarding to choose a different port. Set `NEMOCLAW_HERMES_DASHBOARD_TUI=1` to enable Hermes' optional in-browser TUI tab. -For upstream dashboard features, see the -[Hermes web dashboard documentation](https://hermes-agent.nousresearch.com/docs/user-guide/features/web-dashboard). +For upstream dashboard features, refer to the [Hermes web dashboard documentation](https://hermes-agent.nousresearch.com/docs/user-guide/features/web-dashboard). ```text ────────────────────────────────────────────────── @@ -137,14 +136,14 @@ To chat with the agent from a terminal, follow these steps: 1. Connect to the sandbox and start the Hermes CLI. - ```console - $ nemohermes my-hermes connect + ```bash + nemohermes my-hermes connect ``` 2. Inside the sandbox, run the Hermes CLI. - ```console - $ hermes + ```bash + hermes ``` ## Check the API Endpoint @@ -152,14 +151,14 @@ To chat with the agent from a terminal, follow these steps: The onboard flow starts the port forward automatically. Check the health endpoint from the host to confirm that the Hermes API is reachable. -```console -$ curl -sf http://127.0.0.1:8642/health +```bash +curl -sf http://127.0.0.1:8642/health ``` If the command cannot connect after a reboot or terminal restart, start the forward again. -```console -$ openshell forward start --background 8642 my-hermes +```bash +openshell forward start --background 8642 my-hermes ``` Configure an OpenAI-compatible client with the base URL `http://127.0.0.1:8642/v1`. @@ -168,7 +167,7 @@ Do not append an OpenClaw `#token=` URL fragment to the Hermes endpoint. ## Open the Optional Dashboard -When `NEMOCLAW_HERMES_DASHBOARD=1` is set during onboarding, NemoClaw starts `hermes dashboard --no-open` inside the sandbox and forwards `http://127.0.0.1:9119/` on the host. +When you set `NEMOCLAW_HERMES_DASHBOARD=1` during onboarding, NemoClaw starts `hermes dashboard --no-open` inside the sandbox and forwards `http://127.0.0.1:9119/` on the host. The API endpoint remains separate on `8642`. If the dashboard forward is missing after a reboot or terminal restart, start it again: @@ -186,24 +185,24 @@ Use the same lifecycle commands as a standard NemoClaw sandbox. The `nemohermes` alias keeps help text and recovery messages aligned with Hermes, while targeting the same registered sandbox. `nemoclaw list` shows the agent type for each sandbox so you can distinguish Hermes and OpenClaw entries. -```console -$ nemohermes my-hermes status -$ nemohermes my-hermes logs --follow -$ nemohermes my-hermes snapshot create --name before-change -$ nemohermes my-hermes rebuild +```bash +nemohermes my-hermes status +nemohermes my-hermes logs --follow +nemohermes my-hermes snapshot create --name before-change +nemohermes my-hermes rebuild ``` To change the active model or provider without rebuilding the sandbox, use `nemohermes inference set`. It updates the OpenShell inference route and patches `/sandbox/.hermes/config.yaml` without restarting Hermes. -```console -$ nemohermes inference set --model --provider +```bash +nemohermes inference set --model --provider ``` To remove the sandbox when you are done, destroy it explicitly. -```console -$ nemohermes my-hermes destroy +```bash +nemohermes my-hermes destroy ``` ## Next Steps diff --git a/.agents/skills/nemoclaw-user-get-started/references/windows-preparation.md b/.agents/skills/nemoclaw-user-get-started/references/windows-preparation.md index 75f9e6d97e..3e225aa1a7 100644 --- a/.agents/skills/nemoclaw-user-get-started/references/windows-preparation.md +++ b/.agents/skills/nemoclaw-user-get-started/references/windows-preparation.md @@ -2,20 +2,36 @@ # Prepare Windows for NemoClaw +import { AgentOnly } from "../_components/AgentGuide"; + You can run NemoClaw inside Windows Subsystem for Linux (WSL 2) on Windows. -Complete these steps before following the [Quickstart](../SKILL.md). + +Complete these steps before following the Quickstart. + + +Complete these steps before following Quickstart with Hermes. + Linux and macOS users do not need this page and can go directly to the Quickstart. **Note:** -This guide has been tested on x86-64. +NVIDIA tested this guide on x86-64. ## Prerequisites Verify the following before you begin: - Windows 10 (build 19041 or later) or Windows 11. -- Hardware requirements are the same as the [Quickstart](../SKILL.md). + + +- Hardware requirements are the same as the Quickstart. + + + + +- Hardware requirements are the same as Quickstart with Hermes. + + ## Option: Use the Bootstrap Script @@ -47,10 +63,11 @@ When Windows preparation is complete, it opens Ubuntu and prints the standard in curl -fsSL https://www.nvidia.com/nemoclaw.sh | bash ``` -If the bootstrap script reports that Docker is not reachable from Ubuntu, open Docker Desktop Settings and confirm that WSL integration is enabled for Ubuntu (Settings > Resources > WSL integration), make sure Docker Desktop is running, then rerun the script. +If the bootstrap script reports that Ubuntu cannot reach Docker, open Docker Desktop Settings and confirm that Docker Desktop enables WSL integration for Ubuntu (**Settings** > **Resources** > **WSL integration**), make sure Docker Desktop is running, then rerun the script. If the bootstrap script reports that `winget.exe` is not available (common on Windows Server or stripped Windows installs), install **App Installer** from the Microsoft Store (which provides `winget`), or download and install Docker Desktop manually from [docker.com](https://www.docker.com/products/docker-desktop/). -Rerun the bootstrap script after Docker Desktop is installed; the script skips the install step once it detects Docker Desktop is present. +After you install Docker Desktop, rerun the bootstrap script. +The script skips the install step after it detects Docker Desktop. The manual steps below describe the same Windows preparation pieces and are useful when you need to verify or repair WSL, Ubuntu, or Docker Desktop by hand. @@ -80,9 +97,9 @@ Let the distribution launch and complete first-run setup (pick a Unix username a Do not use the `--no-launch` flag. The `--no-launch` flag downloads the package but does not register the distribution with WSL. -Commands like `wsl -d Ubuntu-24.04` fail with "There is no distribution with the supplied name" until the distribution has been launched at least once. +Commands like `wsl -d Ubuntu-24.04` fail with "There is no distribution with the supplied name" until you launch the distribution at least one time. -Verify the distribution is registered and running WSL 2: +Verify that WSL registered the distribution and runs it with WSL 2: ```powershell wsl -l -v @@ -99,7 +116,7 @@ Expected output: Install [Docker Desktop](https://www.docker.com/products/docker-desktop/) with the WSL 2 backend (the default on Windows 11). -After installation, open Docker Desktop Settings and confirm that WSL integration is enabled for your Ubuntu distribution (Settings > Resources > WSL integration). +After installation, open Docker Desktop Settings and confirm that Docker Desktop enables WSL integration for your Ubuntu distribution (**Settings** > **Resources** > **WSL integration**). Open WSL from PowerShell: @@ -114,7 +131,7 @@ docker info ``` `docker info` prints server information. -If you see "Cannot connect to the Docker daemon", confirm that Docker Desktop is running and that WSL integration is enabled. +If you see "Cannot connect to the Docker daemon", confirm that Docker Desktop is running and that Docker Desktop enables WSL integration. ## Set Up Local Inference with Ollama (Optional) @@ -125,7 +142,7 @@ You can install Ollama inside WSL yourself: curl -fsSL https://ollama.com/install.sh | sh ``` -If Ollama is installed but not already running in WSL, the onboarding process starts it for you. +If you installed Ollama but it is not already running in WSL, onboarding starts it for you. You can also start it yourself beforehand with `ollama serve`. You can also use Ollama for Windows. @@ -139,10 +156,15 @@ Use one instance, or move one of them to a different port before running `nemocl Your Windows environment is ready. If you used the bootstrap script, follow the installer command it printed inside Ubuntu. -If you prepared Windows manually, open a WSL terminal (type `wsl` in PowerShell, or open Ubuntu from Windows Terminal) and continue with the [Quickstart](../SKILL.md) to install NemoClaw and launch your first sandbox. + +If you prepared Windows manually, open a WSL terminal (type `wsl` in PowerShell, or open Ubuntu from Windows Terminal) and continue with the Quickstart to install NemoClaw and launch your first sandbox. + + +If you prepared Windows manually, open a WSL terminal (type `wsl` in PowerShell, or open Ubuntu from Windows Terminal) and continue with Quickstart with Hermes to install NemoClaw and launch your first Hermes sandbox. + All NemoClaw commands run inside WSL, not in PowerShell. ## Troubleshooting -For Windows-specific troubleshooting, refer to the Windows Subsystem for Linux section (use the `nemoclaw-user-reference` skill) in the Troubleshooting guide. +For Windows-specific troubleshooting, refer to the Windows Subsystem for Linux section in the Troubleshooting guide. diff --git a/.agents/skills/nemoclaw-user-manage-policy/SKILL.md b/.agents/skills/nemoclaw-user-manage-policy/SKILL.md index 5f62d8d49f..0e1f0f708f 100644 --- a/.agents/skills/nemoclaw-user-manage-policy/SKILL.md +++ b/.agents/skills/nemoclaw-user-manage-policy/SKILL.md @@ -18,15 +18,22 @@ license: "Apache-2.0" - A running NemoClaw sandbox for dynamic changes, or the NemoClaw source repository for static changes. - The OpenShell CLI on your `PATH`. -Add, remove, or modify the endpoints that the sandbox is allowed to reach. +import { AgentOnly } from "../_components/AgentGuide"; -The sandbox policy is defined in a declarative YAML file in the NemoClaw repository and enforced at runtime by [NVIDIA OpenShell](https://github.com/NVIDIA/OpenShell). +Add, remove, or modify the endpoints the sandbox can reach. + +The NemoClaw repository defines the sandbox policy in a declarative YAML file, and [NVIDIA OpenShell](https://github.com/NVIDIA/OpenShell) enforces it at runtime. NemoClaw supports both static policy changes that persist across restarts and dynamic updates applied to a running sandbox through the OpenShell CLI. **Note:** If the sandbox needs to reach an HTTP service running on the host, expose the service on a host IP that the OpenShell gateway can reach. + Apply a custom NemoClaw preset with `nemoclaw policy-add --from-file`. + + +Apply a custom NemoClaw preset with `nemohermes policy-add --from-file`. + Do not rely on `host.docker.internal` as a general host-service path because it bypasses the OpenShell policy path and may not be reachable in every sandbox runtime. See Agent cannot reach a host-side HTTP service (use the `nemoclaw-user-reference` skill). @@ -36,12 +43,22 @@ Static changes modify the baseline policy file and take effect after the next sa ### Edit the Policy File + Open `nemoclaw-blueprint/policies/openclaw-sandbox.yaml` and add or modify endpoint entries. If you want a built-in preset to be part of the baseline policy, merge its `network_policies` entries into this file and re-run `nemoclaw onboard`. If you only need to apply a preset to a running sandbox, use `nemoclaw policy-add` under [Dynamic Changes](#dynamic-changes). That updates the live policy and does not edit `openclaw-sandbox.yaml`. + + +Open the Hermes policy additions and shared sandbox policy files under `agents/hermes/` and `nemoclaw-blueprint/policies/`, then add or modify endpoint entries. + +If you want a built-in preset to be part of the baseline policy, merge its `network_policies` entries into the appropriate policy file and re-run `nemohermes onboard`. + +If you only need to apply a preset to a running sandbox, use `nemohermes policy-add` under [Dynamic Changes](#dynamic-changes). +That updates the live policy and does not edit the baseline policy files. + Use a manual YAML edit when you need to allow custom hosts that are not covered by a preset, such as an internal API or a weather service. @@ -60,19 +77,33 @@ Each entry in the `network` section defines an endpoint group with the following Apply the updated policy by re-running the onboard wizard: -```console -$ nemoclaw onboard + +```bash +nemoclaw onboard ``` + + +```bash +nemohermes onboard +``` + -The wizard picks up the modified policy file and applies it to the sandbox. +The wizard reads the modified policy file and applies it to the sandbox. ### Verify the Policy Check that the sandbox is running with the updated policy: -```console -$ nemoclaw status + +```bash +nemoclaw status +``` + + +```bash +nemohermes status ``` + ### Add Blueprint Policy Additions @@ -86,7 +117,7 @@ Dynamic changes apply a policy update to a running sandbox without restarting it > [!WARNING] > `openshell policy set` **replaces** the sandbox's live policy with the contents of the file you provide; it does not merge. -> A running sandbox's live policy is the baseline from `openclaw-sandbox.yaml` plus every preset that was layered on during onboarding. +> A running sandbox's live policy is the baseline policy plus every preset that was layered on during onboarding. > Applying a file that contains only the baseline (or only a single preset) silently drops every other preset that was in effect. ### Option 1: Drop a Preset File and Use `policy-add` (Recommended) @@ -116,41 +147,57 @@ This is the non-destructive path and the only flow NemoClaw supports out of the 2. Apply it to the running sandbox: - ```console - $ nemoclaw my-assistant policy-add - ``` + + +```bash +nemoclaw my-assistant policy-add +``` - NemoClaw reads the live policy via `openshell policy get --full`, structurally merges your preset's `network_policies` into it, and writes the merged result back. - Existing presets and the baseline remain in place. - The preset file under `presets/` also persists across sandbox recreations. + + + +```bash +nemohermes my-assistant policy-add +``` -### Option 2: Snapshot, Edit, and Set via OpenShell + + +NemoClaw reads the live policy via `openshell policy get --full`, structurally merges your preset's `network_policies` into it, and writes the merged result back. +Existing presets and the baseline remain in place. +The preset file under `presets/` also persists across sandbox recreations. + +### Option 2: Snapshot, Edit, and Set with OpenShell Use this path only when you cannot add a file under the NemoClaw source tree. -You must start from the **live** policy, not from `openclaw-sandbox.yaml`, so the presets layered on at onboarding are preserved in the file you apply. +You must start from the **live** policy, not from a baseline policy file, so the presets layered on at onboarding are preserved in the file you apply. -```console -$ openshell policy get --full my-assistant > live-policy.yaml +```bash +openshell policy get --full my-assistant > live-policy.yaml ``` Edit `live-policy.yaml` to add your entries under `network_policies:`, keeping the existing `version` field intact, then apply: -```console -$ openshell policy set --policy live-policy.yaml my-assistant +```bash +openshell policy set --policy live-policy.yaml my-assistant ``` ### Scope of Dynamic Changes Dynamic changes apply only to the current session. -When the sandbox stops, the running policy resets to the baseline composed from `openclaw-sandbox.yaml` plus the presets recorded for the sandbox. -To make a custom policy survive a sandbox recreation, ship the preset file in the repository (Option 1 above — the file under `presets/` persists) or edit `openclaw-sandbox.yaml` and re-run `nemoclaw onboard`. +When the sandbox stops, the running policy resets to the baseline policy plus the presets recorded for the sandbox. + +To make a custom policy survive a sandbox recreation, ship the preset file in the repository (Option 1 above; the file under `presets/` persists) or edit `openclaw-sandbox.yaml` and re-run `nemoclaw onboard`. + + +To make a custom policy survive a sandbox recreation, ship the preset file in the repository (Option 1 above; the file under `presets/` persists) or edit the Hermes policy additions and re-run `nemohermes onboard`. + ### Approve Requests Interactively For one-off access, you can approve blocked requests in the OpenShell TUI instead of editing the baseline policy: -```console -$ openshell term +```bash +openshell term ``` This is useful when you want to test a destination before deciding whether it belongs in a permanent preset or custom policy file. @@ -186,9 +233,16 @@ Available presets: To apply a preset to a running sandbox: -```console -$ nemoclaw policy-add + +```bash +nemoclaw policy-add +``` + + +```bash +nemohermes policy-add ``` + **Note:** @@ -197,35 +251,71 @@ Pass a preset name with `--yes` for scripted workflows. For example, to interactively add PyPI access to a running sandbox: -```console -$ nemoclaw my-assistant policy-add + +```bash +nemoclaw my-assistant policy-add ``` + + +```bash +nemohermes my-assistant policy-add +``` + To list which presets are applied to a sandbox: -```console -$ nemoclaw policy-list + +```bash +nemoclaw policy-list +``` + + +```bash +nemohermes policy-list ``` + + To include a preset in the baseline, merge its entries into `openclaw-sandbox.yaml` and re-run `nemoclaw onboard`. + + +To include a preset in the baseline, merge its entries into the Hermes policy additions and re-run `nemohermes onboard`. + **Note:** -The `openshell policy set --policy ` command operates on raw policy files and does not -accept the `preset:` metadata block used in preset YAML files. Use `nemoclaw policy-add` for -presets. +The `openshell policy set --policy ` command operates on raw policy files and does not accept the `preset:` metadata block used in preset YAML files. + +Use `nemoclaw policy-add` for presets. + + +Use `nemohermes policy-add` for presets. + For scripted workflows, `policy-add` and `policy-remove` accept the preset name as a positional argument: -```console -$ nemoclaw my-assistant policy-add pypi --yes -$ nemoclaw my-assistant policy-remove pypi --yes + +```bash +nemoclaw my-assistant policy-add pypi --yes +nemoclaw my-assistant policy-remove pypi --yes ``` + + +```bash +nemohermes my-assistant policy-add pypi --yes +nemohermes my-assistant policy-remove pypi --yes +``` + Set `NEMOCLAW_NON_INTERACTIVE=1` instead of `--yes` to drive the same flow from an environment variable. See Commands (use the `nemoclaw-user-reference` skill) for the full flag reference. + `nemoclaw rebuild` reapplies every policy preset to the recreated sandbox, so presets survive an agent-version upgrade without manual reapplication. + + +`nemohermes rebuild` reapplies every policy preset to the recreated sandbox, so presets survive an agent-version upgrade without manual reapplication. + ## Custom Preset Files @@ -258,17 +348,31 @@ Rename `preset.name` if NemoClaw refuses to apply the file because of a collisio ### Apply a Single File -```console -$ nemoclaw my-assistant policy-add --from-file ./presets/my-internal-api.yaml + +```bash +nemoclaw my-assistant policy-add --from-file ./presets/my-internal-api.yaml +``` + + +```bash +nemohermes my-assistant policy-add --from-file ./presets/my-internal-api.yaml ``` + Preview the endpoints without applying with `--dry-run`, and skip the confirmation prompt with `--yes` or by exporting `NEMOCLAW_NON_INTERACTIVE=1`. ### Apply Every File in a Directory -```console -$ nemoclaw my-assistant policy-add --from-dir ./presets/ --yes + +```bash +nemoclaw my-assistant policy-add --from-dir ./presets/ --yes ``` + + +```bash +nemohermes my-assistant policy-add --from-dir ./presets/ --yes +``` + Files are processed in lexicographic order. Processing stops at the first failure; presets already applied are not rolled back. @@ -281,13 +385,26 @@ Review every host in a custom preset before applying it, especially when the fil ### Remove a Custom Preset -Custom presets applied with `--from-file` or `--from-dir` are recorded in the NemoClaw sandbox registry alongside their full YAML content, so they can be removed by name — the original file does not need to be kept on disk: +NemoClaw records custom presets applied with `--from-file` or `--from-dir` in the sandbox registry alongside their full YAML content. +You can remove them by name without keeping the original file on disk: -```console -$ nemoclaw my-assistant policy-remove my-internal-api --yes + +```bash +nemoclaw my-assistant policy-remove my-internal-api --yes +``` + + +```bash +nemohermes my-assistant policy-remove my-internal-api --yes ``` + + `policy-remove` accepts both built-in and custom preset names. Run `nemoclaw policy-list` to see every preset currently applied to the sandbox. + + +`policy-remove` accepts both built-in and custom preset names. Run `nemohermes policy-list` to see every preset currently applied to the sandbox. + ## References diff --git a/.agents/skills/nemoclaw-user-manage-policy/references/approve-network-requests.md b/.agents/skills/nemoclaw-user-manage-policy/references/approve-network-requests.md index bb1e73d494..1a76586db7 100644 --- a/.agents/skills/nemoclaw-user-manage-policy/references/approve-network-requests.md +++ b/.agents/skills/nemoclaw-user-manage-policy/references/approve-network-requests.md @@ -14,14 +14,14 @@ OpenShell intercepts these requests and presents them in the TUI for operator ap Start the OpenShell terminal UI to monitor sandbox activity: -```console -$ openshell term +```bash +openshell term ``` For a remote sandbox, pass the instance name: -```console -$ ssh my-gpu-box 'cd ~/nemoclaw && . .env && openshell term' +```bash +ssh my-gpu-box 'cd ~/nemoclaw && . .env && openshell term' ``` The TUI displays the sandbox state, active inference provider, and a live feed of network activity. @@ -50,8 +50,8 @@ To keep an endpoint allowed after a restart, update the policy YAML or apply a p From the NemoClaw repository root, run the walkthrough script after you have onboarded at least one sandbox and it is reachable: -```console -$ ./scripts/walkthrough.sh +```bash +./scripts/walkthrough.sh ``` This script opens a split tmux session with the TUI on the left and the agent on the right. diff --git a/.agents/skills/nemoclaw-user-manage-policy/references/integration-policy-examples.md b/.agents/skills/nemoclaw-user-manage-policy/references/integration-policy-examples.md index e55cac14f8..a51ce1c0de 100644 --- a/.agents/skills/nemoclaw-user-manage-policy/references/integration-policy-examples.md +++ b/.agents/skills/nemoclaw-user-manage-policy/references/integration-policy-examples.md @@ -2,6 +2,8 @@ # Common NemoClaw Integration Policy Examples +import { AgentOnly } from "../_components/AgentGuide"; + Use these examples when a sandbox is already installed and an integration needs network access. This page covers only integrations that NemoClaw currently ships as maintained policy preset YAML under `nemoclaw-blueprint/policies/presets/`. Integration setup usually has two separate parts: @@ -18,19 +20,26 @@ Replace `my-assistant` with your sandbox name in the examples. Check the current policy state first: -```console -$ nemoclaw my-assistant policy-list + +```bash +nemoclaw my-assistant policy-list ``` + + +```bash +nemohermes my-assistant policy-list +``` + For a live view of blocked requests, open the OpenShell TUI in a separate host terminal: -```console -$ openshell term +```bash +openshell term ``` When the agent reaches an endpoint that is not in policy, the TUI shows the host, port, requesting binary, method, and path when available. Approve a request only when you understand why the integration needs it. -An approval updates the running policy, but it does not create a NemoClaw preset entry that can be reviewed and replayed like `policy-add`. +An approval updates the running policy, but it does not create a reviewable NemoClaw preset entry that `policy-add` can replay. ## Supported Integration Presets @@ -56,31 +65,60 @@ NemoClaw ships maintained policy presets for common services in `nemoclaw-bluepr Preview the endpoints before applying: -```console -$ nemoclaw my-assistant policy-add outlook --dry-run + +```bash +nemoclaw my-assistant policy-add outlook --dry-run +``` + + +```bash +nemohermes my-assistant policy-add outlook --dry-run ``` + Apply the preset: -```console -$ nemoclaw my-assistant policy-add outlook --yes + +```bash +nemoclaw my-assistant policy-add outlook --yes +``` + + +```bash +nemohermes my-assistant policy-add outlook --yes ``` + Remove it later if the sandbox no longer needs that access: -```console -$ nemoclaw my-assistant policy-remove outlook --yes + +```bash +nemoclaw my-assistant policy-remove outlook --yes ``` + + +```bash +nemohermes my-assistant policy-remove outlook --yes +``` + ## Email and Calendar With Microsoft 365 Use the `outlook` preset for Microsoft 365 email and calendar workflows that use Microsoft Graph or Outlook endpoints. The preset allows `graph.microsoft.com`, Microsoft login, and Outlook service endpoints. -```console -$ nemoclaw my-assistant policy-add outlook --dry-run -$ nemoclaw my-assistant policy-add outlook --yes + +```bash +nemoclaw my-assistant policy-add outlook --dry-run +nemoclaw my-assistant policy-add outlook --yes ``` + + +```bash +nemohermes my-assistant policy-add outlook --dry-run +nemohermes my-assistant policy-add outlook --yes +``` + Then configure the email or calendar tool credentials through the integration you are running in the sandbox. Keep OAuth client secrets and refresh tokens out of policy files. @@ -93,23 +131,40 @@ If the blocked endpoint is not covered by the maintained `outlook` preset, treat Telegram needs both channel configuration and egress policy. If you already enabled Telegram during onboarding but did not include the preset, add it to the running sandbox: -```console -$ nemoclaw my-assistant policy-add telegram --yes + +```bash +nemoclaw my-assistant policy-add telegram --yes +``` + + +```bash +nemohermes my-assistant policy-add telegram --yes ``` + To add Telegram after onboarding, set the token on the host, add the channel, rebuild so the image picks up the channel config, and make sure the policy preset is applied: -```console -$ export TELEGRAM_BOT_TOKEN= -$ NEMOCLAW_NON_INTERACTIVE=1 nemoclaw my-assistant channels add telegram -$ nemoclaw my-assistant rebuild -$ nemoclaw my-assistant policy-add telegram --yes + +```bash +export TELEGRAM_BOT_TOKEN= +NEMOCLAW_NON_INTERACTIVE=1 nemoclaw my-assistant channels add telegram +nemoclaw my-assistant rebuild +nemoclaw my-assistant policy-add telegram --yes +``` + + +```bash +export TELEGRAM_BOT_TOKEN= +NEMOCLAW_NON_INTERACTIVE=1 nemohermes my-assistant channels add telegram +nemohermes my-assistant rebuild +nemohermes my-assistant policy-add telegram --yes ``` + If delivery fails, open the TUI and send a test message to the bot: -```console -$ openshell term +```bash +openshell term ``` The matching preset for each supported messaging channel is the channel name (`telegram`, `discord`, `slack`, `wechat`, or `whatsapp`). @@ -121,61 +176,118 @@ Use the matching policy preset after you configure the channel credentials. For Slack: -```console -$ export SLACK_BOT_TOKEN= -$ export SLACK_APP_TOKEN= -$ NEMOCLAW_NON_INTERACTIVE=1 nemoclaw my-assistant channels add slack -$ nemoclaw my-assistant rebuild -$ nemoclaw my-assistant policy-add slack --yes + +```bash +export SLACK_BOT_TOKEN= +export SLACK_APP_TOKEN= +NEMOCLAW_NON_INTERACTIVE=1 nemoclaw my-assistant channels add slack +nemoclaw my-assistant rebuild +nemoclaw my-assistant policy-add slack --yes ``` + + +```bash +export SLACK_BOT_TOKEN= +export SLACK_APP_TOKEN= +NEMOCLAW_NON_INTERACTIVE=1 nemohermes my-assistant channels add slack +nemohermes my-assistant rebuild +nemohermes my-assistant policy-add slack --yes +``` + For Discord: -```console -$ export DISCORD_BOT_TOKEN= -$ export DISCORD_SERVER_ID= -$ NEMOCLAW_NON_INTERACTIVE=1 nemoclaw my-assistant channels add discord -$ nemoclaw my-assistant rebuild -$ nemoclaw my-assistant policy-add discord --yes + +```bash +export DISCORD_BOT_TOKEN= +export DISCORD_SERVER_ID= +NEMOCLAW_NON_INTERACTIVE=1 nemoclaw my-assistant channels add discord +nemoclaw my-assistant rebuild +nemoclaw my-assistant policy-add discord --yes +``` + + +```bash +export DISCORD_BOT_TOKEN= +export DISCORD_SERVER_ID= +NEMOCLAW_NON_INTERACTIVE=1 nemohermes my-assistant channels add discord +nemohermes my-assistant rebuild +nemohermes my-assistant policy-add discord --yes ``` + If you enabled Slack or Discord during onboarding, apply only the matching preset: -```console -$ nemoclaw my-assistant policy-add slack --yes -$ nemoclaw my-assistant policy-add discord --yes + +```bash +nemoclaw my-assistant policy-add slack --yes +nemoclaw my-assistant policy-add discord --yes +``` + + +```bash +nemohermes my-assistant policy-add slack --yes +nemohermes my-assistant policy-add discord --yes ``` + ## WeChat or WhatsApp Messaging (Experimental) WeChat and WhatsApp are experimental. -Both rely on QR-based pairing flows that are more fragile than token-based bots, and the upstream client libraries can change behavior without notice. +Both rely on QR-based pairing flows that are more fragile than token-based bots. +The upstream client libraries can change behavior without notice. WeChat uses Tencent's iLink Bot API for personal accounts. The bot token is captured by a host-side QR scan during onboarding rather than pasted from a developer portal. Add the channel interactively and apply the preset: -```console -$ nemoclaw my-assistant channels add wechat -$ nemoclaw my-assistant rebuild -$ nemoclaw my-assistant policy-add wechat --yes + +```bash +nemoclaw my-assistant channels add wechat +nemoclaw my-assistant rebuild +nemoclaw my-assistant policy-add wechat --yes +``` + + +```bash +nemohermes my-assistant channels add wechat +nemohermes my-assistant rebuild +nemohermes my-assistant policy-add wechat --yes ``` + -WhatsApp Web pairs entirely inside the sandbox via QR scan, so `channels add` does not collect a host-side token. +WhatsApp Web pairs entirely inside the sandbox through QR scan, so `channels add` does not collect a host-side token. Apply the preset and complete the in-sandbox pairing after the rebuild: -```console -$ NEMOCLAW_NON_INTERACTIVE=1 nemoclaw my-assistant channels add whatsapp -$ nemoclaw my-assistant rebuild -$ nemoclaw my-assistant policy-add whatsapp --yes + +```bash +NEMOCLAW_NON_INTERACTIVE=1 nemoclaw my-assistant channels add whatsapp +nemoclaw my-assistant rebuild +nemoclaw my-assistant policy-add whatsapp --yes ``` + + +```bash +NEMOCLAW_NON_INTERACTIVE=1 nemohermes my-assistant channels add whatsapp +nemohermes my-assistant rebuild +nemohermes my-assistant policy-add whatsapp --yes +``` + If you enabled WeChat or WhatsApp during onboarding, apply only the matching preset: -```console -$ nemoclaw my-assistant policy-add wechat --yes -$ nemoclaw my-assistant policy-add whatsapp --yes + +```bash +nemoclaw my-assistant policy-add wechat --yes +nemoclaw my-assistant policy-add whatsapp --yes ``` + + +```bash +nemohermes my-assistant policy-add wechat --yes +nemohermes my-assistant policy-add whatsapp --yes +``` + ## GitHub and Jira @@ -184,17 +296,33 @@ Use `jira` when the agent needs Atlassian Jira access. Preview first: -```console -$ nemoclaw my-assistant policy-add github --dry-run -$ nemoclaw my-assistant policy-add jira --dry-run + +```bash +nemoclaw my-assistant policy-add github --dry-run +nemoclaw my-assistant policy-add jira --dry-run +``` + + +```bash +nemohermes my-assistant policy-add github --dry-run +nemohermes my-assistant policy-add jira --dry-run ``` + Apply the preset that matches the workflow: -```console -$ nemoclaw my-assistant policy-add github --yes -$ nemoclaw my-assistant policy-add jira --yes + +```bash +nemoclaw my-assistant policy-add github --yes +nemoclaw my-assistant policy-add jira --yes +``` + + +```bash +nemohermes my-assistant policy-add github --yes +nemohermes my-assistant policy-add jira --yes ``` + The `jira` preset intentionally allows Node.js access to Atlassian Cloud and does not allow `curl`. When validating it manually, avoid plain `curl -s` against `auth.atlassian.com`. @@ -213,20 +341,36 @@ This manual probe proves curl reached Atlassian, but no Jira credentials were su Remove access when the task is done: -```console -$ nemoclaw my-assistant policy-remove github --yes -$ nemoclaw my-assistant policy-remove jira --yes + +```bash +nemoclaw my-assistant policy-remove github --yes +nemoclaw my-assistant policy-remove jira --yes +``` + + +```bash +nemohermes my-assistant policy-remove github --yes +nemohermes my-assistant policy-remove jira --yes ``` + ## Brave Search The default Balanced policy tier includes `brave`. If you chose Restricted during onboarding or removed the preset later, add it before enabling Brave Search workflows: -```console -$ nemoclaw my-assistant policy-add brave --dry-run -$ nemoclaw my-assistant policy-add brave --yes + +```bash +nemoclaw my-assistant policy-add brave --dry-run +nemoclaw my-assistant policy-add brave --yes ``` + + +```bash +nemohermes my-assistant policy-add brave --dry-run +nemohermes my-assistant policy-add brave --yes +``` + The Brave Search API key is still configured separately during onboarding or through the web search setup flow. @@ -243,21 +387,41 @@ Use these presets when an agent workflow installs packages or downloads model as Add only the preset required for the task: -```console -$ nemoclaw my-assistant policy-add npm --yes -$ nemoclaw my-assistant policy-add pypi --yes -$ nemoclaw my-assistant policy-add brew --yes -$ nemoclaw my-assistant policy-add huggingface --yes + +```bash +nemoclaw my-assistant policy-add npm --yes +nemoclaw my-assistant policy-add pypi --yes +nemoclaw my-assistant policy-add brew --yes +nemoclaw my-assistant policy-add huggingface --yes ``` + + +```bash +nemohermes my-assistant policy-add npm --yes +nemohermes my-assistant policy-add pypi --yes +nemohermes my-assistant policy-add brew --yes +nemohermes my-assistant policy-add huggingface --yes +``` + Remove package access after a one-time setup task if the sandbox no longer needs it: -```console -$ nemoclaw my-assistant policy-remove npm --yes -$ nemoclaw my-assistant policy-remove pypi --yes -$ nemoclaw my-assistant policy-remove brew --yes -$ nemoclaw my-assistant policy-remove huggingface --yes + +```bash +nemoclaw my-assistant policy-remove npm --yes +nemoclaw my-assistant policy-remove pypi --yes +nemoclaw my-assistant policy-remove brew --yes +nemoclaw my-assistant policy-remove huggingface --yes +``` + + +```bash +nemohermes my-assistant policy-remove npm --yes +nemohermes my-assistant policy-remove pypi --yes +nemohermes my-assistant policy-remove brew --yes +nemohermes my-assistant policy-remove huggingface --yes ``` + The `pypi` preset allows Python, `pip`, virtual-environment Python and `pip`, and `/usr/local/bin/uv` to reach PyPI endpoints. If `uv` is installed somewhere else in the sandbox, add a custom preset for that binary path instead of broadening the maintained preset locally. @@ -268,17 +432,28 @@ The sandbox base image includes Homebrew (Linuxbrew), so applying the `brew` pre A `/usr/local/bin/brew` wrapper puts the entry point on the sandbox `PATH` while delegating to the Linuxbrew prefix. Installed formula commands are available from the Linuxbrew bin directory in sandbox shell sessions: -```console -$ nemoclaw my-assistant policy-add brew --yes -$ nemoclaw my-assistant exec -- brew install -$ nemoclaw my-assistant exec -- bash -lc '' + +```bash +nemoclaw my-assistant policy-add brew --yes +nemoclaw my-assistant exec -- brew install +nemoclaw my-assistant exec -- bash -lc '' +``` + + +```bash +nemohermes my-assistant policy-add brew --yes +nemohermes my-assistant exec -- brew install +nemohermes my-assistant exec -- bash -lc '' ``` + You do not need to bootstrap Homebrew, install build dependencies, or source `brew shellenv` inside the sandbox. ## Model Pricing -OpenClaw's gateway fetches reference pricing from LiteLLM and OpenRouter on every start so it can populate `usage.cost` in session JSONL records. + + +OpenClaw's gateway fetches reference pricing from LiteLLM and OpenRouter on every start to populate `usage.cost` in session JSONL records. The default-strict egress policy denies both hosts. The fetch fails closed, the gateway logs `[gateway/model-pricing] LiteLLM pricing fetch failed: TypeError: fetch failed` (and the matching OpenRouter line) on every startup, and every session record records `usage.cost = 0` even though the input and output token counts populate correctly. Tools that read the session log to display per-turn cost (audit dashboards, compliance review surfaces) cannot distinguish a real free run from this silent failure. @@ -286,12 +461,19 @@ Tools that read the session log to display per-turn cost (audit dashboards, comp Apply the `openclaw-pricing` preset to allow both pricing endpoints. The preset pins each host to a single read-only path so it does not widen egress beyond the pricing fetch: -```console -$ nemoclaw my-assistant policy-add openclaw-pricing --dry-run -$ nemoclaw my-assistant policy-add openclaw-pricing --yes +```bash +nemoclaw my-assistant policy-add openclaw-pricing --dry-run +nemoclaw my-assistant policy-add openclaw-pricing --yes ``` -After the next gateway restart the WARN entries stop and `usage.cost` populates from the fetched pricing tables. +After the next gateway restart, the WARN entries stop and `usage.cost` populates from the fetched pricing tables. + + + + +Hermes does not use OpenClaw's model-pricing reference fetch. + + ## Local Inference @@ -299,40 +481,67 @@ Use `local-inference` when the sandbox needs access to host-side local inference Onboarding auto-suggests this preset when you choose a local provider. If you need to add it after onboarding: -```console -$ nemoclaw my-assistant policy-add local-inference --dry-run -$ nemoclaw my-assistant policy-add local-inference --yes + +```bash +nemoclaw my-assistant policy-add local-inference --dry-run +nemoclaw my-assistant policy-add local-inference --yes ``` + + +```bash +nemohermes my-assistant policy-add local-inference --dry-run +nemohermes my-assistant policy-add local-inference --yes +``` + Then verify the sandbox status: -```console -$ nemoclaw my-assistant status + +```bash +nemoclaw my-assistant status ``` + + +```bash +nemohermes my-assistant status +``` + ## Inspect or Replace the Live Policy Use `policy-list` for normal preset state: -```console -$ nemoclaw my-assistant policy-list + +```bash +nemoclaw my-assistant policy-list ``` + + +```bash +nemohermes my-assistant policy-list +``` + Use OpenShell when you need the full enforced YAML: -```console -$ openshell policy get --full my-assistant > live-policy.yaml +```bash +openshell policy get --full my-assistant > live-policy.yaml ``` If you must replace the live policy, edit the full policy file and set it back: -```console -$ openshell policy set --policy live-policy.yaml my-assistant --wait +```bash +openshell policy set --policy live-policy.yaml my-assistant --wait ``` `openshell policy set` replaces the live policy with the file you provide. It does not accept a preset file that starts with a `preset:` block, and it does not merge a single endpoint into the existing policy. + Use `nemoclaw my-assistant policy-add` for maintained NemoClaw presets. + + +Use `nemohermes my-assistant policy-add` for maintained NemoClaw presets. + ## Next Steps diff --git a/.agents/skills/nemoclaw-user-manage-sandboxes/SKILL.md b/.agents/skills/nemoclaw-user-manage-sandboxes/SKILL.md index a62d7d09d7..a924fcb1a2 100644 --- a/.agents/skills/nemoclaw-user-manage-sandboxes/SKILL.md +++ b/.agents/skills/nemoclaw-user-manage-sandboxes/SKILL.md @@ -1,6 +1,6 @@ --- name: "nemoclaw-user-manage-sandboxes" -description: "Explains operational tasks after the quickstart: listing sandboxes, status and health checks, logs, diagnostics, port forwards, multiple sandboxes, credential reset, rebuilds, network presets, upgrades, and uninstall. Trigger keywords - manage nemoclaw sandboxes, nemoclaw status, nemoclaw list, nemoclaw dashboard port, nemoclaw rebuild, nemoclaw upgrade sandboxes, nemoclaw uninstall, sandbox mutability, sandbox runtime configuration, sandbox rebuild, nemoclaw backup, nemoclaw restore, workspace backup, openshell sandbox download upload, nemoclaw messaging channels, nemoclaw telegram, nemoclaw discord, nemoclaw slack, nemoclaw wechat, nemoclaw whatsapp, openshell channel messaging, nemoclaw workspace files, soul.md, user.md, identity.md, agents.md, sandbox persistence." +description: "Explains operational tasks after the quickstart: listing sandboxes, status and health checks, logs, diagnostics, port forwards, multiple sandboxes, credential reset, rebuilds, network presets, upgrades, and uninstall. Trigger keywords - manage nemoclaw sandboxes, nemoclaw status, nemoclaw list, nemoclaw dashboard port, nemoclaw rebuild, nemoclaw upgrade sandboxes, nemoclaw uninstall, sandbox mutability, sandbox runtime configuration, sandbox rebuild, nemoclaw backup, nemoclaw restore, workspace backup, openshell sandbox download upload, nemoclaw messaging channels, nemoclaw telegram, nemoclaw discord, nemoclaw slack, nemoclaw wechat, nemoclaw whatsapp, openshell channel messaging, install hermes plugins, hermes plugins nemoclaw, nemoclaw hermes plugins, nemoclaw workspace files, soul.md, user.md, identity.md, agents.md, sandbox persistence." license: "Apache-2.0" --- @@ -9,68 +9,141 @@ license: "Apache-2.0" # Manage Sandbox Lifecycle +import { AgentOnly } from "../_components/AgentGuide"; + + Use this guide after you finish the OpenClaw quickstart (use the `nemoclaw-user-get-started` skill). + + +Use this guide after you finish Quickstart with Hermes (use the `nemoclaw-user-get-started` skill). + It covers day-two sandbox operations such as listing sandboxes, checking health, managing ports, rebuilding safely, upgrading, and uninstalling. + When a workflow uses the lower-level OpenShell CLI, see CLI Selection Guide (use the `nemoclaw-user-reference` skill) for the boundary between `nemoclaw` and `openshell`. + + +When a workflow uses the lower-level OpenShell CLI, see CLI Selection Guide (use the `nemoclaw-user-reference` skill) for the boundary between `nemohermes`, `nemoclaw`, and `openshell`. + ## List Sandboxes List every sandbox registered on this host: -```console -$ nemoclaw list + +```bash +nemoclaw list ``` + + +```bash +nemohermes list +``` + -The list shows each sandbox's model, provider, policy presets, active SSH session indicator, and dashboard URL when a dashboard port is recorded. +The list shows each sandbox's model, provider, policy presets, active SSH session indicator, and dashboard URL when NemoClaw records a dashboard port. Use JSON output for scripts: -```console -$ nemoclaw list --json + +```bash +nemoclaw list --json ``` + + +```bash +nemohermes list --json +``` + ## Check Sandbox Health Check a specific sandbox's health, inference route, active connections, live policy, update status, and messaging-channel overlap warnings: -```console -$ nemoclaw my-assistant status + +```bash +nemoclaw my-assistant status +``` + + +```bash +nemohermes my-assistant status ``` + Use the host-level status command when you want the sandbox inventory plus host auxiliary service state, such as cloudflared: -```console -$ nemoclaw status + +```bash +nemoclaw status ``` + + +```bash +nemohermes status +``` + ## Inspect Logs View recent sandbox logs: -```console -$ nemoclaw my-assistant logs + +```bash +nemoclaw my-assistant logs ``` + + +```bash +nemohermes my-assistant logs +``` + Stream logs while you reproduce a problem: -```console -$ nemoclaw my-assistant logs --follow + +```bash +nemoclaw my-assistant logs --follow ``` + + +```bash +nemohermes my-assistant logs --follow +``` + + The log command reads both OpenClaw gateway output and OpenShell audit events, so policy denials appear beside gateway logs. + + +The log command reads both Hermes gateway output and OpenShell audit events, so policy denials appear beside gateway logs. + ## Collect Diagnostics Collect diagnostics for bug reports or support handoff: -```console -$ nemoclaw debug --sandbox my-assistant --output nemoclaw-debug.tar.gz + +```bash +nemoclaw debug --sandbox my-assistant --output nemoclaw-debug.tar.gz ``` + + +```bash +nemohermes debug --sandbox my-assistant --output nemoclaw-debug.tar.gz +``` + Use `--quick` for a smaller local summary: -```console -$ nemoclaw debug --quick --sandbox my-assistant + +```bash +nemoclaw debug --quick --sandbox my-assistant ``` + + +```bash +nemohermes debug --quick --sandbox my-assistant +``` + The debug command gathers system information, Docker state, gateway logs, and sandbox status. @@ -78,38 +151,66 @@ The debug command gathers system information, Docker state, gateway logs, and sa If the forward stopped, or the installer reported that no active forward was found and the URL does not load, restart it manually with the port from the install summary. -```console -$ openshell forward start --background my-gpt-claw +```bash +openshell forward start --background my-gpt-claw ``` To list active forwards across all sandboxes, run the following command. -```console -$ openshell forward list +```bash +openshell forward list ``` ## Run Multiple Sandboxes Each sandbox needs its own dashboard port, since `openshell forward` refuses to bind a port that another sandbox is already using. + When the default port is already held by another sandbox, `nemoclaw onboard` scans ports `18789` through `18799` and uses the next free port. + + +When the default API port is already held by another sandbox, `nemohermes onboard` scans for the next free port and records it for the sandbox. + -```console -$ nemoclaw onboard # first sandbox uses 18789 -$ nemoclaw onboard # second sandbox uses the next free port, such as 18790 + +```bash +nemoclaw onboard # first sandbox uses 18789 +nemoclaw onboard # second sandbox uses the next free port, such as 18790 +``` + + +```bash +nemohermes onboard # first sandbox uses 18789 +nemohermes onboard # second sandbox uses the next free port, such as 18790 ``` + To choose a specific port, pass `--control-ui-port`: -```console -$ nemoclaw onboard --control-ui-port 19000 + +```bash +nemoclaw onboard --control-ui-port 19000 ``` + + +```bash +nemohermes onboard --control-ui-port 19000 +``` + You can also set `CHAT_UI_URL` or `NEMOCLAW_DASHBOARD_PORT` before onboarding: -```console -$ CHAT_UI_URL=http://127.0.0.1:19000 nemoclaw onboard -$ NEMOCLAW_DASHBOARD_PORT=19000 nemoclaw onboard + +```bash +CHAT_UI_URL=http://127.0.0.1:19000 nemoclaw onboard +NEMOCLAW_DASHBOARD_PORT=19000 nemoclaw onboard ``` + + +```bash +CHAT_UI_URL=http://127.0.0.1:19000 nemohermes onboard +NEMOCLAW_DASHBOARD_PORT=19000 nemohermes onboard +``` + For full details on port conflicts and overrides, refer to Port already in use (use the `nemoclaw-user-reference` skill). @@ -121,55 +222,117 @@ Recover from a misconfigured sandbox without re-running the full onboard wizard Change the active model or provider at runtime without rebuilding the sandbox: -```console -$ nemoclaw inference set --model --provider + +```bash +nemoclaw inference set --model --provider ``` + + +```bash +nemohermes inference set --model --provider +``` + Refer to Switch Inference Providers (use the `nemoclaw-user-configure-inference` skill) for provider-specific model IDs and API compatibility notes. ### Restart the Gateway and Port Forward + If `nemoclaw status` reports the sandbox is alive but the gateway is not running, run the recover command instead of opening a shell. + + +If `nemohermes status` reports the sandbox is alive but the Hermes gateway is not running, run the recover command instead of opening a shell. + -```console -$ nemoclaw recover + +```bash +nemoclaw recover ``` + + +```bash +nemohermes recover +``` + The command restarts the in-sandbox gateway and re-establishes the dashboard port-forward in one step. It is idempotent and safe to script. + Refer to `nemoclaw recover` (use the `nemoclaw-user-reference` skill) for details. + + +Refer to the command reference for details on `nemohermes recover`. + ### Reset a Stored Credential -If a provider credential was entered incorrectly during onboarding, clear the gateway-registered value and re-enter it on the next onboard run: +If you entered a provider credential incorrectly during onboarding, clear the gateway-registered value and re-enter it on the next onboard run: -```console -$ nemoclaw credentials list # see which providers are registered -$ nemoclaw credentials reset # clear a single provider, for example nvidia-prod -$ nemoclaw onboard # re-run to re-enter the cleared provider + +```bash +nemoclaw credentials list # see which providers are registered +nemoclaw credentials reset # clear a single provider, for example nvidia-prod +nemoclaw onboard # re-run to re-enter the cleared provider ``` + + +```bash +nemohermes credentials list # see which providers are registered +nemohermes credentials reset # clear a single provider, for example nvidia-prod +nemohermes onboard # re-run to re-enter the cleared provider +``` + -The credentials command is documented in full at `nemoclaw credentials reset ` (use the `nemoclaw-user-reference` skill). + +The command reference documents `nemoclaw credentials reset ` (use the `nemoclaw-user-reference` skill) in full. + + +The Commands reference (use the `nemoclaw-user-reference` skill) documents the credentials command in full. + ### Rebuild a Sandbox While Preserving Workspace State + If you changed the underlying Dockerfile, upgraded OpenClaw, or want to pick up a new base image without losing your sandbox's workspace files, use `rebuild` instead of destroying and recreating: + + +If you changed the underlying Dockerfile, upgraded Hermes, or want to pick up a new base image without losing your sandbox's state files, use `rebuild` instead of destroying and recreating: + -```console -$ nemoclaw rebuild + +```bash +nemoclaw rebuild +``` + + +```bash +nemohermes rebuild ``` + Rebuild preserves the mounted workspace and registered policies while recreating the container. If NemoClaw cannot archive any requested state path, it reports the backup failure and stops before deleting the original sandbox. + Refer to `nemoclaw rebuild` (use the `nemoclaw-user-reference` skill) for flag details. + + +Refer to the Commands reference (use the `nemoclaw-user-reference` skill) for `nemohermes rebuild` flag details. + ### Add a Network Preset After Onboarding Apply an additional preset, such as Telegram or GitHub, to a running sandbox without re-onboarding: -```console -$ nemoclaw policy-add + +```bash +nemoclaw policy-add +``` + + +```bash +nemohermes policy-add ``` + Refer to `nemoclaw policy-add` (use the `nemoclaw-user-reference` skill) for usage details and flags. @@ -179,76 +342,164 @@ See `NEMOCLAW_POLICY_MODE` (use the `nemoclaw-user-reference` skill) for the ful ## Update to the Maintained Version + When a maintained NemoClaw release becomes available, update the `nemoclaw` CLI on your host and check existing sandboxes for stale agent/runtime versions. -The standard installer follows the admin-promoted `lkg` release tag by default, so it may trail the newest semver or `latest` tag while validation completes. + + +When a maintained NemoClaw release becomes available, update the `nemohermes` CLI on your host and check existing sandboxes for stale agent/runtime versions. + +The standard installer follows the admin-promoted `lkg` release tag by default, so it can trail the newest semver or `latest` tag while validation completes. +To pin a specific release in a `curl | bash` install, set `NEMOCLAW_INSTALL_TAG` on the `bash` side of the pipe, or export it before the pipeline: + +```bash +curl -fsSL https://www.nvidia.com/nemoclaw.sh | NEMOCLAW_INSTALL_TAG=v0.0.56 bash +# or +export NEMOCLAW_INSTALL_TAG=v0.0.56 +curl -fsSL https://www.nvidia.com/nemoclaw.sh | bash +``` + +Do not place `NEMOCLAW_INSTALL_TAG=...` only before `curl`; shell assignment in that position applies to `curl`, not to the installer running under `bash`. +If the requested ref cannot be fetched, the installer exits with a clear error instead of falling back to `lkg`. -### Update the NemoClaw CLI +## Update the NemoClaw CLI Re-run the installer. + Before it onboards anything, the installer calls `nemoclaw backup-all` (use the `nemoclaw-user-reference` skill) automatically, storing a snapshot of each running sandbox in `~/.nemoclaw/rebuild-backups/` as a safety net. + + +Before it onboards anything, the installer calls `nemohermes backup-all` automatically, storing a snapshot of each running sandbox in `~/.nemoclaw/rebuild-backups/` as a safety net. + If your existing gateway is from OpenShell earlier than `0.0.37`, the installer prompts before it runs the new automatic gateway upgrade path. -The automatic path is offered only when the existing `nemoclaw` CLI supports `backup-all`; older installs must preserve sandbox state manually before retiring the gateway. -For unattended installs, set `NEMOCLAW_ACCEPT_EXPERIMENTAL_OPENSHELL_UPGRADE=1`, or manually run `nemoclaw backup-all`, `openshell gateway remove nemoclaw || openshell gateway destroy -g nemoclaw || openshell gateway destroy` (both verbs are tried so the right one runs on either OpenShell release), and `sudo pkill -f openshell-gateway` if a privileged host gateway remains before rerunning the installer as `curl -fsSL https://www.nvidia.com/nemoclaw.sh | NEMOCLAW_OPENSHELL_UPGRADE_PREPARED=1 bash`. + +The installer offers the automatic path only when the existing `nemoclaw` CLI supports `backup-all`. +Older installs must preserve sandbox state manually before retiring the gateway. +For unattended installs, set `NEMOCLAW_ACCEPT_EXPERIMENTAL_OPENSHELL_UPGRADE=1`, or manually run `nemoclaw backup-all`, `openshell gateway remove nemoclaw || openshell gateway destroy -g nemoclaw || openshell gateway destroy` (the command tries both verbs so the right one runs on either OpenShell release), and `sudo pkill -f openshell-gateway` if a privileged host gateway remains before rerunning the installer as `curl -fsSL https://www.nvidia.com/nemoclaw.sh | NEMOCLAW_OPENSHELL_UPGRADE_PREPARED=1 bash`. + + +The installer offers the automatic path only when the existing `nemohermes` CLI supports `backup-all`. +Older installs must preserve sandbox state manually before retiring the gateway. +For unattended installs, set `NEMOCLAW_ACCEPT_EXPERIMENTAL_OPENSHELL_UPGRADE=1`, or manually run `nemohermes backup-all`, `openshell gateway remove nemoclaw || openshell gateway destroy -g nemoclaw || openshell gateway destroy` (the command tries both verbs so the right one runs on either OpenShell release), and `sudo pkill -f openshell-gateway` if a privileged host gateway remains before rerunning the installer as `curl -fsSL https://www.nvidia.com/nemoclaw.sh | NEMOCLAW_AGENT=hermes NEMOCLAW_OPENSHELL_UPGRADE_PREPARED=1 bash`. + -```console -$ curl -fsSL https://www.nvidia.com/nemoclaw.sh | bash +```bash +curl -fsSL https://www.nvidia.com/nemoclaw.sh | bash ``` ### Upgrade Sandboxes with Stale Agent and Runtime Versions + The installer checks registered sandboxes after onboarding succeeds and runs `nemoclaw upgrade-sandboxes --auto` for stale running sandboxes. -Use `upgrade-sandboxes` directly to verify the result, rebuild when you skipped the installer or onboarding step, or handle sandboxes that were stopped or could not be version-checked. + + +The installer checks registered sandboxes after onboarding succeeds and runs `nemohermes upgrade-sandboxes --auto` for stale running sandboxes. + +Use `upgrade-sandboxes` directly to verify the result, rebuild when you skipped the installer or onboarding step, or handle sandboxes that were stopped or could not be version checked. The upgrade flow is non-destructive by default because NemoClaw preserves manifest-defined workspace state, but a manual snapshot before any major upgrade gives you a state restore point. -```console -$ nemoclaw snapshot create --name pre-upgrade # optional, recommended -$ nemoclaw update --yes # updates CLI through the maintained installer flow -$ nemoclaw upgrade-sandboxes --check # verify or list remaining stale/unknown sandboxes -$ nemoclaw upgrade-sandboxes # manually rebuild remaining stale running sandboxes + +```bash +nemoclaw snapshot create --name pre-upgrade # optional, recommended +nemoclaw update --yes # updates CLI through the maintained installer flow +nemoclaw upgrade-sandboxes --check # verify or list remaining stale/unknown sandboxes +nemoclaw upgrade-sandboxes # manually rebuild remaining stale running sandboxes ``` + + +```bash +nemohermes snapshot create --name pre-upgrade # optional, recommended +nemohermes update --yes # updates CLI through the maintained installer flow +nemohermes upgrade-sandboxes --check # verify or list remaining stale/unknown sandboxes +nemohermes upgrade-sandboxes # manually rebuild remaining stale running sandboxes +``` + + `nemoclaw update` is the CLI wrapper around the same installer path as `curl -fsSL https://www.nvidia.com/nemoclaw.sh | bash`. Use `nemoclaw update --check` when you only want to inspect version state and see the maintained update command. + + +`nemohermes update` is the CLI wrapper around the same installer path with Hermes selected. +Use `nemohermes update --check` when you only want to inspect version state and see the maintained update command. + + For scripted manual rebuilds, use `nemoclaw upgrade-sandboxes --auto` to skip the confirmation prompt. + + +For scripted manual rebuilds, use `nemohermes upgrade-sandboxes --auto` to skip the confirmation prompt. + If the upgraded sandbox needs its workspace state reverted, restore the pre-upgrade snapshot into the running sandbox. This restores saved state directories only; it does not downgrade the sandbox image or agent/runtime: -```console -$ nemoclaw snapshot restore pre-upgrade + +```bash +nemoclaw snapshot restore pre-upgrade ``` + + +```bash +nemohermes snapshot restore pre-upgrade +``` + ### What Changes During a Rebuild Each rebuild destroys the existing container and creates a new one. + NemoClaw protects your data through the same backup-and-restore flow as `nemoclaw rebuild` (use the `nemoclaw-user-reference` skill): - NemoClaw preserves manifest-defined workspace state. Before deleting the old container, NemoClaw snapshots the state directories and durable state files defined in the agent manifest, typically `/sandbox/.openclaw/workspace/`; for Hermes this also includes `SOUL.md` and the SQLite database behind `.hermes/state.db`. Stored credentials (`~/.nemoclaw/credentials.json`) and registered policy presets live on the host and are re-applied to the new sandbox automatically. - NemoClaw does not preserve runtime changes outside the workspace state directories. This includes packages installed inside the running container with `apt` or `pip`, files in non-workspace paths, and in-memory or process state. If you have customized the running container at runtime, capture that as `Dockerfile` changes for `nemoclaw onboard --from` or a manual `openshell sandbox download` before the rebuild starts. + + +NemoClaw protects your data through the same backup-and-restore flow as `nemohermes rebuild`: + +- NemoClaw preserves manifest-defined Hermes state. Before deleting the old container, NemoClaw snapshots the state directories and durable state files defined in the Hermes manifest, including `SOUL.md` and the SQLite database behind `.hermes/state.db`. Stored credentials (`~/.nemoclaw/credentials.json`) and registered policy presets live on the host and are re-applied to the new sandbox automatically. +- NemoClaw does not preserve runtime changes outside the manifest-defined state directories. This includes packages installed inside the running container with `apt` or `pip`, files in non-state paths, and in-memory or process state. If you have customized the running container at runtime, capture that as `Dockerfile` changes for `nemohermes onboard --from` or a manual `openshell sandbox download` before the rebuild starts. + + + Aborts before the destroy step are non-destructive. -The flow refuses to proceed past preflight if a credential is missing or past backup if required manifest-defined state cannot be copied, so a failed run leaves the original sandbox intact and ready to retry. +The flow refuses to proceed past preflight if a credential is missing or past backup if it cannot copy required manifest-defined state, so a failed run leaves the original sandbox intact and ready to retry. When a backup command reports partial archive output, NemoClaw keeps the usable entries and reports only the manifest-defined paths that could not be archived. See [Backup and Restore](references/backup-restore.md) for the full list of state-preservation guarantees, snapshot retention, and instructions for manual backups when the auto-flow is not enough. **If the rebuild aborts with `Missing credential: `:** + The rebuild preflight reads the provider credential recorded by your last `nemoclaw onboard` session. -If you have switched providers since onboarding, for example from a remote API to a local Ollama setup, the preflight may still reference the old key and fail before any destroy step runs. +If you have switched providers since onboarding, for example from a remote API to a local Ollama setup, the preflight can still reference the old key and fail before any destroy step runs. To recover, re-run `nemoclaw onboard` and select your current provider. This refreshes the session metadata. + + +The rebuild preflight reads the provider credential recorded by your last `nemohermes onboard` session. +If you have switched providers since onboarding, for example from a remote API to a local Ollama setup, the preflight can still reference the old key and fail before any destroy step runs. + +To recover, re-run `nemohermes onboard` and select your current provider. +This refreshes the session metadata. + Your existing container keeps serving traffic until the new image is ready. ## Uninstall To remove NemoClaw and all resources created during setup, run the CLI's built-in uninstall command: + ```bash nemoclaw uninstall ``` + + +```bash +nemohermes uninstall +``` + | Flag | Effect | |--------------------|------------------------------------------------------| @@ -258,15 +509,15 @@ nemoclaw uninstall **Note:** -`nemoclaw uninstall` preserves `~/.nemoclaw/rebuild-backups/` (host-side snapshots that `nemoclaw snapshot create` and `nemoclaw backup-all` write), `~/.nemoclaw/backups/` (workspace backups that `scripts/backup-workspace.sh` writes), and `~/.nemoclaw/sandboxes.json` (the sandbox registry) by default. +The uninstall command preserves `~/.nemoclaw/rebuild-backups/` (host-side snapshots that snapshot and `backup-all` commands write), `~/.nemoclaw/backups/` (workspace backups that `scripts/backup-workspace.sh` writes), and `~/.nemoclaw/sandboxes.json` (the sandbox registry) by default. Uninstall removes every other entry under `~/.nemoclaw/`. Interactive runs prompt before they remove the preserved entries; the default answer keeps them. For non-interactive runs (`--yes`, `NEMOCLAW_NON_INTERACTIVE=1`, or a non-TTY shell), set `NEMOCLAW_UNINSTALL_DESTROY_USER_DATA=1` to acknowledge data loss and remove the preserved entries as well. -See `nemoclaw uninstall` (use the `nemoclaw-user-reference` skill) for the full preservation contract. +See the Commands reference (use the `nemoclaw-user-reference` skill) for the full preservation contract. -`nemoclaw uninstall` runs the version-pinned `uninstall.sh` that shipped with your installed CLI, so it does not fetch anything over the network at uninstall time. +The CLI uninstall command runs the version-pinned `uninstall.sh` that shipped with your installed CLI, so it does not fetch anything over the network at uninstall time. -If the `nemoclaw` CLI is missing or broken, fall back to the hosted script: +If the CLI is missing or broken, fall back to the hosted script: ```bash curl -fsSL https://raw.githubusercontent.com/NVIDIA/NemoClaw/refs/heads/main/uninstall.sh | bash @@ -278,13 +529,14 @@ The same `--yes`, `--keep-openshell`, and `--delete-models` flags listed above a curl -fsSL https://raw.githubusercontent.com/NVIDIA/NemoClaw/refs/heads/main/uninstall.sh | bash -s -- --yes --delete-models ``` -For a full comparison of the two forms, including what they fetch, what they trust, and when to prefer each, see `nemoclaw uninstall` vs. the hosted `uninstall.sh` (use the `nemoclaw-user-reference` skill). +For a full comparison of the two forms, including what they fetch, what they trust, and when to prefer each, refer to `nemoclaw uninstall` vs. the hosted `uninstall.sh` (use the `nemoclaw-user-reference` skill). ## References - **[references/runtime-controls.md](references/runtime-controls.md)** — Single page that answers what can change at runtime versus what requires a rebuild for NemoClaw sandboxes. - **Load [references/backup-restore.md](references/backup-restore.md)** when downloading workspace files from a sandbox, uploading restored files into a new sandbox, or preserving sandbox state across rebuilds. Backs up and restores OpenClaw workspace files before destructive operations such as sandbox rebuilds. - **Load [references/messaging-channels.md](references/messaging-channels.md)** when setting up messaging channels, chat interfaces, or integrations without relying on nemoclaw tunnel start for bridges. Explains how Telegram, Discord, Slack, WeChat, and WhatsApp reach sandboxed OpenClaw and Hermes agents through OpenShell-managed processes and NemoClaw channel commands. +- **[references/install-plugins-hermes.md](references/install-plugins-hermes.md)** — Explains how to install Hermes plugins in NemoClaw-managed sandboxes. - **Load [references/workspace-files.md](references/workspace-files.md)** when users ask about `SOUL.md`, `USER.md`, `IDENTITY.md`, `AGENTS.md`, or other workspace files, or when preparing to back up or restore workspace state. Explains what workspace personality and configuration files are, where they live, and how they persist across sandbox restarts. ## Related Skills diff --git a/.agents/skills/nemoclaw-user-manage-sandboxes/references/backup-restore.md b/.agents/skills/nemoclaw-user-manage-sandboxes/references/backup-restore.md index 70da806410..04e4abf3dc 100644 --- a/.agents/skills/nemoclaw-user-manage-sandboxes/references/backup-restore.md +++ b/.agents/skills/nemoclaw-user-manage-sandboxes/references/backup-restore.md @@ -2,102 +2,191 @@ # Backup and Restore Workspace Files -Workspace files define your agent's personality, memory, and user context. -They persist across sandbox restarts but are **permanently deleted** when you run `nemoclaw destroy`. +import { AgentOnly } from "../_components/AgentGuide"; + +Workspace and state files define your agent's personality, memory, user context, and durable runtime state. +They persist across sandbox restarts but are **permanently deleted** when you destroy the sandbox. This guide covers snapshot commands, manual backup with CLI commands, and an automated script. ## When to Back Up -- **Before running `nemoclaw destroy`** + + +- Before running `nemoclaw destroy` - Before major NemoClaw version upgrades - Periodically, if you've invested time customizing your agent + + + +- Before running `nemohermes destroy` +- Before major NemoClaw version upgrades +- Periodically, if you've invested time customizing your agent or paired messaging channels + + + ## Snapshot Commands The fastest way to back up and restore sandbox state is with the built-in snapshot commands. Snapshots capture all workspace state directories defined in the agent manifest and store them in `~/.nemoclaw/rebuild-backups//`. -Agent manifests may also declare durable top-level state files. For Hermes, -snapshots include `SOUL.md` and the SQLite database behind `.hermes/state.db` -using SQLite's online backup API, then restore that database through SQLite -instead of copying a live raw database file. -Treat snapshot directories as private local data: the Hermes database can -contain session metadata and message history needed for a faithful restore. - -```console -$ nemoclaw my-assistant snapshot create -$ nemoclaw my-assistant snapshot list -$ nemoclaw my-assistant snapshot restore +Agent manifests can also declare durable top-level state files. +For Hermes, snapshots include `SOUL.md` and the SQLite database behind `.hermes/state.db` using SQLite's online backup API, then restore that database through SQLite instead of copying a live raw database file. +Treat snapshot directories as private local data: the Hermes database can contain session metadata and message history needed for a faithful restore. + + +```bash +nemoclaw my-assistant snapshot create +nemoclaw my-assistant snapshot list +nemoclaw my-assistant snapshot restore +``` + + +```bash +nemohermes my-assistant snapshot create +nemohermes my-assistant snapshot list +nemohermes my-assistant snapshot restore ``` + -`snapshot list` prints a table of version, name, timestamp, and path. Versions (`v1`, `v2`, ..., `vN`) are computed from the timestamp order, so `vN` is always the newest snapshot. +`snapshot list` prints a table of version, name, timestamp, and path. +NemoClaw computes versions (`v1`, `v2`, ..., `vN`) from timestamp order, so `vN` is always the newest snapshot. To tag a snapshot with a human-readable label, pass `--name`: -```console -$ nemoclaw my-assistant snapshot create --name before-upgrade + +```bash +nemoclaw my-assistant snapshot create --name before-upgrade +``` + + +```bash +nemohermes my-assistant snapshot create --name before-upgrade ``` + To restore a specific snapshot instead of the latest, pass a version, name, or timestamp prefix: -```console -$ nemoclaw my-assistant snapshot restore v3 -$ nemoclaw my-assistant snapshot restore before-upgrade -$ nemoclaw my-assistant snapshot restore 2026-04-14T + +```bash +nemoclaw my-assistant snapshot restore v3 +nemoclaw my-assistant snapshot restore before-upgrade +nemoclaw my-assistant snapshot restore 2026-04-14T +``` + + +```bash +nemohermes my-assistant snapshot restore v3 +nemohermes my-assistant snapshot restore before-upgrade +nemohermes my-assistant snapshot restore 2026-04-14T ``` + To clone a snapshot into a different sandbox name, pass `--to `. If the destination sandbox already exists, NemoClaw refuses to overwrite it unless you pass `--force`: -```console -$ nemoclaw my-assistant snapshot restore before-upgrade --to my-assistant-clone -$ nemoclaw my-assistant snapshot restore before-upgrade --to my-assistant-clone --force --yes + +```bash +nemoclaw my-assistant snapshot restore before-upgrade --to my-assistant-clone +nemoclaw my-assistant snapshot restore before-upgrade --to my-assistant-clone --force --yes ``` + + +```bash +nemohermes my-assistant snapshot restore before-upgrade --to my-assistant-clone +nemohermes my-assistant snapshot restore before-upgrade --to my-assistant-clone --force --yes +``` + + + The `nemoclaw rebuild` command uses the same snapshot mechanism automatically. -Snapshot restore performs a targeted repair for legacy `.openclaw-data` symlinks that were created by older images. -Unsafe symlinks and hard links inside sandbox state are rejected during backup creation before they can enter a snapshot. +Snapshot restore performs a targeted repair for legacy `.openclaw-data` symlinks that older images created. +NemoClaw rejects unsafe symlinks and hard links inside sandbox state during backup creation before they can enter a snapshot. + + + + +The `nemohermes rebuild` command uses the same snapshot mechanism automatically. +NemoClaw rejects unsafe symlinks and hard links inside sandbox state during backup creation before they can enter a snapshot. Credential-bearing Hermes files such as `auth.json` are intentionally excluded from snapshots. NemoClaw-regenerated Hermes config files (`config.yaml` and `.env`) are also excluded; model/provider and messaging credentials are recreated from host-side onboarding and OpenShell provider state during rebuild. + + For full details, see the Commands reference (use the `nemoclaw-user-reference` skill). ## Manual Backup Use `openshell sandbox download` to copy files from the sandbox to your host. -```console -$ SANDBOX=my-assistant -$ BACKUP_DIR=~/.nemoclaw/backups/$(date +%Y%m%d-%H%M%S) -$ mkdir -p "$BACKUP_DIR" + + +```bash +SANDBOX=my-assistant +BACKUP_DIR=~/.nemoclaw/backups/$(date +%Y%m%d-%H%M%S) +mkdir -p "$BACKUP_DIR" + +openshell sandbox download "$SANDBOX" /sandbox/.openclaw/workspace/SOUL.md "$BACKUP_DIR/" +openshell sandbox download "$SANDBOX" /sandbox/.openclaw/workspace/USER.md "$BACKUP_DIR/" +openshell sandbox download "$SANDBOX" /sandbox/.openclaw/workspace/IDENTITY.md "$BACKUP_DIR/" +openshell sandbox download "$SANDBOX" /sandbox/.openclaw/workspace/AGENTS.md "$BACKUP_DIR/" +openshell sandbox download "$SANDBOX" /sandbox/.openclaw/workspace/MEMORY.md "$BACKUP_DIR/" +openshell sandbox download "$SANDBOX" /sandbox/.openclaw/workspace/memory/ "$BACKUP_DIR/memory/" +``` + + + + +```bash +SANDBOX=my-hermes +BACKUP_DIR=~/.nemoclaw/backups/$(date +%Y%m%d-%H%M%S) +mkdir -p "$BACKUP_DIR" -$ openshell sandbox download "$SANDBOX" /sandbox/.openclaw/workspace/SOUL.md "$BACKUP_DIR/" -$ openshell sandbox download "$SANDBOX" /sandbox/.openclaw/workspace/USER.md "$BACKUP_DIR/" -$ openshell sandbox download "$SANDBOX" /sandbox/.openclaw/workspace/IDENTITY.md "$BACKUP_DIR/" -$ openshell sandbox download "$SANDBOX" /sandbox/.openclaw/workspace/AGENTS.md "$BACKUP_DIR/" -$ openshell sandbox download "$SANDBOX" /sandbox/.openclaw/workspace/MEMORY.md "$BACKUP_DIR/" -$ openshell sandbox download "$SANDBOX" /sandbox/.openclaw/workspace/memory/ "$BACKUP_DIR/memory/" +openshell sandbox download "$SANDBOX" /sandbox/SOUL.md "$BACKUP_DIR/" +openshell sandbox download "$SANDBOX" /sandbox/.hermes/state.db "$BACKUP_DIR/" +openshell sandbox download "$SANDBOX" /sandbox/.hermes/platforms/ "$BACKUP_DIR/platforms/" ``` + + ## Manual Restore Use `openshell sandbox upload` to push files back into a sandbox. -```console -$ SANDBOX=my-assistant -$ BACKUP_DIR=~/.nemoclaw/backups/20260320-120000 # pick a timestamp + + +```bash +SANDBOX=my-assistant +BACKUP_DIR=~/.nemoclaw/backups/20260320-120000 # pick a timestamp -$ openshell sandbox upload "$SANDBOX" "$BACKUP_DIR/SOUL.md" /sandbox/.openclaw/workspace/ -$ openshell sandbox upload "$SANDBOX" "$BACKUP_DIR/USER.md" /sandbox/.openclaw/workspace/ -$ openshell sandbox upload "$SANDBOX" "$BACKUP_DIR/IDENTITY.md" /sandbox/.openclaw/workspace/ -$ openshell sandbox upload "$SANDBOX" "$BACKUP_DIR/AGENTS.md" /sandbox/.openclaw/workspace/ -$ openshell sandbox upload "$SANDBOX" "$BACKUP_DIR/MEMORY.md" /sandbox/.openclaw/workspace/ -$ openshell sandbox upload "$SANDBOX" "$BACKUP_DIR/memory/" /sandbox/.openclaw/workspace/memory/ +openshell sandbox upload "$SANDBOX" "$BACKUP_DIR/SOUL.md" /sandbox/.openclaw/workspace/ +openshell sandbox upload "$SANDBOX" "$BACKUP_DIR/USER.md" /sandbox/.openclaw/workspace/ +openshell sandbox upload "$SANDBOX" "$BACKUP_DIR/IDENTITY.md" /sandbox/.openclaw/workspace/ +openshell sandbox upload "$SANDBOX" "$BACKUP_DIR/AGENTS.md" /sandbox/.openclaw/workspace/ +openshell sandbox upload "$SANDBOX" "$BACKUP_DIR/MEMORY.md" /sandbox/.openclaw/workspace/ +openshell sandbox upload "$SANDBOX" "$BACKUP_DIR/memory/" /sandbox/.openclaw/workspace/memory/ ``` + + + +```bash +SANDBOX=my-hermes +BACKUP_DIR=~/.nemoclaw/backups/20260320-120000 # pick a timestamp + +openshell sandbox upload "$SANDBOX" "$BACKUP_DIR/SOUL.md" /sandbox/ +openshell sandbox upload "$SANDBOX" "$BACKUP_DIR/state.db" /sandbox/.hermes/ +openshell sandbox upload "$SANDBOX" "$BACKUP_DIR/platforms/" /sandbox/.hermes/platforms/ +``` + + + ## Using the Backup Script + + The repository includes a convenience script at `scripts/backup-workspace.sh`. ### Backup @@ -112,14 +201,14 @@ Backup saved to /home/user/.nemoclaw/backups/20260320-120000/ (6 items) Restore from the most recent backup: -```console -$ ./scripts/backup-workspace.sh restore my-assistant +```bash +./scripts/backup-workspace.sh restore my-assistant ``` Restore from a specific timestamp: -```console -$ ./scripts/backup-workspace.sh restore my-assistant 20260320-120000 +```bash +./scripts/backup-workspace.sh restore my-assistant 20260320-120000 ``` ## Verifying a Backup @@ -136,31 +225,47 @@ USER.md memory/ ``` + + + +For Hermes, prefer the built-in snapshot commands for faithful restore of `state.db`. +Use manual `openshell sandbox download` / `openshell sandbox upload` only when you need to inspect or transfer a specific file. + + + + + ## Multi-Agent Deployments -When OpenClaw is configured with multiple named agents, each agent has its own -workspace directory (`workspace-main/`, `workspace-support/`, `workspace-ops/`, -and so on — see [Multi-Agent Deployments](workspace-files.md#multi-agent-deployments)). +When you configure OpenClaw with multiple named agents, each agent has its own workspace directory (`workspace-main/`, `workspace-support/`, `workspace-ops/`, and so on). +Refer to [Multi-Agent Deployments](workspace-files.md#multi-agent-deployments). -`nemoclaw snapshot create` automatically discovers every `workspace-*/` -directory under the sandbox state tree and includes it in the snapshot bundle -alongside the default `workspace/`. `snapshot restore` re-applies the full -per-agent set. No manual per-workspace backup pattern is needed. +`nemoclaw snapshot create` automatically discovers every `workspace-*/` directory under the sandbox state tree and includes it in the snapshot bundle alongside the default `workspace/`. +`snapshot restore` reapplies the full per-agent set. +You do not need a manual per-workspace backup pattern. -The sandbox entrypoint ensures every per-agent workspace lives directly under -the persistent `.openclaw/` tree, so state also survives `openshell sandbox restart`. +The sandbox entrypoint ensures every per-agent workspace lives directly under the persistent `.openclaw/` tree, so state also survives `openshell sandbox restart`. ### Shared files across agents Files that operators typically want consistent across every per-agent workspace (`AGENTS.md`, shared skills, common templates) are **not** synced automatically. -Each workspace is independent; changes in one don't propagate. Operators that -need this either copy the shared files explicitly to each workspace after -editing, or maintain a host-side sync layer. Tracking shared-file tooling -(shared mount, `workspaces list` command) in -[#1260](https://github.com/NVIDIA/NemoClaw/issues/1260). +Each workspace is independent, and changes in one do not propagate. +Operators that need this either copy the shared files explicitly to each workspace after editing or maintain a host-side sync layer. +NVIDIA tracks shared-file tooling (shared mount, `workspaces list` command) in [#1260](https://github.com/NVIDIA/NemoClaw/issues/1260). + + + + +## Hermes State + +Hermes does not use OpenClaw per-agent workspace directories. +NemoClaw snapshots preserve the Hermes manifest-defined state tree and durable top-level files instead. +Refer to [Workspace Files](workspace-files.md) for the Hermes state layout. + + ## Next Steps -- [Workspace Files overview](workspace-files.md) to learn what each file does +- [Workspace Files overview](workspace-files.md) to learn what each file does. - Commands reference (use the `nemoclaw-user-reference` skill) diff --git a/.agents/skills/nemoclaw-user-manage-sandboxes/references/install-plugins-hermes.md b/.agents/skills/nemoclaw-user-manage-sandboxes/references/install-plugins-hermes.md new file mode 100644 index 0000000000..60779e6845 --- /dev/null +++ b/.agents/skills/nemoclaw-user-manage-sandboxes/references/install-plugins-hermes.md @@ -0,0 +1,116 @@ + + +# Install Hermes Plugins + +Hermes plugins extend the Hermes runtime inside a NemoClaw-managed sandbox. +They are different from NemoClaw skills and from OpenClaw plugins, so install them through the Hermes plugin path instead of `skill install`. + +## How Hermes Loads Plugins + +NemoClaw sets `HERMES_HOME` to `/sandbox/.hermes` when it starts the Hermes gateway. +Hermes plugin directories live under `/sandbox/.hermes/plugins/`. +NemoClaw uses the same mechanism for its built-in Hermes integration, which the sandbox image bakes into `/sandbox/.hermes/plugins/nemoclaw`. + +The built-in NemoClaw Hermes plugin provides sandbox status tools, skill reload support, managed-tool broker patches, and runtime grounding for the OpenShell sandbox. +Do not replace or remove `/sandbox/.hermes/plugins/nemoclaw` when you add your own plugin. + +## Choose an Install Path + +Today, the supported path for custom Hermes plugins is to bake the plugin into a custom sandbox image and onboard from that Dockerfile. +Use this path when the plugin adds Python code, runtime hooks, or dependencies that Hermes must see at gateway startup. + +`nemohermes skill install ` is only for `SKILL.md` agent skills. +It uploads skill instructions and refreshes skill discovery, but it does not install Hermes runtime plugins. + +## Prepare a Build Directory + +Put the custom Dockerfile and everything it needs to `COPY` in one directory. +`nemohermes onboard --from ` sends the Dockerfile's parent directory as the Docker build context. + +```text +my-hermes-plugin-sandbox/ +├── Dockerfile +└── my-hermes-plugin/ + ├── __init__.py + └── requirements.txt +``` + +If you start from the stock NemoClaw Hermes Dockerfile, keep the NemoClaw Hermes image contract intact. +The image must still include the generated Hermes config, NemoClaw Hermes plugin, blueprint files, and `nemoclaw-start` entrypoint. + +**Warning:** + +A custom `--from` Dockerfile replaces the normal NemoClaw Hermes Dockerfile. + Starting from `ghcr.io/nvidia/nemoclaw/hermes-sandbox-base:latest` alone is not enough unless your Dockerfile also preserves the NemoClaw Hermes layers from `agents/hermes/Dockerfile`. + +## Install the Plugin in the Image + +Add your plugin after the Dockerfile has created `/sandbox/.hermes`. +The example below shows the layer that copies a plugin directory into the Hermes plugin tree. + +```dockerfile +COPY my-hermes-plugin/ /opt/my-hermes-plugin/ + +USER root +RUN mkdir -p /sandbox/.hermes/plugins/my-hermes-plugin \ + && cp -a /opt/my-hermes-plugin/. /sandbox/.hermes/plugins/my-hermes-plugin/ \ + && if [ -f /opt/my-hermes-plugin/requirements.txt ]; then \ + /opt/hermes/.venv/bin/python -m pip install --no-cache-dir -r /opt/my-hermes-plugin/requirements.txt; \ + fi \ + && chown -R sandbox:sandbox /sandbox/.hermes/plugins/my-hermes-plugin \ + && chmod -R a+rX /sandbox/.hermes/plugins/my-hermes-plugin + +USER sandbox +WORKDIR /sandbox +``` + +Keep plugin code and dependency files inside the build directory. +Avoid copying host credentials, local caches, or broad home-directory contents into the image. + +## Create the Sandbox + +Run onboarding with the custom Dockerfile and an explicit sandbox name. +NemoClaw requires a name for `--from` builds so a custom image cannot silently replace the default sandbox. + +```bash +nemohermes onboard --name my-hermes-build --from ./my-hermes-plugin-sandbox/Dockerfile +``` + +For non-interactive onboarding, set the same values through environment variables. + +```bash +NEMOCLAW_NON_INTERACTIVE=1 \ +NEMOCLAW_SANDBOX_NAME=my-hermes-build \ +NEMOCLAW_FROM_DOCKERFILE=./my-hermes-plugin-sandbox/Dockerfile \ +nemohermes onboard +``` + +If you resume an interrupted onboarding run, use the same Dockerfile path that started the session. +NemoClaw records the custom Dockerfile path and rejects a resume that points at a different image source. + +## Network Access + +Hermes plugins still run inside the OpenShell sandbox boundary. +If a plugin calls an external API at runtime, add a policy preset for the required hostnames and binaries before you recreate the sandbox. + +Hermes uses Python for plugin execution, so policy entries usually need to allow the Hermes Python runtime, such as `/opt/hermes/.venv/bin/python`, in addition to any command-line wrapper your plugin starts. +For package downloads during sandbox runtime, use the `pypi` preset or a custom preset that allows the package hosts you need. + +For policy concepts, refer to Network Policies (use the `nemoclaw-user-reference` skill). +For custom preset workflows, refer to Customize Network Policy (use the `nemoclaw-user-manage-policy` skill). + +## Common Mistakes + +These are the most common places where Hermes plugin installation gets mixed up with other NemoClaw extension paths. + +- Do not use `skill install` for Hermes runtime plugins. +- Do not install Hermes plugins into `/sandbox/.openclaw/extensions`; that path is for OpenClaw plugins. +- Do not remove `/sandbox/.hermes/plugins/nemoclaw`; NemoClaw depends on that plugin for managed Hermes behavior. +- Do not put the Dockerfile in a broad directory unless you intend to send that whole directory as the Docker build context. +- Do not assume OpenShell policy allows Python package downloads during runtime by default. + +## Next Steps + +- Review NemoHermes Command Reference (use the `nemoclaw-user-reference` skill) for `nemohermes onboard --from` details. +- Review Customize Network Policy (use the `nemoclaw-user-manage-policy` skill) if the plugin needs runtime network egress. +- Review [Runtime Controls](runtime-controls.md) before changing shields or mutability settings for a plugin-enabled sandbox. diff --git a/.agents/skills/nemoclaw-user-manage-sandboxes/references/messaging-channels.md b/.agents/skills/nemoclaw-user-manage-sandboxes/references/messaging-channels.md index ebc939b0f9..32ee5b1006 100644 --- a/.agents/skills/nemoclaw-user-manage-sandboxes/references/messaging-channels.md +++ b/.agents/skills/nemoclaw-user-manage-sandboxes/references/messaging-channels.md @@ -2,40 +2,78 @@ # Messaging Channels +import { AgentOnly } from "../_components/AgentGuide"; + Telegram, Discord, Slack, WeChat, and WhatsApp reach your OpenClaw or Hermes agent through OpenShell-managed processes and gateway constructs. For token-based channels, NemoClaw registers credentials with OpenShell providers. WeChat captures a token through a host-side QR scan during onboarding. -WhatsApp pairs inside the sandbox via QR scan and intentionally stores mutable session state there. +WhatsApp pairs inside the sandbox through a QR scan and intentionally stores mutable session state there. NemoClaw bakes the selected channel configuration into the sandbox image and keeps runtime delivery under OpenShell control. **Experimental Channels:** WeChat and WhatsApp are experimental. Both rely on QR-based pairing flows that are more fragile than token-based bots, and the upstream client libraries can change behavior without notice. -Interfaces, defaults, and supported features may change, and these channels are not recommended for production use. +Interfaces, defaults, and supported features can change, and NVIDIA does not recommend these channels for production use. + You can enable channels during `nemoclaw onboard` or add them later with host-side `nemoclaw channels` commands. -Do not run agent-specific channel mutation commands such as `openclaw channels add` or `openclaw channels remove` inside the sandbox because NemoClaw generates `/sandbox/.openclaw/openclaw.json` for OpenClaw and `/sandbox/.hermes/.env` for Hermes at image build time, and changes inside the running container do not persist across rebuilds. - +Do not run agent-specific channel mutation commands such as `openclaw channels add` or `openclaw channels remove` inside the sandbox because NemoClaw generates `/sandbox/.openclaw/openclaw.json` at image build time, and changes inside the running container do not persist across rebuilds. + + +You can enable channels during `nemohermes onboard` or add them later with host-side `nemohermes channels` commands. +Do not mutate messaging configuration directly inside the sandbox because NemoClaw generates `/sandbox/.hermes/.env` and Hermes config at image build time, and changes inside the running container do not persist across rebuilds. + + + `nemoclaw tunnel start` does not start Telegram, Discord, Slack, or other chat bridges. It only starts optional host services such as the cloudflared tunnel when that binary is present. (`nemoclaw start` is kept as a deprecated alias.) + + +`nemohermes tunnel start` does not start Telegram, Discord, Slack, or other chat bridges. +It only starts optional host services such as the cloudflared tunnel when that binary is present. + For details, refer to Commands (use the `nemoclaw-user-reference` skill). ## Prerequisites + + - A machine where you can run `nemoclaw onboard` (local or remote host that runs the gateway and sandbox). + + + + +- A machine where you can run `nemohermes onboard` (local or remote host that runs the gateway and sandbox). + + - A token for each token-based messaging platform you want to enable, a personal WeChat account on your phone for the host-side QR scan during onboarding, or a phone you can use to scan the QR code for WhatsApp pairing. - A network policy preset for each enabled channel, or equivalent custom egress rules. ## Channel Requirements + + | Channel | Required tokens | Optional settings | |---------|-----------------|-------------------| | Telegram | `TELEGRAM_BOT_TOKEN` | `TELEGRAM_ALLOWED_IDS` for DM allowlisting, `TELEGRAM_REQUIRE_MENTION` for group-chat replies | | Discord | `DISCORD_BOT_TOKEN` | `DISCORD_SERVER_ID`, `DISCORD_USER_ID`, `DISCORD_REQUIRE_MENTION` | | Slack | `SLACK_BOT_TOKEN`, `SLACK_APP_TOKEN` | `SLACK_ALLOWED_USERS` for DM and channel `@mention` user allowlisting, `SLACK_ALLOWED_CHANNELS` for channel ID allowlisting | -| WeChat (experimental) | None. Captured via host-side QR scan during `nemoclaw onboard` | `WECHAT_ALLOWED_IDS` for DM allowlisting | -| WhatsApp (experimental) | None. Pair via QR after rebuild | None | +| WeChat (experimental) | None. Captured through host-side QR scan during `nemoclaw onboard` | `WECHAT_ALLOWED_IDS` for DM allowlisting | +| WhatsApp (experimental) | None. Pair through QR after rebuild | None | + + + + +| Channel | Required tokens | Optional settings | +|---------|-----------------|-------------------| +| Telegram | `TELEGRAM_BOT_TOKEN` | `TELEGRAM_ALLOWED_IDS` for DM allowlisting, `TELEGRAM_REQUIRE_MENTION` for group-chat replies | +| Discord | `DISCORD_BOT_TOKEN` | `DISCORD_SERVER_ID`, `DISCORD_USER_ID`, `DISCORD_REQUIRE_MENTION` | +| Slack | `SLACK_BOT_TOKEN`, `SLACK_APP_TOKEN` | `SLACK_ALLOWED_USERS` for DM and channel `@mention` user allowlisting, `SLACK_ALLOWED_CHANNELS` for channel ID allowlisting | +| WeChat (experimental) | None. Captured through host-side QR scan during `nemohermes onboard` | `WECHAT_ALLOWED_IDS` for DM allowlisting | +| WhatsApp (experimental) | None. Pair through QR after rebuild | None | + + Telegram uses a bot token from [BotFather](https://t.me/BotFather). Open Telegram, send `/newbot` to [@BotFather](https://t.me/BotFather), follow the prompts, and copy the token. @@ -61,18 +99,23 @@ Set `SLACK_ALLOWED_CHANNELS` to comma-separated Slack channel IDs to restrict ch When both Slack allowlists are set, NemoClaw requires the mention to come from one of the allowed channels and one of the allowed members. Channel messages still require an explicit bot mention. -WeChat (experimental) delivers messages over Tencent's iLink gateway via the upstream `@tencent-weixin/openclaw-weixin` plugin baked into the sandbox base image and the built-in Hermes iLink WeChat adapter. +WeChat (experimental) delivers messages over Tencent's iLink gateway through the upstream `@tencent-weixin/openclaw-weixin` plugin baked into the sandbox base image and the built-in Hermes iLink WeChat adapter. The supported mode in this release is **personal WeChat** (`bot_type=3`). WeChat Official Account and WeCom/Enterprise WeChat are not wired up. + Because the bot token only exists after a successful iLink QR handshake, NemoClaw runs the QR login on the host during `nemoclaw onboard`. + + +Because the bot token only exists after a successful iLink QR handshake, NemoClaw runs the QR login on the host during `nemohermes onboard`. + You scan the QR with WeChat on your phone (Discover → Scan), confirm the login, and NemoClaw captures the token, `accountId`, `baseUrl`, and `userId` from the iLink response. NemoClaw registers the token as the `-wechat-bridge` OpenShell provider and substitutes the `openshell:resolve:env:WECHAT_BOT_TOKEN` placeholder for it inside the sandbox, so the token never lands in the image or on disk inside the running container. -The non-secret per-account metadata (`WECHAT_ACCOUNT_ID`, `WECHAT_BASE_URL`, `WECHAT_USER_ID`) is baked into the sandbox image so the in-sandbox bridge can pre-seed the per-account context tokens without re-running the QR handshake. +NemoClaw bakes the non-secret per-account metadata (`WECHAT_ACCOUNT_ID`, `WECHAT_BASE_URL`, `WECHAT_USER_ID`) into the sandbox image so the in-sandbox bridge can pre-seed the per-account context tokens without re-running the QR handshake. WeChat is DM-only (`allowIdsMode: "dm"`). NemoClaw adds the operator who scanned the QR to `WECHAT_ALLOWED_IDS` automatically, and you can append more comma-separated WeChat user IDs through the same env var. -You can silence the host-side `[wechat]` diagnostic lines (poll status, IDC redirects, swallowed gateway errors) by exporting `NEMOCLAW_WECHAT_QUIET=1` once the flow is stable in your environment. +You can silence the host-side `[wechat]` diagnostic lines (poll status, IDC redirects, swallowed gateway errors) by exporting `NEMOCLAW_WECHAT_QUIET=1` after the flow is stable in your environment. Tencent's iLink gateway is a third-party service. Review your organization's terms-of-service, compliance, and data-residency constraints before enabling WeChat. @@ -82,15 +125,15 @@ NemoClaw advertises WhatsApp for both OpenClaw and Hermes sandboxes, and each ag Pairing happens inside the sandbox after the rebuild completes and creates mutable session credentials there. Connect to the sandbox and then use the agent-specific pairing command to render the QR code in the terminal: -```console -$ openclaw channels login --channel whatsapp # OpenClaw sandboxes -$ hermes whatsapp # Hermes sandboxes +```bash +openclaw channels login --channel whatsapp # OpenClaw sandboxes +hermes whatsapp # Hermes sandboxes ``` For OpenClaw sandboxes, NemoClaw validates the gateway URL before pairing and renders the WhatsApp QR code in a compact terminal form so it fits in smaller terminal windows. -If pairing exits with a gateway close such as `1008`, rerun the login command once and then check `nemoclaw channels status --channel whatsapp` so you can diagnose the gateway/session path separately from QR rendering. +If pairing exits with a gateway close such as `1008`, rerun the login command one time and then check `nemoclaw channels status --channel whatsapp` so you can diagnose the gateway/session path separately from QR rendering. -Session credentials are generated and stored inside durable agent state (`whatsapp` for OpenClaw, `platforms/whatsapp` for Hermes), so they survive rebuilds without re-pairing. +The sandbox generates and stores session credentials inside durable agent state (`whatsapp` for OpenClaw, `platforms/whatsapp` for Hermes), so they survive rebuilds without re-pairing. This is the runtime tradeoff of enabling WhatsApp without a host bridge: a paired sandbox can use that WhatsApp account until you unpair it or clear the durable state. NemoClaw cannot detect cross-sandbox WhatsApp conflicts the way it does for token-based channels. Pair only one sandbox per WhatsApp account at a time. @@ -99,7 +142,7 @@ Pair only one sandbox per WhatsApp account at a time. When the wizard reaches **Messaging channels**, it lists Telegram, Discord, Slack, WeChat, and WhatsApp. Press a channel number to toggle it on or off, then press **Enter** when done. -If no channels are selected, pressing **Enter** skips messaging setup. +If you select no channels, pressing **Enter** skips messaging setup. If a token-based channel token is not already in the environment or credential store, the wizard prompts for it and saves it. If you enable WeChat (experimental), the wizard does not prompt for a paste token. @@ -113,25 +156,37 @@ NemoClaw also selects the matching network policy preset during policy setup so For scripted setup, export the credentials and optional settings for the channels you want to enable before you run onboarding: -```console -$ export TELEGRAM_BOT_TOKEN= -$ export TELEGRAM_REQUIRE_MENTION=1 -$ export DISCORD_BOT_TOKEN= -$ export DISCORD_SERVER_ID= -$ export SLACK_BOT_TOKEN= -$ export SLACK_APP_TOKEN= -$ export SLACK_ALLOWED_USERS= -$ export SLACK_ALLOWED_CHANNELS= +```bash +export TELEGRAM_BOT_TOKEN= +export TELEGRAM_REQUIRE_MENTION=1 +export DISCORD_BOT_TOKEN= +export DISCORD_SERVER_ID= +export SLACK_BOT_TOKEN= +export SLACK_APP_TOKEN= +export SLACK_ALLOWED_USERS= +export SLACK_ALLOWED_CHANNELS= ``` This release does not support non-interactive WeChat configuration because the iLink QR handshake requires a human to scan the QR on a paired phone. + Run `nemoclaw onboard` interactively when you want to enable WeChat. + + +Run `nemohermes onboard` interactively when you want to enable WeChat. + Then run onboarding: -```console -$ nemoclaw onboard + +```bash +nemoclaw onboard ``` + + +```bash +nemohermes onboard +``` + Complete the rest of the wizard so the blueprint can create OpenShell providers where needed (for example `-telegram-bridge` or `-wechat-bridge`), bake channel configuration into the image (`NEMOCLAW_MESSAGING_CHANNELS_B64`), and start the sandbox. @@ -140,26 +195,55 @@ Complete the rest of the wizard so the blueprint can create OpenShell providers Run channel commands from the host, not from inside the sandbox. Use `channels list` to see the supported channel names: -```console -$ nemoclaw my-assistant channels list + +```bash +nemoclaw my-assistant channels list +``` + + +```bash +nemohermes my-assistant channels list ``` + Add the channel you want: -```console -$ nemoclaw my-assistant channels add telegram -$ nemoclaw my-assistant channels add discord -$ nemoclaw my-assistant channels add slack -$ nemoclaw my-assistant channels add wechat -$ nemoclaw my-assistant channels add whatsapp + +```bash +nemoclaw my-assistant channels add telegram +nemoclaw my-assistant channels add discord +nemoclaw my-assistant channels add slack +nemoclaw my-assistant channels add wechat +nemoclaw my-assistant channels add whatsapp ``` + + +```bash +nemohermes my-assistant channels add telegram +nemohermes my-assistant channels add discord +nemohermes my-assistant channels add slack +nemohermes my-assistant channels add wechat +nemohermes my-assistant channels add whatsapp +``` + `channels add` collects whatever each channel needs. It prompts for Telegram, Discord, and Slack tokens, runs an interactive host-side QR scan for WeChat, and collects nothing for WhatsApp because pairing happens in-sandbox after rebuild. -It registers bridge providers with the OpenShell gateway when tokens were captured, records the channel in the sandbox registry, and asks whether to rebuild immediately. +It registers bridge providers with the OpenShell gateway when it captures tokens, records the channel in the sandbox registry, and asks whether to rebuild immediately. The command accepts mixed-case input such as `Telegram`, then stores and prints the canonical lowercase channel name. -If a matching built-in network policy preset exists, `channels add` applies it to the sandbox automatically before the rebuild so the bridge has egress to its upstream API. -If applying the preset fails, NemoClaw warns and tells you to re-apply manually with `nemoclaw policy-add ` after the rebuild. +`channels add` requires the matching built-in network policy preset YAML to be present. +A missing or malformed preset YAML (no `network_policies:` section) aborts the command before any token prompt, registry write, or rebuild prompt, so the sandbox never advertises a channel without a matching network policy. +With the preset file in place, `channels add` applies it to the sandbox before the rebuild so the bridge has egress to its upstream API. +When the apply step itself fails after the registry write on a fresh add, NemoClaw attempts to roll back the bridge providers, the `messagingChannels` entry, and any staged environment credentials, then exits without prompting for a rebuild; if any gateway-side step (provider detach or delete) fails the rollback continues and prints a `Rollback could not fully clean ` warning so the operator can clean up manually. +When the same failure happens on a re-add of an already-enabled channel, NemoClaw restores the prior `messagingChannels` entry, restores staged environment credentials when available, restores registry credential hashes, and attempts to re-upsert the prior bridge providers. +It flags `gateway-providers` as residual because the in-flight upsert can leave the gateway with the new token. +Verify the gateway bridge before relying on the channel. + +Restore the preset YAML and re-run `nemoclaw channels add `. + + +Restore the preset YAML and re-run `nemohermes channels add `. + Choose the rebuild so the running sandbox image picks up the new channel. For Telegram, Discord, and Slack, `channels add` also checks the rebuilt runtime for the selected bridge and reports startup, credential, or missing-plugin warnings before returning. If you need optional channel settings such as `TELEGRAM_ALLOWED_IDS`, `TELEGRAM_REQUIRE_MENTION`, `DISCORD_SERVER_ID`, `DISCORD_USER_ID`, `DISCORD_REQUIRE_MENTION`, `SLACK_ALLOWED_USERS`, or `SLACK_ALLOWED_CHANNELS`, export them before the rebuild starts. @@ -167,43 +251,76 @@ Telegram Bot API `sendMessage` calls prove outbound delivery from the bot; to te For a repeatable live Telegram reply check, run `test/e2e/test-messaging-providers.sh` with `TELEGRAM_BOT_TOKEN_REAL`, `TELEGRAM_AUTHORIZED_CHAT_IDS` or `TELEGRAM_CHAT_ID`, and `NEMOCLAW_TELEGRAM_INBOUND_REPLY_E2E=1`. If you defer the rebuild, apply the change later: -```console -$ nemoclaw my-assistant rebuild + +```bash +nemoclaw my-assistant rebuild +``` + + +```bash +nemohermes my-assistant rebuild ``` + In non-interactive mode, set the required environment variables before running `channels add`. Missing credentials fail fast, and the command queues the change for a manual rebuild: -```console -$ NEMOCLAW_NON_INTERACTIVE=1 TELEGRAM_BOT_TOKEN= \ + +```bash +NEMOCLAW_NON_INTERACTIVE=1 TELEGRAM_BOT_TOKEN= \ nemoclaw my-assistant channels add telegram -$ nemoclaw my-assistant rebuild +nemoclaw my-assistant rebuild ``` + + +```bash +NEMOCLAW_NON_INTERACTIVE=1 TELEGRAM_BOT_TOKEN= \ + nemohermes my-assistant channels add telegram +nemohermes my-assistant rebuild +``` + For Discord server access after onboarding, include the server settings when you add the channel and rebuild: -```console -$ DISCORD_BOT_TOKEN= \ + +```bash +DISCORD_BOT_TOKEN= \ DISCORD_SERVER_ID= \ DISCORD_REQUIRE_MENTION=1 \ nemoclaw my-assistant channels add discord ``` + + +```bash +DISCORD_BOT_TOKEN= \ + DISCORD_SERVER_ID= \ + DISCORD_REQUIRE_MENTION=1 \ + nemohermes my-assistant channels add discord +``` + ### `channels add wechat` `channels add wechat` (experimental) follows the same shape as the other channels with two differences driven by the iLink QR handshake. First, the command does not prompt for a paste token. -Instead, it renders a QR code in your terminal, polls Tencent's iLink gateway, and captures both the bot token and the per-account metadata (`accountId`, `baseUrl`, `userId`) once you scan the QR with WeChat on your phone (Discover → Scan). +Instead, it renders a QR code in your terminal, polls Tencent's iLink gateway, and captures both the bot token and the per-account metadata (`accountId`, `baseUrl`, `userId`) after you scan the QR with WeChat on your phone (**Discover** > **Scan**). The login has an eight-minute deadline and refreshes the QR up to three times on expiry. Keep the terminal in the foreground until you see `✓ WeChat login confirmed`. Second, the command requires an interactive terminal. Non-interactive mode (`NEMOCLAW_NON_INTERACTIVE=1`) fails fast with a clear error because the QR handshake needs a paired phone. -```console -$ nemoclaw my-assistant channels add wechat + +```bash +nemoclaw my-assistant channels add wechat ``` + + +```bash +nemohermes my-assistant channels add wechat +``` + If `WECHAT_BOT_TOKEN` is already cached for this sandbox (the operator onboarded with WeChat earlier), `channels add wechat` reuses the cached token and skips the QR scan to keep the upstream plugin's existing iLink session intact. Re-running QR would invalidate that session. @@ -218,10 +335,18 @@ Rebuild the sandbox after the update so the image reflects the current channel s To remove a channel and clear its stored credentials, run: -```console -$ nemoclaw my-assistant channels remove telegram -$ nemoclaw my-assistant channels remove wechat + +```bash +nemoclaw my-assistant channels remove telegram +nemoclaw my-assistant channels remove wechat +``` + + +```bash +nemohermes my-assistant channels remove telegram +nemohermes my-assistant channels remove wechat ``` + `channels remove wechat` clears the bot token, deletes the `-wechat-bridge` OpenShell provider, and drops `wechat` from the sandbox's enabled-channel set. The next rebuild produces an image without the WeChat channel block in `openclaw.json` and without the per-account state files under `/sandbox/.openclaw/openclaw-weixin/`. @@ -232,21 +357,42 @@ The cleanup tries `openshell sandbox exec` and falls back to SSH if that does no If neither transport can reach a running sandbox for a QR-paired channel, the command exits non-zero and asks you to start the sandbox and re-run. NemoClaw deliberately leaves the registry, policy preset, and `session.policyPresets` unchanged on that failure path, so a follow-up re-run completes the removal cleanly. -`channels remove whatsapp` clears the client-side Baileys session inside the sandbox; it cannot deregister the linked device with WhatsApp's servers because that requires an active Baileys connection to issue the logout RPC, which we no longer have once the session files are gone. +`channels remove whatsapp` clears the client-side Baileys session inside the sandbox. +It cannot deregister the linked device with WhatsApp's servers because that requires an active Baileys connection to issue the logout RPC, and the command no longer has that connection after it removes the session files. The phone account will continue to list the sandbox as a Linked Device until you remove it manually from your phone (Settings → Linked Devices → tap the entry → Log out) or until WhatsApp's 14-day inactivity timeout expires. -Removing the entry from the phone is recommended if you plan to re-pair the same phone with a different sandbox. +Remove the entry from the phone if you plan to re-pair the same phone with a different sandbox. Use `channels stop` when you want to pause a bridge without deleting credentials: -```console -$ nemoclaw my-assistant channels stop telegram -$ nemoclaw my-assistant channels start telegram + -$ nemoclaw my-assistant channels stop wechat -$ nemoclaw my-assistant channels start wechat +```bash +nemoclaw my-assistant channels stop telegram +nemoclaw my-assistant channels start telegram + +nemoclaw my-assistant channels stop wechat +nemoclaw my-assistant channels start wechat +``` + + + + +```bash +nemohermes my-assistant channels stop telegram +nemohermes my-assistant channels start telegram + +nemohermes my-assistant channels stop wechat +nemohermes my-assistant channels start wechat ``` + + + For WeChat specifically, `channels stop wechat` followed by a rebuild keeps the per-account state files under `/sandbox/.openclaw/openclaw-weixin/accounts/` intact even though the bridge is no longer wired up in `openclaw.json`. + + +For WeChat specifically, `channels stop wechat` followed by a rebuild keeps the per-account state files under `/sandbox/.hermes/` intact even though the bridge is no longer wired up in Hermes config. + A subsequent `channels start wechat` plus rebuild revives the bridge against the same iLink account without a fresh QR scan. The bot token is held by the OpenShell provider across the stop/start cycle. @@ -258,12 +404,22 @@ Running two sandboxes against the same WeChat account causes one of them to lose If you enable a messaging channel and another sandbox already uses the same token, onboarding prompts you to confirm before continuing in interactive mode and exits non-zero in non-interactive mode. If NemoClaw only has legacy channel metadata and cannot compare credential hashes, it keeps the conservative warning. Re-run `channels add ` with the intended token to refresh the stored non-secret hash. + `nemoclaw status` reports cross-sandbox overlaps so you can resolve duplicates before messages start dropping. + + +`nemohermes status` reports cross-sandbox overlaps so you can resolve duplicates before messages start dropping. + ## Stop Messaging Delivery Use `channels stop` when you want to pause one bridge and keep the sandbox running. + Use `nemoclaw tunnel stop` or its deprecated alias `nemoclaw stop` when you want to stop host auxiliary services and also ask NemoClaw to stop the OpenClaw gateway inside the selected sandbox. + + +Use `nemohermes tunnel stop` when you want to stop host auxiliary services and also ask NemoClaw to stop the Hermes gateway inside the selected sandbox. + Stopping the in-sandbox gateway stops Telegram, Discord, Slack, WeChat, and WhatsApp polling for that sandbox until you restart the sandbox or gateway. ## Confirm Delivery @@ -274,14 +430,31 @@ Use the matching policy preset (`telegram`, `discord`, `slack`, `wechat`, or `wh ## Tunnel Command + When the host has `cloudflared`, `nemoclaw tunnel start` starts a cloudflared tunnel that can expose the dashboard with a public URL. + + +When the host has `cloudflared`, `nemohermes tunnel start` starts a cloudflared tunnel that can expose the forwarded Hermes endpoint with a public URL. + Set `CLOUDFLARE_TUNNEL_TOKEN` before running the command when you want to use a Cloudflare named tunnel instead of a generated quick-tunnel URL. + `nemoclaw tunnel stop` stops the tunnel and asks NemoClaw to stop the in-sandbox gateway for the selected or default sandbox. The older `nemoclaw start` still works as a deprecated alias. - -```console -$ nemoclaw tunnel start + + +`nemohermes tunnel stop` stops the tunnel and asks NemoClaw to stop the in-sandbox gateway for the selected or default sandbox. + + + +```bash +nemoclaw tunnel start +``` + + +```bash +nemohermes tunnel start ``` + ## Related Topics diff --git a/.agents/skills/nemoclaw-user-manage-sandboxes/references/runtime-controls.md b/.agents/skills/nemoclaw-user-manage-sandboxes/references/runtime-controls.md index 9450277507..46c34155d3 100644 --- a/.agents/skills/nemoclaw-user-manage-sandboxes/references/runtime-controls.md +++ b/.agents/skills/nemoclaw-user-manage-sandboxes/references/runtime-controls.md @@ -2,40 +2,82 @@ # Runtime Controls and Sandbox Mutability +import { AgentOnly } from "../_components/AgentGuide"; + This page explains which parts of a running NemoClaw sandbox can change immediately and which changes require a rebuild or re-onboard. -## What you can change at runtime +## What You Can Change at Runtime -NemoClaw applies its security posture in three layers — what is baked into the sandbox image at onboard, what is hot-reloadable on the running sandbox, and what requires a rebuild or re-onboard. +NemoClaw applies its security posture in three layers: what onboarding bakes into the sandbox image, what the running sandbox can hot-reload, and what requires a rebuild or re-onboard. The table below maps each commonly changed item to the layer that owns it and the command that changes it. + + | Item | When the change takes effect | How to change it | |---|---|---| -| Inference provider (cloud, NVIDIA Endpoints, local Ollama / vLLM, compatible-endpoint, …) | Rebuild required (`openclaw.json` is locked at sandbox creation) | `nemoclaw rebuild` after picking a different provider via `nemoclaw inference set` | +| Inference provider (cloud, NVIDIA Endpoints, local Ollama / vLLM, compatible-endpoint, …) | Rebuild required (`openclaw.json` is locked at sandbox creation) | `nemoclaw rebuild` after picking a different provider with `nemoclaw inference set` | | Inference model on the current provider | Rebuild required for OpenClaw; hot-reloadable for managed routers | `nemoclaw rebuild` (OpenClaw) or `nemoclaw inference set` (router-based) | | Sub-agent (Hermes / OpenClaw / …) | Re-onboard required (the sub-agent and its workspace are baked at onboard) | `nemoclaw onboard --recreate-sandbox` | -| Network policy preset (slack, discord, telegram, brave, …) | Runtime — applies on the next request; rebuild only required if the preset adds bind-mounted secrets | `nemoclaw policy-add ` / `policy-remove ` | -| Network allow-list (custom hosts) | Runtime — picks up at next request | `openshell policy set` or interactive approval prompt at the gateway | +| Network policy preset (slack, discord, telegram, brave, …) | Runtime. Applies on the next request; rebuild only required if the preset adds bind-mounted secrets | `nemoclaw policy-add ` / `policy-remove ` | +| Network allow-list (custom hosts) | Runtime. Picks up at next request | `openshell policy set` or interactive approval prompt at the gateway | | Channel tokens (Slack / Discord / Telegram bot credentials) | Rebuild required (tokens are baked into the sandbox image at onboard so they never leave the host clear-text) | `nemoclaw channels add ` then accept the rebuild prompt | | Channel enable/disable (turn a configured channel off without removing the token) | Rebuild required (`openclaw.json` is the source of truth at runtime, see #3453) | `nemoclaw channels stop ` then rebuild | -| Dashboard forward port | Runtime — port is re-resolved on next `connect` | `NEMOCLAW_DASHBOARD_PORT= nemoclaw connect` | -| Dashboard bind address (loopback vs all interfaces) | Runtime — applies on next `connect` | `NEMOCLAW_DASHBOARD_BIND=0.0.0.0 nemoclaw connect` (see #3259) | -| Web search backend (Brave, Tavily, etc.) | Runtime via `web.backend` config flag; rebuild only if `web.fetchEnabled` flips | `nemoclaw config set --key web.backend --value tavily` | -| Filesystem layout (Landlock zones, read-only mounts, container caps) | **Locked at creation** — no runtime change | Re-onboard with `nemoclaw onboard --recreate-sandbox` | +| Dashboard forward port | Runtime. Port is re-resolved on next `connect` | `NEMOCLAW_DASHBOARD_PORT= nemoclaw connect` | +| Dashboard bind address (loopback compared to all interfaces) | Runtime. Applies on next `connect` | `NEMOCLAW_DASHBOARD_BIND=0.0.0.0 nemoclaw connect` (see #3259) | +| Web search backend (Brave, Tavily, and so on) | Runtime through `web.backend` config flag; rebuild only if `web.fetchEnabled` flips | `nemoclaw config set --key web.backend --value tavily` | +| Filesystem layout (Landlock zones, read-only mounts, container caps) | **Locked at creation**. No runtime change | Re-onboard with `nemoclaw onboard --recreate-sandbox` | | Sandbox name | **Locked at creation** | Re-onboard with a different `--name` | | GPU passthrough enable / device selector | **Locked at creation** | Re-onboard with `--gpu` / `--sandbox-gpu-device` | -| Agents allow-list (`agents.list` in `openclaw.json`) | Runtime — hot-reloaded by OpenClaw on config change | Prefer agent or NemoClaw commands that keep host and sandbox state aligned | -| `openclaw.json` keys (general — model, agents.list, web.backend, channel config, etc.) | Mixed. Individual keys still follow the rebuild rules in the rows above, such as provider switch requiring rebuild even after editing the JSON. | Prefer NemoClaw host commands so the host registry and rebuilt image stay aligned | +| Agents allow-list (`agents.list` in `openclaw.json`) | Runtime. OpenClaw hot-reloads on config change | Prefer agent or NemoClaw commands that keep host and sandbox state aligned | +| `openclaw.json` keys (general: model, agents.list, web.backend, channel config, and so on) | Mixed. Individual keys still follow the rebuild rules in the rows above, such as provider switch requiring rebuild even after editing the JSON. | Prefer NemoClaw host commands so the host registry and rebuilt image stay aligned | If a row above conflicts with what you observe, the runtime source of truth inside the sandbox is `/opt/nemoclaw/openclaw.json`; the host registry caches metadata but the image and OpenClaw read from the in-sandbox file. -## See also + + + +| Item | When the change takes effect | How to change it | +|---|---|---| +| Inference provider (cloud, NVIDIA Endpoints, local Ollama / vLLM, compatible-endpoint, …) | Runtime route changes apply immediately; rebuild if you need to rebake model metadata into the image | `nemohermes inference set` for route changes, or `nemohermes rebuild` after changing build-time settings | +| Inference model on the current provider | Hot-reloadable through the Hermes config sync path | `nemohermes inference set` | +| Agent runtime (Hermes compared to OpenClaw) | Re-onboard required (the agent and its state layout are baked at onboard) | `nemohermes onboard --recreate-sandbox` or `nemoclaw onboard --agent openclaw --recreate-sandbox` | +| Network policy preset (slack, discord, telegram, brave, …) | Runtime. Applies on the next request; rebuild only required if the preset adds bind-mounted secrets | `nemohermes policy-add ` / `policy-remove ` | +| Network allow-list (custom hosts) | Runtime. Picks up at next request | `openshell policy set` or interactive approval prompt at the gateway | +| Channel tokens (Slack / Discord / Telegram bot credentials) | Rebuild required (tokens are baked into the sandbox image at onboard so they never leave the host clear-text) | `nemohermes channels add ` then accept the rebuild prompt | +| Channel enable/disable (turn a configured channel off without removing the token) | Rebuild required (`/sandbox/.hermes/.env` and Hermes config are baked at image build time) | `nemohermes channels stop ` then rebuild | +| API/dashboard forward port | Runtime. Port is re-resolved on next `connect` | `nemohermes connect` or `openshell forward start` | +| Filesystem layout (Landlock zones, read-only mounts, container caps) | **Locked at creation**. No runtime change | Re-onboard with `nemohermes onboard --recreate-sandbox` | +| Sandbox name | **Locked at creation** | Re-onboard with a different `--name` | +| GPU passthrough enable / device selector | **Locked at creation** | Re-onboard with `--gpu` / `--sandbox-gpu-device` | +| Hermes `config.yaml` keys | Mixed. Inference keys can be patched by `nemohermes inference set`; image, policy, and channel changes still require rebuild. | Prefer NemoClaw host commands so the host registry and rebuilt image stay aligned | + +If a row above conflicts with what you observe, the runtime source of truth for +Hermes is `/sandbox/.hermes/config.yaml` plus `/sandbox/.hermes/.env`; the host +registry caches metadata but the image and Hermes runtime read from the +in-sandbox files. + + + +## See Also The mutability table above is a consolidated index of information that lives in more detail on per-topic pages: -- [Manage Sandbox Lifecycle](../SKILL.md) — full rebuild / re-onboard / upgrade workflow. -- Switch Inference Providers (use the `nemoclaw-user-configure-inference` skill) — the rebuild path for provider and model changes. -- Customize Network Policy (use the `nemoclaw-user-manage-policy` skill) and Approve Network Requests (use the `nemoclaw-user-manage-policy` skill) — runtime policy editing and operator approval flow. -- Security Best Practices (use the `nemoclaw-user-configure-security` skill) — the per-attack-surface posture table that this page complements. -- OpenClaw Security Controls (use the `nemoclaw-user-configure-security` skill) — application-layer controls that operate independently of NemoClaw. -- CLI Commands Reference (use the `nemoclaw-user-reference` skill) — full flag surface for every `nemoclaw` command, including the env vars that affect runtime behavior. + + +- [Manage Sandbox Lifecycle](../SKILL.md) for the full rebuild, re-onboard, and upgrade workflow. +- Switch Inference Providers (use the `nemoclaw-user-configure-inference` skill) for the rebuild path for provider and model changes. +- Customize Network Policy (use the `nemoclaw-user-manage-policy` skill) and Approve Network Requests (use the `nemoclaw-user-manage-policy` skill) for runtime policy editing and operator approval flow. +- Security Best Practices (use the `nemoclaw-user-configure-security` skill) for the per-attack-surface posture table that this page complements. +- OpenClaw Security Controls (use the `nemoclaw-user-configure-security` skill) for application-layer controls that operate independently of NemoClaw. +- CLI Commands Reference (use the `nemoclaw-user-reference` skill) for the full flag surface for every `nemoclaw` command, including the environment variables that affect runtime behavior. + + + + +- [Manage Sandbox Lifecycle](../SKILL.md) for the full rebuild, re-onboard, and upgrade workflow. +- Switch Inference Providers (use the `nemoclaw-user-configure-inference` skill) for the runtime route and rebuild paths for provider and model changes. +- Customize Network Policy (use the `nemoclaw-user-manage-policy` skill) and Approve Network Requests (use the `nemoclaw-user-manage-policy` skill) for runtime policy editing and operator approval flow. +- Security Best Practices (use the `nemoclaw-user-configure-security` skill) for the per-attack-surface posture table that this page complements. +- CLI Commands Reference (use the `nemoclaw-user-reference` skill) for the full flag surface for every `nemohermes` and `nemoclaw` command, including the environment variables that affect runtime behavior. + + diff --git a/.agents/skills/nemoclaw-user-manage-sandboxes/references/workspace-files.md b/.agents/skills/nemoclaw-user-manage-sandboxes/references/workspace-files.md index b8b0731df8..369b8fb0a0 100644 --- a/.agents/skills/nemoclaw-user-manage-sandboxes/references/workspace-files.md +++ b/.agents/skills/nemoclaw-user-manage-sandboxes/references/workspace-files.md @@ -2,6 +2,10 @@ # Workspace Files +import { AgentOnly } from "../_components/AgentGuide"; + + + OpenClaw stores its personality, user context, and behavioral configuration in a set of Markdown files inside the sandbox. These files live at `/sandbox/.openclaw/workspace/` and are collectively called **workspace files**. @@ -11,7 +15,7 @@ These files live at `/sandbox/.openclaw/workspace/` and are collectively called |---|---| | `SOUL.md` | Defines the agent's persona, tone, and communication style. | | `USER.md` | Stores information about the human the agent assists. | -| `IDENTITY.md` | Short identity card — name, language, emoji, creature type. | +| `IDENTITY.md` | Short identity card with name, language, emoji, and creature type. | | `AGENTS.md` | Behavioral rules, memory conventions, safety guidelines, and session workflow. | | `MEMORY.md` | Curated long-term memory distilled from daily notes. | | `memory/` | Directory of daily note files (`YYYY-MM-DD.md`) for session continuity. | @@ -35,7 +39,7 @@ All workspace files reside inside the sandbox filesystem: ## Multi-Agent Deployments A single NemoClaw sandbox can host more than one OpenClaw agent. -When OpenClaw is configured with multiple named agents (e.g., a shared `main` agent +When you configure OpenClaw with multiple named agents (for example, a shared `main` agent plus per-user agents for a Teams-integrated deployment), each agent gets its own workspace directory alongside the default `workspace/`: @@ -49,27 +53,23 @@ workspace directory alongside the default `workspace/`: Each per-agent workspace contains the same Markdown file structure as the default (`SOUL.md`, `USER.md`, `IDENTITY.md`, `AGENTS.md`, `MEMORY.md`, `memory/`). -Files are per-agent — changes in `workspace-main/AGENTS.md` are not visible to +Files are per-agent. Changes in `workspace-main/AGENTS.md` are not visible to `workspace-support/`. -Persistence and snapshots are handled automatically for per-agent workspaces: -the sandbox entrypoint provisions each `workspace-/` directly under the -writable `.openclaw/` tree so state survives sandbox restart, and -`nemoclaw snapshot create` discovers every `workspace-/` directory -and includes it in the snapshot bundle alongside the default `workspace/`. +NemoClaw handles persistence and snapshots automatically for per-agent workspaces: +the sandbox entrypoint provisions each `workspace-/` directly under the writable `.openclaw/` tree so state survives sandbox restart, and `nemoclaw snapshot create` discovers every `workspace-/` directory and includes it in the snapshot bundle alongside the default `workspace/`. **Note:** Files that operators typically want consistent across every agent workspace (`AGENTS.md`, shared skills, common templates) are not synced automatically. -Each workspace is independent; changes in one don't propagate. Tracking -shared-file tooling (shared mount, `workspaces list` command) in -[#1260](https://github.com/NVIDIA/NemoClaw/issues/1260). +Each workspace is independent, and changes in one do not propagate. +NVIDIA tracks shared-file tooling (shared mount, `workspaces list` command) in [#1260](https://github.com/NVIDIA/NemoClaw/issues/1260). ## Persistence Behavior Workspace files live in the sandbox's persistent state volume, not in the container image. -This means they survive normal container restarts, but they are deleted when you destroy the sandbox. +They survive normal container restarts, but NemoClaw deletes them when you destroy the sandbox. ### Preserved During Restart, Rebuild, and Upgrade @@ -83,7 +83,7 @@ It does not continue with a partial backup. ### Deleted During Sandbox Destroy Running `nemoclaw destroy` deletes the sandbox and its persistent state volume. -Workspace files are removed from the sandbox unless you created a snapshot or backup first. +NemoClaw removes workspace files from the sandbox unless you created a snapshot or backup first. **Warning:** @@ -103,3 +103,26 @@ You can edit them in two ways: - Set Up Task-Specific Sub-Agents (use the `nemoclaw-user-configure-inference` skill) - [Backup and Restore workspace files](backup-restore.md) - Commands reference (use the `nemoclaw-user-reference` skill) + + + + +Hermes stores durable agent state under `/sandbox/.hermes/` instead of the OpenClaw workspace directory. +The main Hermes configuration lives in `/sandbox/.hermes/config.yaml`, environment settings live in `/sandbox/.hermes/.env`, and runtime state such as logs, memory, platform sessions, and the SQLite state database lives under the same `.hermes` tree. + +## Important Hermes State + +| Path | Purpose | +|---|---| +| `/sandbox/.hermes/config.yaml` | NemoClaw-generated Hermes runtime configuration. | +| `/sandbox/.hermes/.env` | NemoClaw-generated environment and messaging placeholders. | +| `/sandbox/.hermes/state.db` | Hermes SQLite state database. | +| `/sandbox/.hermes/platforms/` | Messaging platform state, including QR-paired sessions such as WhatsApp. | +| `/sandbox/.hermes/logs/` | Hermes runtime logs. | +| `/sandbox/SOUL.md` | Durable top-level Hermes persona file preserved by NemoClaw snapshots. | + +## Editing State + +Prefer NemoClaw host commands for generated configuration such as model, provider, messaging, and policy settings. +Direct edits to `/sandbox/.hermes/config.yaml` or `/sandbox/.hermes/.env` can be overwritten by rebuilds. +Use `nemohermes connect` when you need to inspect runtime files interactively, or use `openshell sandbox download` and `openshell sandbox upload` for manual file transfer. diff --git a/.agents/skills/nemoclaw-user-monitor-sandbox/SKILL.md b/.agents/skills/nemoclaw-user-monitor-sandbox/SKILL.md index 80192e7c14..ff81a9b653 100644 --- a/.agents/skills/nemoclaw-user-monitor-sandbox/SKILL.md +++ b/.agents/skills/nemoclaw-user-monitor-sandbox/SKILL.md @@ -14,49 +14,82 @@ license: "Apache-2.0" - A running NemoClaw sandbox. - The OpenShell CLI on your `PATH`. +import { AgentOnly } from "../_components/AgentGuide"; + Use the NemoClaw status, logs, and TUI tools together to inspect sandbox health, trace agent behavior, and diagnose problems. ## Check Sandbox Health Run the status command to view the sandbox state, gateway health, and active inference configuration: -```console -$ nemoclaw status + +```bash +nemoclaw status +``` + + +```bash +nemohermes status ``` + + For local Ollama and local vLLM routes, `nemoclaw status` also probes the host-side health endpoint directly. -This catches a stopped local backend before you retry `inference.local` from inside the sandbox. + + +For local Ollama and local vLLM routes, `nemohermes status` also probes the host-side health endpoint directly. + +This check catches a stopped local backend before you retry `inference.local` from inside the sandbox. -Key fields in the output include the following: +Key output fields include: -- Sandbox details, which show the configured model, provider, GPU mode, and applied policy presets. -- Gateway and process health, which show whether NemoClaw can still reach the OpenShell gateway and whether the in-sandbox agent process is running. -- Inference health for local Ollama and local vLLM, which shows `healthy` or `unreachable` together with the probed local URL. -- NIM status, which shows whether a NIM container is running and healthy when that path is in use. +- Sandbox details show the configured model, provider, GPU mode, and applied policy presets. +- Gateway and process health show whether NemoClaw can still reach the OpenShell gateway and whether the in-sandbox agent process is running. +- Inference health for local Ollama and local vLLM shows `healthy` or `unreachable` together with the probed local URL. +- NIM status shows whether a NIM container is running and healthy when that path is in use. + Run `nemoclaw status` on the host to check sandbox state. + + +Run `nemohermes status` on the host to check sandbox state. + Use `openshell sandbox list` for the underlying sandbox details. ## View Blueprint and Sandbox Logs Stream the most recent log output from the blueprint runner and sandbox: -```console -$ nemoclaw logs + +```bash +nemoclaw logs +``` + + +```bash +nemohermes logs ``` + To follow the log output in real time: -```console -$ nemoclaw logs --follow + +```bash +nemoclaw logs --follow ``` + + +```bash +nemohermes logs --follow +``` + ## Monitor Network Activity in the TUI Open the OpenShell terminal UI for a live view of sandbox network activity and egress requests: -```console -$ openshell term +```bash +openshell term ``` For a remote sandbox, SSH to the instance and run `openshell term` there. @@ -73,19 +106,40 @@ Refer to Approve or Deny Agent Network Requests (use the `nemoclaw-user-manage-p Run a test inference request to verify that the provider is responding: -```console -$ nemoclaw my-assistant connect -$ openclaw agent --agent main -m "Test inference" --session-id debug + +```bash +nemoclaw my-assistant connect +openclaw agent --agent main -m "Test inference" --session-id debug +``` + + +```bash +nemohermes my-hermes connect +hermes ``` + If the request fails, check the following: + + 1. Run `nemoclaw status` to confirm the active provider and endpoint. For local Ollama and local vLLM, check the `Inference` line first. If it shows `unreachable`, restart the local backend before retrying from inside the sandbox. 2. Run `nemoclaw logs --follow` to view error messages from the blueprint runner. 3. Verify that the inference endpoint is reachable from the host. + + + +1. Run `nemohermes status` to confirm the active provider and endpoint. + For local Ollama and local vLLM, check the `Inference` line first. + If it shows `unreachable`, restart the local backend before retrying from inside the sandbox. +2. Run `nemohermes logs --follow` to view error messages from the blueprint runner. +3. Verify that the inference endpoint is reachable from the host. + + + ## Related Skills - `nemoclaw-user-reference` — Troubleshooting (use the `nemoclaw-user-reference` skill) for common issues and resolution steps diff --git a/.agents/skills/nemoclaw-user-overview/SKILL.md b/.agents/skills/nemoclaw-user-overview/SKILL.md index ca2512599d..66c3962282 100644 --- a/.agents/skills/nemoclaw-user-overview/SKILL.md +++ b/.agents/skills/nemoclaw-user-overview/SKILL.md @@ -1,6 +1,6 @@ --- name: "nemoclaw-user-overview" -description: "Explains what NemoClaw covers: onboarding, lifecycle management, and agent operations within OpenShell containers, plus capabilities and why it exists. Use when users ask what NemoClaw is or what the project provides. For ecosystem placement or OpenShell-only paths, use the Ecosystem page; for internal mechanics, use How It Works. Trigger keywords - nemoclaw overview, openclaw always-on assistants, hermes agent, nvidia openshell, nvidia nemotron, nemoclaw ecosystem, openclaw openshell, nemoclaw vs openshell, sandboxed openclaw, how nemoclaw works, nemoclaw sandbox lifecycle blueprint, nemoclaw release notes, nemoclaw changelog." +description: "Explains what NemoClaw covers: onboarding, lifecycle management, and agent operations within OpenShell containers, plus capabilities and why it exists. Use when users ask what NemoClaw is or what the project provides. For ecosystem placement or OpenShell-only paths, use the Ecosystem page; for internal mechanics, use How It Works. Trigger keywords - nemoclaw overview, openclaw always-on assistants, hermes agent, nvidia openshell, nvidia nemotron, nemoclaw ecosystem, nemohermes, nemoclaw vs openshell, run hermes openshell sandbox, openclaw openshell, sandboxed openclaw, how nemoclaw works, nemoclaw sandbox lifecycle blueprint, nemoclaw release notes, nemoclaw changelog." license: "Apache-2.0" --- @@ -12,6 +12,7 @@ license: "Apache-2.0" ## References - **Load [references/overview.md](references/overview.md)** when users ask what NemoClaw is or what the project provides. For ecosystem placement or OpenShell-only paths, use the Ecosystem page; for internal mechanics, use How It Works. Explains what NemoClaw covers: onboarding, lifecycle management, and agent operations within OpenShell containers, plus capabilities and why it exists. +- **Load [references/ecosystem-hermes.md](references/ecosystem-hermes.md)** when users ask about Hermes, OpenShell, and NemoClaw together, or when to use NemoClaw versus OpenShell for Hermes. Explains how Hermes, OpenShell, and NemoClaw form the ecosystem, NemoClaw's position in the stack, what NemoClaw adds beyond integrating OpenShell yourself, and when to prefer NemoHermes versus OpenShell. - **Load [references/ecosystem.md](references/ecosystem.md)** when users ask about the relationship between OpenClaw, OpenShell, and NemoClaw, or when to use NemoClaw versus OpenShell. Explains how OpenClaw, OpenShell, and NemoClaw form the ecosystem, NemoClaw's position in the stack, what NemoClaw adds beyond the community sandbox, and when to prefer NemoClaw versus integrating OpenShell and OpenClaw directly. - **Load [references/how-it-works.md](references/how-it-works.md)** for sandbox lifecycle and architecture mechanics; not for product definition (Overview) or multi-project placement (Ecosystem). Describes how NemoClaw works internally: CLI, plugin, blueprint runner, OpenShell orchestration, inference routing, and protection layers. - **Load [references/release-notes.md](references/release-notes.md)** when users ask about recent changes, the release cadence, or where to track versioned assets on GitHub. Includes the NemoClaw release notes. diff --git a/.agents/skills/nemoclaw-user-overview/references/ecosystem-hermes.md b/.agents/skills/nemoclaw-user-overview/references/ecosystem-hermes.md new file mode 100644 index 0000000000..c43494f8d0 --- /dev/null +++ b/.agents/skills/nemoclaw-user-overview/references/ecosystem-hermes.md @@ -0,0 +1,95 @@ + + +# Ecosystem + +NemoClaw provides onboarding, lifecycle management, and Hermes operations within OpenShell containers. +Use the `nemohermes` CLI alias when you work from the Hermes agent guide; it is equivalent to `nemoclaw` with the Hermes agent pre-selected. + +This page describes how these projects form the ecosystem, where NemoClaw sits relative to [OpenShell](https://github.com/NVIDIA/OpenShell) and [Hermes](https://hermes-agent.nousresearch.com/docs/), and how to choose between NemoHermes and OpenShell alone. + +## How the Stack Fits Together + +A NemoClaw for Hermes deployment combines three pieces with distinct scopes: Hermes, OpenShell, and NemoClaw. +The following diagram shows how they fit together. + +```mermaid +flowchart TB + NC["🦞 NVIDIA NemoClaw
CLI, blueprint"] + OS["🐚 NVIDIA OpenShell
Gateway, policy, inference routing"] + HM["Hermes
Agent in sandbox"] + + NC -->|orchestrates| OS + OS -->|isolates and runs| HM + + classDef nv fill:#76b900,stroke:#333,color:#fff + classDef nvLight fill:#e6f2cc,stroke:#76b900,color:#1a1a1a + classDef nvDark fill:#333,stroke:#76b900,color:#fff + + class NC nv + class OS nv + class HM nvDark + + linkStyle 0 stroke:#76b900,stroke-width:2px + linkStyle 1 stroke:#76b900,stroke-width:2px +``` + +NemoClaw sits above OpenShell in the operator workflow. +It drives OpenShell APIs and CLI to create and configure the sandbox that runs Hermes. +Models and endpoints sit behind OpenShell's inference routing. +NemoClaw onboarding wires provider choice into that routing, including the Hermes Provider route when you onboard through `nemohermes`. + +The following table shows the scope of each component in the stack. + +| Project | Scope | +|---------|--------| +| [Hermes](https://hermes-agent.nousresearch.com/docs/) | The agent: runtime, tools, messaging adapters, and an OpenAI-compatible API inside the container. It does not define the sandbox or the host gateway. | +| [OpenShell](https://github.com/NVIDIA/OpenShell) | The execution environment: sandbox lifecycle, network, filesystem, and process policy, inference routing, and the operator-facing `openshell` CLI for those primitives. | +| NemoClaw | The NVIDIA reference stack on the host: `nemohermes` / `nemoclaw` CLI, versioned blueprint, channel messaging configured for OpenShell-managed delivery, and state migration helpers so Hermes runs inside OpenShell in a documented, repeatable way. | + +## NemoClaw Path versus OpenShell Path + +Both paths assume OpenShell can sandbox a workload. +The difference is who owns the integration work. + +| Path | What it means | +|------|---------------| +| **NemoClaw path** | You adopt the reference stack. NemoClaw's Hermes blueprint encodes a hardened image, default policies, and orchestration so `nemohermes onboard` can create a known-good Hermes-on-OpenShell setup with less custom glue. | +| **OpenShell path** | You use OpenShell as the platform and supply your own container, Hermes install steps, policy YAML, provider setup, and any host bridges. OpenShell stays the sandbox and policy engine; nothing requires NemoClaw's blueprint or CLI. | + +## What NemoClaw Adds Beyond Custom OpenShell + +You can run Hermes inside OpenShell without NemoClaw by building your own image, writing policy YAML, registering providers, and wiring inference routes yourself. +That path is valid when you need full control over the container layout. + +NemoClaw builds on OpenShell with additional security hardening, automation, and lifecycle tooling for Hermes. +The following table compares custom OpenShell integration with `nemohermes onboard`. + +| Capability | Custom OpenShell + Hermes | `nemohermes onboard` | +|---|---|---| +| Sandbox isolation | Yes, when you apply OpenShell seccomp, Landlock, network namespace isolation, and no-new-privileges enforcement through your policy. | Yes. NemoClaw applies these through the blueprint and layers a Hermes-specific restrictive policy on top. | +| Credential handling | You create OpenShell providers manually with `openshell provider create` and configure placeholder resolution at egress. | NemoClaw creates OpenShell providers during onboarding and filters sensitive host environment variables from the sandbox creation command to reduce accidental leakage through build args. | +| Image hardening | Depends on your base image and install steps. | NemoClaw strips build toolchains (`gcc`, `g++`, `make`) and network probes (`netcat`) from the runtime image to reduce attack surface. | +| Filesystem policy | You define read-only and read-write paths in policy YAML. | NemoClaw defines a targeted layout: system paths (`/usr`, `/lib`, `/etc`) are read-only; `/sandbox` and `/sandbox/.hermes` are writable for agent state and configuration. | +| Inference setup | You configure OpenShell inference routing and Hermes `config.yaml` manually. | NemoClaw validates credentials from the host, configures the OpenShell route, and bakes model settings into `/sandbox/.hermes/config.yaml`. Hermes Provider onboarding is available through `nemohermes`. | +| Channel messaging | OpenShell delivers channel tokens through its provider system and L7 proxy; you configure Hermes platform adapters manually. | NemoClaw automates supported channel setup during onboarding and bakes Hermes env/config with placeholder tokens that OpenShell resolves at egress. | +| Blueprint versioning | No NemoClaw blueprint; your image tag is whatever you built locally. | NemoClaw downloads the blueprint artifact, checks version compatibility, and verifies its digest before applying. Running `nemohermes onboard` on different machines produces the same sandbox. | +| State migration | Not included unless you build it. | NemoClaw migrates agent state across machines with credential stripping and integrity verification. | +| Process count limits | You set process count limits manually with `--ulimit` or orchestrator config. | NemoClaw applies `ulimit -u 512` in the container entrypoint on top of OpenShell's seccomp and privilege dropping. | + +## When to Use Which + +Use the following table to decide when to use NemoHermes versus OpenShell alone. + +| Situation | Prefer | +|-----------|--------| +| You want Hermes with minimal assembly, NVIDIA defaults, and the documented install and onboard flow. | NemoClaw (`nemohermes`) | +| You need maximum flexibility for custom images, a layout that does not match the NemoClaw Hermes blueprint, or a workload outside this reference stack. | OpenShell with your own integration | +| You are standardizing on the NVIDIA reference for always-on Hermes agents with policy and inference routing. | NemoClaw (`nemohermes`) | +| You are building internal platform abstractions where the NemoClaw CLI or blueprint is not the right fit. | OpenShell (and your orchestration) | + +## Related Topics + +- [Overview](overview.md) describes what NemoClaw is, including capabilities, benefits, and use cases. +- [How It Works](how-it-works.md) describes how NemoClaw runs, the blueprint, sandbox creation, routing, and protection layers for Hermes. +- Architecture (use the `nemoclaw-user-reference` skill) shows the repository structure and technical diagrams. +- Quickstart with Hermes (use the `nemoclaw-user-get-started` skill) installs NemoClaw and launches your first Hermes sandbox. diff --git a/.agents/skills/nemoclaw-user-overview/references/ecosystem.md b/.agents/skills/nemoclaw-user-overview/references/ecosystem.md index b1d97c4a22..f2c2931000 100644 --- a/.agents/skills/nemoclaw-user-overview/references/ecosystem.md +++ b/.agents/skills/nemoclaw-user-overview/references/ecosystem.md @@ -4,11 +4,11 @@ NemoClaw provides onboarding, lifecycle management, and OpenClaw operations within OpenShell containers. -This page describes how the ecosystem is formed across projects, where NemoClaw sits relative to [OpenShell](https://github.com/NVIDIA/OpenShell) and [OpenClaw](https://openclaw.ai), and how to choose between NemoClaw and OpenShell. +This page describes how these projects form the ecosystem, where NemoClaw sits relative to [OpenShell](https://github.com/NVIDIA/OpenShell) and [OpenClaw](https://openclaw.ai), and how to choose between NemoClaw and OpenShell. ## How the Stack Fits Together -There are three pieces that are put together in a NemoClaw deployment: OpenClaw, OpenShell, and NemoClaw, each with a distinct scope. +A NemoClaw for OpenClaw deployment combines three pieces with distinct scopes: OpenClaw, OpenShell, and NemoClaw. The following diagram shows how they fit together. ```mermaid @@ -52,7 +52,7 @@ The difference is who owns the integration work. | Path | What it means | |------|---------------| -| **NemoClaw path** | You adopt the reference stack. NemoClaw's blueprint encodes a hardened image, default policies, and orchestration so `nemoclaw onboard` can stand up a known-good OpenClaw-on-OpenShell setup with less custom glue. | +| **NemoClaw path** | You adopt the reference stack. NemoClaw's blueprint encodes a hardened image, default policies, and orchestration so `nemoclaw onboard` can create a known-good OpenClaw-on-OpenShell setup with less custom glue. | | **OpenShell path** | You use OpenShell as the platform and supply your own container, install steps for OpenClaw, policy YAML, provider setup, and any host bridges. OpenShell stays the sandbox and policy engine; nothing requires NemoClaw's blueprint or CLI. | ## What NemoClaw Adds Beyond the OpenShell Community Sandbox @@ -70,7 +70,7 @@ The following table compares the two paths. | Credential handling | OpenShell's provider system replaces real credentials with placeholder tokens in the sandbox environment. The L7 proxy resolves placeholders to real values at egress. You create providers manually with `openshell provider create`. | NemoClaw creates OpenShell providers automatically during onboarding. It also filters sensitive host environment variables (provider API keys, `DISCORD_BOT_TOKEN`, `SLACK_BOT_TOKEN`, `TELEGRAM_BOT_TOKEN`) from the sandbox creation command to prevent accidental leakage through build args. | | Image hardening | The community image includes standard system tools for general-purpose use. | NemoClaw strips build toolchains (`gcc`, `g++`, `make`) and network probes (`netcat`) from the runtime image to reduce attack surface. | | Filesystem policy | The community sandbox bundles a policy for OpenClaw. | NemoClaw defines a targeted read-only and read-write layout. System paths (`/usr`, `/lib`, `/etc`) are read-only. The agent's home directory (`/sandbox`) and config directory (`/sandbox/.openclaw`) are writable by default so the agent can manage config, install skills, and write to standard paths natively. | -| Inference setup | The community sandbox includes an `openclaw-start` script that runs OpenClaw's onboarding wizard inside the sandbox. You can also create providers and configure OpenShell inference routing manually from the host. | NemoClaw's onboarding wizard validates your credential from the host, lets you select a provider (NVIDIA Endpoints, OpenAI, Anthropic, Google Gemini, Ollama, and compatible endpoints), and configures OpenShell's inference routing automatically. Credentials stay on the host and are delivered through OpenShell's provider system. | +| Inference setup | The community sandbox includes an `openclaw-start` script that runs OpenClaw's onboarding wizard inside the sandbox. You can also create providers and configure OpenShell inference routing manually from the host. | NemoClaw's onboarding wizard validates your credential from the host, lets you select a provider (NVIDIA Endpoints, OpenAI, Anthropic, Google Gemini, Ollama, and compatible endpoints), and configures OpenShell's inference routing automatically. Credentials stay on the host, and OpenShell's provider system delivers them. | | Channel messaging | OpenShell provides the credential provider system and L7 proxy that delivers channel tokens securely (including path-based resolution for Telegram's `/bot/` URL pattern). You create providers and configure OpenClaw's channel settings manually. | NemoClaw automates channel setup during onboarding: it collects bot tokens, registers them as OpenShell providers, and bakes OpenClaw channel config with placeholder tokens that OpenShell's proxy resolves at egress. No separate bridge process runs on the host. | | Blueprint versioning | No blueprint. The community sandbox uses whatever image version is currently published. | NemoClaw downloads the blueprint artifact, checks version compatibility, and verifies its digest before applying. Running `nemoclaw onboard` on different machines produces the same sandbox. | | State migration | Not included. | NemoClaw migrates agent state across machines with credential stripping and integrity verification. | @@ -87,8 +87,8 @@ Use the following table to decide when to use NemoClaw versus OpenShell. | You are standardizing on the NVIDIA reference for always-on assistants with policy and inference routing. | NemoClaw | | You are building internal platform abstractions where the NemoClaw CLI or blueprint is not the right fit. | OpenShell (and your orchestration) | -## Related topics +## Related Topics -- [Overview](overview.md) contains what NemoClaw is, capabilities, benefits, and use cases. -- [How It Works](how-it-works.md) describes how NemoClaw runs, plugin, blueprint, sandbox creation, routing, protection layers. +- [Overview](overview.md) describes what NemoClaw is, including capabilities, benefits, and use cases. +- [How It Works](how-it-works.md) describes how NemoClaw runs, including the plugin, blueprint, sandbox creation, routing, and protection layers. - Architecture (use the `nemoclaw-user-reference` skill) shows the repository structure and technical diagrams. diff --git a/.agents/skills/nemoclaw-user-overview/references/how-it-works.md b/.agents/skills/nemoclaw-user-overview/references/how-it-works.md index 40f6c0f986..d24a5ff179 100644 --- a/.agents/skills/nemoclaw-user-overview/references/how-it-works.md +++ b/.agents/skills/nemoclaw-user-overview/references/how-it-works.md @@ -2,10 +2,18 @@ # NemoClaw Architecture Overview +import { AgentCli, AgentOnly } from "../_components/AgentGuide"; + This page explains how NemoClaw runs supported agents inside an OpenShell sandbox and how the gateway connects the agent to inference, integrations, and policy. NemoClaw does not replace OpenShell or your chosen agent runtime. -It packages them into a repeatable setup with a host CLI, a versioned blueprint, default policies, inference setup, plugin configuration, and state helpers. +It packages them into a repeatable setup with a host CLI, a versioned blueprint, default policies, inference setup, and state helpers. + +OpenClaw sandboxes also load the NemoClaw plugin for managed inference metadata and the `/nemoclaw` slash command. + + +Hermes sandboxes receive agent configuration under `/sandbox/.hermes` during onboarding instead of the OpenClaw plugin path. + You can use that setup directly or adapt it for your own OpenShell integration. ## High-Level Flow @@ -23,7 +31,7 @@ The diagram has the following components: | Users and operators | Start from the CLI, installer, dashboard, or an end-user channel. | | NemoClaw control | Collects configuration, runs onboarding, prepares the blueprint, and asks OpenShell to create or update resources. | | OpenShell gateway | Owns sandbox lifecycle, networking, policy enforcement, inference routing, and integration egress. | -| NemoClaw sandbox | Runs the onboarded agent with the selected blueprint contents and supporting tools. OpenClaw sandboxes also load the NemoClaw plugin. | +| NemoClaw sandbox | Runs the onboarded agent with the selected blueprint contents and supporting tools. | | Inference | Receives model requests through the gateway, using NVIDIA endpoints, NIM, or compatible APIs. | | Integrations | Reach messaging services, MCP servers, GitHub, package indexes, or model hubs through gateway-managed egress. | | State and artifacts | Store configuration, credentials, logs, workspace files, policies, and transcripts outside the running agent process. | @@ -32,39 +40,48 @@ For repository layout, file paths, and deeper diagrams, see Architecture (use th ## Design Principles -NemoClaw architecture follows the following principles. +NemoClaw follows these architecture principles. -Thin plugin, versioned blueprint -: The sandbox plugin stays small and stable. Host-side orchestration uses a versioned blueprint and runner that can evolve on its own release cadence. +Versioned blueprint +: Host-side orchestration uses a versioned blueprint and runner that can evolve on its own release cadence. + The OpenClaw sandbox plugin stays small and stable inside the container. Respect CLI boundaries -: The `nemoclaw` CLI is the primary interface for sandbox management. +: The CLI is the primary interface for sandbox management. Supply chain safety : Blueprint artifacts are immutable, versioned, and digest-verified before execution. OpenShell-backed lifecycle -: NemoClaw orchestrates OpenShell resources under the hood, but `nemoclaw onboard` - is the supported operator entry point for creating or recreating NemoClaw-managed sandboxes. +: NemoClaw orchestrates OpenShell resources under the hood, but onboard is the supported operator entry point for creating or recreating NemoClaw-managed sandboxes. Reproducible setup : Running setup again recreates the sandbox from the same blueprint and policy definitions. ## CLI, Plugin, and Blueprint -NemoClaw is split into three integration pieces: +NemoClaw is split into integration pieces on the host and in the sandbox image: - The _host CLI_ runs onboarding, validates provider choices, stores configuration, and calls OpenShell commands for gateway, provider, sandbox, and policy operations. + + - The _plugin_ is a TypeScript package that runs with OpenClaw inside the sandbox. It registers the managed inference provider metadata, the `/nemoclaw` slash command, and runtime context hooks. + + + + +- NemoClaw writes Hermes runtime configuration into `/sandbox/.hermes` during onboarding, including `config.yaml`, environment files, and platform adapter settings for supported messaging channels. + + - The _blueprint_ is a versioned YAML package with the sandbox image, policy, inference profile, and supporting assets. The runner resolves and verifies the blueprint before applying it through OpenShell. -This separation keeps the sandbox plugin small while allowing host orchestration and blueprint contents to evolve on their own release cadence. +This separation keeps agent-specific sandbox assets focused while allowing host orchestration and blueprint contents to evolve on their own release cadence. ## Sandbox Creation -When you run `nemoclaw onboard`, NemoClaw creates an OpenShell sandbox that runs your selected agent in an isolated container. +When you run onboard, NemoClaw creates an OpenShell sandbox that runs your selected agent in an isolated container. The host CLI and blueprint runner orchestrate this process through the OpenShell CLI: 1. NemoClaw resolves the blueprint, checks version compatibility, and verifies the digest. @@ -80,6 +97,9 @@ OpenShell intercepts every inference call and routes it to the configured provid During onboarding, NemoClaw validates the selected provider and model, configures the OpenShell route, and bakes the matching model reference into the sandbox image. The sandbox then talks to `inference.local`, while the host owns the actual provider credential and upstream endpoint. If you select the Model Router provider, `inference.local` routes to a host-side router that chooses from the configured NVIDIA model pool for each request. + +For Hermes, runtime model switches through inference set update `/sandbox/.hermes/config.yaml` without rebuilding the sandbox. + ## Protection Layers @@ -94,11 +114,24 @@ The sandbox starts with a default policy that controls network egress, filesyste When the agent tries to reach an unlisted host, OpenShell blocks the request and surfaces it in the TUI for operator approval. Approved endpoints persist for the current session but are not saved to the baseline policy file. -For details on the baseline rules, refer to Network Policies (use the `nemoclaw-user-reference` skill). For container-level hardening, refer to Sandbox Hardening (use the `nemoclaw-user-deploy-remote` skill). - ## Next Steps + + - Read [Ecosystem](ecosystem.md) for stack-level relationships and NemoClaw versus OpenShell-only paths. -- Follow the Quickstart with OpenClaw (use the `nemoclaw-user-get-started` skill) or Quickstart with Hermes (use the `nemoclaw-user-get-started` skill) to launch your first sandbox. +- Follow Quickstart with OpenClaw (use the `nemoclaw-user-get-started` skill) to launch your first sandbox. +- Refer to the Architecture (use the `nemoclaw-user-reference` skill) for the full technical structure, including file layouts and the blueprint lifecycle. +- Refer to Inference Options (use the `nemoclaw-user-configure-inference` skill) for detailed provider configuration. +- For details on the baseline rules, refer to Network Policies (use the `nemoclaw-user-reference` skill). +- For container-level hardening, refer to Sandbox Hardening. + + + + +- Read [Ecosystem](ecosystem-hermes.md) for stack-level relationships and NemoClaw versus OpenShell-only paths. +- Follow Quickstart with Hermes (use the `nemoclaw-user-get-started` skill) to launch your first sandbox. - Refer to the Architecture (use the `nemoclaw-user-reference` skill) for the full technical structure, including file layouts and the blueprint lifecycle. - Refer to Inference Options (use the `nemoclaw-user-configure-inference` skill) for detailed provider configuration. +- For details on the baseline rules, refer to Network Policies (use the `nemoclaw-user-reference` skill). + + diff --git a/.agents/skills/nemoclaw-user-overview/references/overview.md b/.agents/skills/nemoclaw-user-overview/references/overview.md index 1fbf8ac3b7..f2f26b0a3a 100644 --- a/.agents/skills/nemoclaw-user-overview/references/overview.md +++ b/.agents/skills/nemoclaw-user-overview/references/overview.md @@ -2,14 +2,16 @@ # Overview of NVIDIA NemoClaw +import { AgentCli, AgentOnly } from "../_components/AgentGuide"; + NVIDIA NemoClaw is an open-source reference stack for running always-on AI agents more safely inside OpenShell containers. NemoClaw provides onboarding, lifecycle management, and agent operations for supported runtimes in OpenShell sandboxes. It incorporates policy-based privacy and security guardrails, giving you control over your agents' behavior and data handling. -This enables self-evolving agents to run more safely in clouds, on-prem, RTX PCs, and DGX Spark. +These controls help self-evolving agents run more safely in clouds, on-premises environments, RTX PCs, and DGX Spark. NemoClaw pairs hosted models on inference providers or local endpoints with a hardened sandbox, routed inference, and declarative egress policy so deployment stays safer and more repeatable. The sandbox runtime comes from [NVIDIA OpenShell](https://github.com/NVIDIA/OpenShell). -NemoClaw adds the blueprint, `nemoclaw` CLI, onboarding, and related tooling as the reference way to run supported agents there. +NemoClaw adds the blueprint, CLI, onboarding, and related tooling as the reference way to run supported agents there. | Capability | Description | |-------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------| @@ -39,15 +41,15 @@ NemoClaw provides the following benefits to mitigate these risks. | Benefit | Description | |----------------------------|------------------------------------------------------------------------------------------------------------------------| -| Sandboxed execution | Every agent runs inside an OpenShell sandbox with Landlock, seccomp, and network namespace isolation. No access is granted by default. | -| Routed inference | Model traffic is routed through the OpenShell gateway to your selected provider, transparent to the agent. You can switch providers or models. Refer to Inference Options (use the `nemoclaw-user-configure-inference` skill). | -| Declarative network policy | Egress rules are defined in YAML. Unknown hosts are blocked and surfaced to the operator for approval. | -| Single CLI | The `nemoclaw` command orchestrates the full stack: gateway, sandbox, inference provider, and network policy. | +| Sandboxed execution | Every agent runs inside an OpenShell sandbox with Landlock, seccomp, and network namespace isolation. The sandbox grants no access by default. | +| Routed inference | The OpenShell gateway routes model traffic to your selected provider, transparent to the agent. You can switch providers or models. Refer to Inference Options (use the `nemoclaw-user-configure-inference` skill). | +| Declarative network policy | YAML defines egress rules. OpenShell blocks unknown hosts and surfaces them to the operator for approval. | +| Single CLI | The command orchestrates the full stack: gateway, sandbox, inference provider, and network policy. | | Blueprint lifecycle | Versioned blueprints handle sandbox creation, digest verification, and reproducible setup. | ## Use Cases -You can use NemoClaw for various use cases including the following. +You can use NemoClaw for use cases such as the following. | Use Case | Description | |---------------------------|----------------------------------------------------------------------------------------------| @@ -59,9 +61,21 @@ You can use NemoClaw for various use cases including the following. Navigate to the following topics to learn more about NemoClaw and how to install and use it. + + - [Architecture Overview](how-it-works.md) to understand how NemoClaw works. -- [Ecosystem](ecosystem.md) to understand how OpenClaw, OpenShell, and NemoClaw relate in the wider stack, and when to use NemoClaw versus OpenShell. +- [Ecosystem](ecosystem.md) to understand how your agent, OpenShell, and NemoClaw relate in the wider stack, and when to use NemoClaw versus OpenShell. - Quickstart with OpenClaw (use the `nemoclaw-user-get-started` skill) to install NemoClaw and run your first OpenClaw sandbox. -- Quickstart with Hermes (use the `nemoclaw-user-get-started` skill) to install NemoClaw and run a Hermes sandbox. - Agent Skills (use the `nemoclaw-user-agent-skills` skill) to load NemoClaw guidance into an AI coding assistant. - Inference Options (use the `nemoclaw-user-configure-inference` skill) to check the inference providers that NemoClaw supports and how inference routing works. + + + + +- [Architecture Overview](how-it-works.md) to understand how NemoClaw works. +- [Ecosystem](ecosystem-hermes.md) to understand how Hermes, OpenShell, and NemoClaw relate in the wider stack, and when to use NemoClaw versus OpenShell. +- Quickstart with Hermes (use the `nemoclaw-user-get-started` skill) to install NemoClaw and run your first Hermes sandbox with `nemohermes`. +- Agent Skills (use the `nemoclaw-user-agent-skills` skill) to load NemoClaw guidance into an AI coding assistant. +- Inference Options (use the `nemoclaw-user-configure-inference` skill) to check the inference providers that NemoClaw supports and how inference routing works. + + diff --git a/.agents/skills/nemoclaw-user-overview/references/release-notes.md b/.agents/skills/nemoclaw-user-overview/references/release-notes.md index bab3b3dd17..a5c37671e6 100644 --- a/.agents/skills/nemoclaw-user-overview/references/release-notes.md +++ b/.agents/skills/nemoclaw-user-overview/references/release-notes.md @@ -2,7 +2,20 @@ # Release Notes -NVIDIA NemoClaw is available in early preview starting March 16, 2026. Use this page to track the highlights of the latest release. For more detailed release notes, refer to the [NemoClaw GitHub announcements](https://github.com/NVIDIA/NemoClaw/discussions/categories/announcements?discussions_q=is%3Aopen+category%3AAnnouncements). +NVIDIA NemoClaw is available in early preview starting March 16, 2026. +Use this page to track the highlights of the latest release. +For more detailed release notes, refer to the [NemoClaw GitHub announcements](https://github.com/NVIDIA/NemoClaw/discussions/categories/announcements?discussions_q=is%3Aopen+category%3AAnnouncements). + +## v0.0.57 + +NemoClaw v0.0.57 improves multi-agent command workflows, local inference setup, messaging channel reliability, sandbox diagnostics, policy persistence, and installer pinning: + +- OpenClaw sandboxes can manage conversation sessions and secondary agents from the host CLI. Use `nemoclaw sessions` to list sessions, reset a session key through the OpenClaw gateway, or delete a non-main session, and use `nemoclaw agents add` or `nemoclaw agents delete` to invoke the in-sandbox OpenClaw agent commands. Build-time config also accepts `NEMOCLAW_EXTRA_AGENTS_JSON` so operators can bake validated secondary-agent entries into `agents.list` without replacing the primary `main` agent. For more information, refer to NemoClaw CLI Commands Reference (use the `nemoclaw-user-reference` skill). +- Local inference setup is more observable and more resilient. Managed vLLM on DGX Spark defaults to `nvidia/Qwen3.6-35B-A3B-NVFP4`, streams Hugging Face model-download progress, polls `/v1/models` for readiness, and uses a progress-aware Docker pull watchdog. Local Ollama routes request streaming usage metadata so OpenClaw token counters can update, and `connect` warns when the recorded inference route diverges from the live gateway route instead of reverting silently. For more information, refer to Use a Local Inference Server (use the `nemoclaw-user-configure-inference` skill). +- Onboarding and re-onboarding preserve more operator intent. Linux Docker-driver onboarding can auto-apply a narrow UFW rule for the sandbox-to-gateway bridge when `NEMOCLAW_AUTO_FIX_FIREWALL=1`, verifies host-network local-inference reachability before reporting success, reuses healthy containerized gateways, binds gateway state by port, rolls back a freshly-created sandbox when setup is cancelled at the policy preset step, and carries finalized policy preset selections across later re-onboard runs. For more information, refer to NemoClaw CLI Commands Reference (use the `nemoclaw-user-reference` skill). +- Messaging channel setup fails earlier and leaves fewer partial changes. Slack setup validates both Socket Mode tokens before saving credentials, `channels add` checks the matching built-in policy preset before prompting or persisting channel state, failed preset application rolls back staged bridge changes when possible, WhatsApp pairing renders a compact QR code with clearer gateway diagnostics, and Slack runtime placeholders are normalized before OpenClaw starts. For more information, refer to Messaging Channels (use the `nemoclaw-user-manage-sandboxes` skill). +- Sandbox status and repair output are more actionable. `nemoclaw status` reports Docker daemon, stopped-container, dashboard-port-conflict, and paused-container layers without running misleading inference probes, `doctor` skips stale Kubernetes-only gateway container checks on Docker-driver installs, and stale local registry entries are preserved so the suggested `rebuild --yes` recovery path still has the metadata it needs. For more information, refer to NemoClaw CLI Commands Reference (use the `nemoclaw-user-reference` skill). +- Installer and policy guidance tightened. Piped installs show the correct `NEMOCLAW_INSTALL_TAG` placement and fail clearly when a requested ref is unavailable, the `pypi` preset allows the `uv` package manager binary, and Jira validation now uses a body-visible Atlassian API probe so operators can distinguish blocked and approved curl traffic. For more information, refer to Common NemoClaw Integration Policy Examples (use the `nemoclaw-user-manage-policy` skill). ## v0.0.56 @@ -29,9 +42,9 @@ NemoClaw v0.0.55 improves local Ollama onboarding reliability, plugin secret-sca NemoClaw v0.0.54 updates messaging activation, Windows WSL onboarding, NemoHermes dashboard access, and sandbox repair paths: - Generated OpenClaw config now marks Telegram, Discord, Slack, and WhatsApp as enabled at the channel level. Selected messaging plugins are pinned during the image build, and `channels add` verifies Telegram, Discord, and Slack bridge startup after the rebuild instead of leaving silent channel failures for later debugging. For more information, refer to Messaging Channels (use the `nemoclaw-user-manage-sandboxes` skill). -- The Windows bootstrap flow waits for Ubuntu account creation before touching Docker settings, enables Docker Desktop WSL integration for the target distro, avoids changing the global WSL default distro, and adds WSL-specific Docker reachability hints during onboarding. For more information, refer to Prepare Windows for NemoClaw (use the `nemoclaw-user-get-started` skill). +- The Windows bootstrap flow waits for Ubuntu account creation before touching Docker settings, enables Docker Desktop WSL integration for the target distro, avoids changing the global WSL default distro, and adds WSL-specific Docker reachability hints during onboarding. For more information, refer to Prepare Windows for NemoClaw. - Windows-host Ollama setup inside WSL now requires the Docker Desktop WSL integration path. NemoClaw still shows Windows-host Ollama options when it detects them, but labels the Docker Desktop requirement and blocks unsupported native Docker-in-WSL selections before it tries to start or install Ollama. For more information, refer to Use a Local Inference Server (use the `nemoclaw-user-configure-inference` skill). -- NemoHermes can expose the optional native Hermes web dashboard separately from the OpenAI-compatible API. Set `NEMOCLAW_HERMES_DASHBOARD=1` before onboarding to start and forward the dashboard on port `9119`, with `NEMOCLAW_HERMES_DASHBOARD_PORT` and `NEMOCLAW_HERMES_DASHBOARD_TUI` available for port and TUI tab control. For more information, refer to NemoClaw Quickstart with Hermes (use the `nemoclaw-user-get-started` skill). +- NemoHermes can expose the optional native Hermes web dashboard separately from the OpenAI-compatible API. Set `NEMOCLAW_HERMES_DASHBOARD=1` before onboarding to start and forward the dashboard on port `9119`, with `NEMOCLAW_HERMES_DASHBOARD_PORT` and `NEMOCLAW_HERMES_DASHBOARD_TUI` available for port and TUI tab control. For more information, refer to NemoClaw Quickstart with Hermes. - Onboarding diagnostics include more copy-paste-ready recovery hints. Invalid sandbox names now include a `Try: ` line when NemoClaw can derive a valid name, and non-interactive NVIDIA Endpoints setup prints the exact `export NVIDIA_API_KEY=nvapi-...` shape when the key is missing. For more information, refer to NemoClaw CLI Commands Reference (use the `nemoclaw-user-reference` skill). - Homebrew stays on the Linuxbrew prefix while exposing installed formula commands in sandbox shell sessions, the `/nemoclaw` slash command activates at OpenClaw startup again, Hermes rebuilds tolerate older release tarballs that lack optional UI package lockfiles, and device scope-upgrade approvals recover without being pinned to the old gateway-scoped request. For more information, refer to Common NemoClaw Integration Policy Examples (use the `nemoclaw-user-manage-policy` skill). - The host-gateway allowance for OpenClaw `web_fetch` is confined to the trusted proxy path, while strict and direct paths continue to block host-gateway names. Hermes Provider onboarding skips the host-side smoke probe only for OAuth-backed setup and keeps direct validation for Nous API key setup. For more information, refer to NemoClaw Inference Options (use the `nemoclaw-user-configure-inference` skill). @@ -249,20 +262,20 @@ NemoClaw v0.0.38 improves several day-two workflows: Starting with NemoClaw v0.0.34, the `curl -fsSL https://www.nvidia.com/nemoclaw.sh | bash` installer pipeline no longer auto-accepts the third-party software notice when stdin is piped and `/dev/tty` is unavailable (for example, deeply detached SSH sessions or some container shells). In environments without a TTY, accept upfront in the pipe: -```console -$ curl -fsSL https://www.nvidia.com/nemoclaw.sh | NEMOCLAW_ACCEPT_THIRD_PARTY_SOFTWARE=1 bash +```bash +curl -fsSL https://www.nvidia.com/nemoclaw.sh | NEMOCLAW_ACCEPT_THIRD_PARTY_SOFTWARE=1 bash ``` Or pass the flag through to the installer: -```console -$ curl -fsSL https://www.nvidia.com/nemoclaw.sh | bash -s -- --yes-i-accept-third-party-software +```bash +curl -fsSL https://www.nvidia.com/nemoclaw.sh | bash -s -- --yes-i-accept-third-party-software ``` Or re-run from a terminal with a controlling TTY: -```console -$ bash <(curl -fsSL https://www.nvidia.com/nemoclaw.sh) +```bash +bash <(curl -fsSL https://www.nvidia.com/nemoclaw.sh) ``` The installer error message in v0.0.35+ surfaces all three invocations directly so users can copy-paste a recovery without leaving the terminal. diff --git a/.agents/skills/nemoclaw-user-reference/SKILL.md b/.agents/skills/nemoclaw-user-reference/SKILL.md index c1791c9e14..e353119472 100644 --- a/.agents/skills/nemoclaw-user-reference/SKILL.md +++ b/.agents/skills/nemoclaw-user-reference/SKILL.md @@ -1,6 +1,6 @@ --- name: "nemoclaw-user-reference" -description: "Describes the NemoClaw plugin and blueprint architecture and how they orchestrate the OpenClaw sandbox. Use when looking up architecture, plugin structure, or blueprint design. Trigger keywords - nemoclaw architecture, nemoclaw plugin blueprint structure, nemoclaw vs openshell, which cli, nemoclaw cli, openshell cli, sandbox commands, nemoclaw cli commands, nemoclaw command reference, nemoclaw network policy, sandbox egress control operator approval, nemoclaw troubleshooting, nemoclaw debug sandbox issues." +description: "Describes the NemoClaw integration layer and blueprint architecture and how they orchestrate compatible agent sandboxes. Use when looking up architecture, agent integration, plugin structure, or blueprint design. Trigger keywords - nemoclaw architecture, nemoclaw agent architecture, nemoclaw plugin blueprint structure, nemoclaw vs openshell, which cli, nemoclaw cli, openshell cli, sandbox commands, nemohermes cli commands, hermes command reference, nemohermes command reference, nemoclaw cli commands, nemoclaw command reference, nemoclaw network policy, sandbox egress control operator approval, nemoclaw troubleshooting, nemoclaw debug sandbox issues." license: "Apache-2.0" --- @@ -11,8 +11,9 @@ license: "Apache-2.0" ## References -- **Load [references/architecture.md](references/architecture.md)** when looking up architecture, plugin structure, or blueprint design. Describes the NemoClaw plugin and blueprint architecture and how they orchestrate the OpenClaw sandbox. +- **Load [references/architecture.md](references/architecture.md)** when looking up architecture, agent integration, plugin structure, or blueprint design. Describes the NemoClaw integration layer and blueprint architecture and how they orchestrate compatible agent sandboxes. - **[references/cli-selection-guide.md](references/cli-selection-guide.md)** — Explains when to use `nemoclaw` versus `openshell` for NemoClaw-managed sandboxes, including lifecycle, inference, policy, monitoring, file transfer, and gateway operations. -- **Load [references/commands.md](references/commands.md)** when looking up a specific `nemoclaw` or `/nemoclaw` subcommand, flag, argument, or exit code. Includes the full CLI reference for slash commands and standalone NemoClaw commands. +- **Load [references/commands-nemohermes.md](references/commands-nemohermes.md)** when looking up a specific `nemohermes` subcommand, flag, argument, or exit code. Includes the full CLI reference for standalone NemoHermes commands and Hermes-specific in-sandbox commands. +- **Load [references/commands.md](references/commands.md)** when looking up a specific `nemoclaw`, `nemohermes`, or `/nemoclaw` subcommand, flag, argument, or exit code. Includes the full CLI reference for standalone NemoClaw commands and agent-specific in-sandbox commands. - **Load [references/network-policies.md](references/network-policies.md)** when looking up a specific default endpoint, filesystem path, or the runtime approval sequence NemoClaw applies on blocked requests. Covers the baseline network policy, filesystem rules, and operator approval flow. - **Load [references/troubleshooting.md](references/troubleshooting.md)** when diagnosing a reported NemoClaw error, a failed onboard, or unexpected sandbox behavior. Lists fixes for common installation, onboarding, and runtime issues. diff --git a/.agents/skills/nemoclaw-user-reference/references/architecture.md b/.agents/skills/nemoclaw-user-reference/references/architecture.md index 07e193434a..718c06380a 100644 --- a/.agents/skills/nemoclaw-user-reference/references/architecture.md +++ b/.agents/skills/nemoclaw-user-reference/references/architecture.md @@ -2,11 +2,11 @@ # Architecture Details -NemoClaw combines a host CLI, a TypeScript plugin that runs with OpenClaw inside the sandbox, and a versioned YAML blueprint that defines the sandbox image, policies, and inference profiles applied through OpenShell. +NemoClaw combines a host CLI, an in-sandbox integration layer, and a versioned YAML blueprint that defines the sandbox image, policies, and inference profiles applied through OpenShell. ## System Overview -NVIDIA OpenShell is a general-purpose agent runtime. It provides sandbox containers, a credential-storing gateway, inference proxying, and policy enforcement, but has no opinions about what runs inside. NemoClaw is an opinionated reference stack built on OpenShell that handles what goes in the sandbox and makes the setup accessible. +NVIDIA OpenShell is a general-purpose agent runtime. It provides sandbox containers, a credential-storing gateway, inference proxying, and policy enforcement, but has no opinions about what runs inside. NemoClaw is an opinionated reference stack built on OpenShell that handles what goes in the sandbox, prepares agent-specific integration, and makes the setup accessible. ```mermaid graph LR @@ -42,8 +42,8 @@ graph LR subgraph SANDBOX["Sandbox Container 🔒"] direction TB - AGENT["Agent
OpenClaw or any
compatible agent"]:::agent - PLUG["NemoClaw Plugin
Extends agent with
managed configuration"]:::sandbox + AGENT["Compatible Agent
OpenClaw, Hermes,
or another supported runtime"]:::agent + PLUG["NemoClaw Integration
Managed configuration
and runtime context"]:::sandbox end end end @@ -91,7 +91,7 @@ graph TB subgraph DOCKER["Docker daemon"] direction TB - SANDBOX["Sandbox container 🔒
Landlock + seccomp + netns
OpenClaw agent + NemoClaw plugin"]:::sandbox + SANDBOX["Sandbox container 🔒
Landlock + seccomp + netns
Compatible agent + NemoClaw integration"]:::sandbox end end @@ -115,44 +115,33 @@ Layering from top to bottom: | Host CLI | Host process (`nemoclaw` on Node.js) | Orchestrates OpenShell via `openshell` CLI calls. | | OpenShell gateway | Host process by default; optional Linux compatibility container when the gateway binary needs a newer host ABI | Hosts the credential store, owns sandbox lifecycle coordination, and provides the L7 proxy. | | Docker daemon | Host service | Runs the Docker-driver sandbox container and, on affected Linux hosts, the optional gateway compatibility container. | -| Sandbox container | Docker container | Runs the OpenClaw agent and the NemoClaw plugin under Landlock + seccomp + netns. | +| Sandbox container | Docker container | Runs the selected compatible agent and NemoClaw integration under Landlock + seccomp + netns. | | OpenShell L7 proxy | Gateway process | Intercepts agent egress and rewrites `Authorization` headers (Bearer/Bot) and URL-path segments to inject the real credential at the network boundary. | NemoClaw never gives the sandbox a raw provider key. At onboard time it registers credentials with OpenShell's provider/placeholder system, and the L7 proxy substitutes the real value into outbound requests at egress. -The CLI helper `isInferenceRouteReady` (in `src/lib/onboard.ts`) is a host-side readiness check used by the resume flow to decide whether the active route already covers the chosen provider and model — it is not a runtime component. +The CLI helper `isInferenceRouteReady` (in `src/lib/onboard.ts`) is a host-side readiness check used by the resume flow to decide whether the active route already covers the chosen provider and model. +It is not a runtime component. For the DGX Spark-specific variant of this topology (cgroup v2, aarch64, unified memory), refer to the [NVIDIA Spark playbook](https://build.nvidia.com/spark/nemoclaw). -## NemoClaw Plugin +## NemoClaw Agent Integration -The plugin is a thin TypeScript package that registers an inference provider and the `/nemoclaw` slash command. -It runs in-process with the OpenClaw gateway inside the sandbox. -It also registers runtime hooks that keep the agent aware of its environment. -Before an agent turn starts, the plugin prepends a short context block with the active sandbox name, sandbox phase, network policy summary, and filesystem policy summary. +NemoClaw integrates with each supported agent through a runtime layer that adapts the agent to OpenShell-managed providers, policies, and sandbox state. +The concrete files differ by agent because each runtime has its own plugin system, config format, state layout, and startup command. + +| Agent | Integration files | Runtime behavior | +|---|---|---| +| OpenClaw | `nemoclaw/openclaw.plugin.json`, `nemoclaw/src/runtime-context.ts`, and the TypeScript package under `nemoclaw/src/` | Registers the `/nemoclaw` slash command, adds the NemoClaw inference provider, and injects sandbox and policy context into OpenClaw turns. | +| Hermes | `agents/hermes/manifest.yaml`, `agents/hermes/plugin/plugin.yaml`, `agents/hermes/generate-config.ts`, `agents/hermes/config/`, and `agents/hermes/start.sh` | Declares the Hermes agent contract, installs the NemoClaw Hermes plugin, writes `/sandbox/.hermes/config.yaml` and `/sandbox/.hermes/.env`, and launches `hermes gateway run` behind the OpenShell proxy. | + +The OpenClaw integration is a thin TypeScript plugin that runs in-process with the OpenClaw gateway inside the sandbox. +Before an OpenClaw turn starts, the plugin prepends a short context block with the active sandbox name, sandbox phase, network policy summary, and filesystem policy summary. When the policy or phase changes during a session, the plugin sends a smaller update block instead of repeating the full context. -```text -nemoclaw/ -├── src/ -│ ├── index.ts Plugin entry: registers all commands -│ ├── cli.ts Commander.js subcommand wiring -│ ├── runtime-context.ts Sandbox and policy context injection -│ ├── commands/ -│ │ ├── launch.ts Fresh install into OpenShell -│ │ ├── connect.ts Interactive shell into sandbox -│ │ ├── status.ts Blueprint run state + sandbox health -│ │ ├── logs.ts Stream blueprint and sandbox logs -│ │ └── slash.ts /nemoclaw chat command handler -│ └── blueprint/ -│ ├── resolve.ts Version resolution, cache management -│ ├── fetch.ts Download blueprint from OCI registry -│ ├── verify.ts Digest verification, compatibility checks -│ ├── exec.ts Subprocess execution of blueprint runner -│ └── state.ts Persistent state (run IDs) -├── openclaw.plugin.json Plugin manifest -└── package.json Commands declared under openclaw.extensions -``` +The Hermes integration follows the generic agent-manifest path instead of the OpenClaw plugin package path. +The manifest declares Hermes' binary, health probe, config directory, state directories, messaging support, and OpenAI-compatible API endpoint. +The build-time config generator turns NemoClaw onboarding choices into Hermes YAML and environment files, and the Hermes plugin manifest exposes NemoClaw tools and an `on_session_start` hook. ## NemoClaw Blueprint @@ -166,10 +155,13 @@ nemoclaw-blueprint/ ├── model-specific-setup/ Agent-scoped model/provider compatibility manifests ├── router/ Model Router config and routing engine ├── policies/ -│ └── openclaw-sandbox.yaml Default network + filesystem policy +│ └── openclaw-sandbox.yaml Default network + filesystem policy for the OpenClaw profile ``` -The blueprint runtime (TypeScript) lives in the plugin source tree: +Hermes keeps its agent-owned image, plugin, config, entrypoint, and policy additions under `agents/hermes/`. +The default Hermes policy starts from `agents/hermes/policy-additions.yaml`. + +The current blueprint runner implementation lives in the `nemoclaw/` TypeScript package: ```text nemoclaw/src/blueprint/ @@ -189,8 +181,8 @@ flowchart LR D --> E[status] ``` -1. Resolve. The plugin locates the blueprint artifact and checks the version against `min_openshell_version` and `min_openclaw_version` constraints in `blueprint.yaml`. -2. Verify. The plugin checks the artifact digest against the expected value. +1. Resolve. The integration layer locates the blueprint artifact and checks the version against the OpenShell and agent runtime constraints in `blueprint.yaml`. +2. Verify. The integration layer checks the artifact digest against the expected value. 3. Plan. The runner determines what OpenShell resources to create or update, such as the gateway, providers, sandbox, inference route, and policy. 4. Apply. The runner executes the plan by calling `openshell` CLI commands. 5. Status. The runner reports current state. @@ -203,11 +195,11 @@ base image and layers the NemoClaw runtime Dockerfile on top. The direct bluepri runner still carries a pinned OpenShell Community OpenClaw image for legacy `openshell sandbox create --from` compatibility. Inside the sandbox: -- OpenClaw runs with the NemoClaw plugin pre-installed. +- The selected compatible agent runs with the NemoClaw integration layer installed or generated for that agent. - Inference calls are routed through OpenShell to the configured provider. -- Network egress is restricted by the baseline policy in `openclaw-sandbox.yaml`. +- Network egress is restricted by the baseline policy for the selected agent profile. - Filesystem access is confined to `/sandbox` and `/tmp` for read-write access, with system paths read-only. -- The NemoClaw plugin injects sandbox and policy context into agent turns so the agent can report policy blocks accurately. +- NemoClaw injects sandbox and policy context into agent turns when the selected agent supports runtime context hooks, so the agent can report policy blocks accurately. - The image exposes a Docker health check that probes the in-sandbox gateway, so container runtimes can report whether the agent service is responding. - The image includes common runtime compatibility helpers such as Homebrew and a `python` to `python3` symlink for tools that still invoke `python`. @@ -217,14 +209,14 @@ Inference requests from the agent never leave the sandbox directly. OpenShell intercepts them and routes to the configured provider: ```text -Agent (sandbox) ──▶ OpenShell gateway ──▶ NVIDIA Endpoint (build.nvidia.com) +Compatible agent (sandbox) ──▶ OpenShell gateway ──▶ Provider endpoint ``` When you select the Model Router provider, the OpenShell gateway routes to a host-side router process instead of a single upstream model. The router selects from the configured pool, then calls the upstream NVIDIA endpoint with the credential held outside the sandbox. Some model and provider combinations need agent-specific compatibility setup. -NemoClaw keeps those declarations under `nemoclaw-blueprint/model-specific-setup//` so OpenClaw and Hermes fixes can be tested and reviewed independently. +NemoClaw keeps those declarations under `nemoclaw-blueprint/model-specific-setup//` so fixes for each supported agent can be tested and reviewed independently. Refer to Inference Options (use the `nemoclaw-user-configure-inference` skill) for provider configuration details. diff --git a/.agents/skills/nemoclaw-user-reference/references/cli-selection-guide.md b/.agents/skills/nemoclaw-user-reference/references/cli-selection-guide.md index 0be1cf3147..c6e5ba7119 100644 --- a/.agents/skills/nemoclaw-user-reference/references/cli-selection-guide.md +++ b/.agents/skills/nemoclaw-user-reference/references/cli-selection-guide.md @@ -1,6 +1,6 @@ -# CLI Selection Guide +# Choose Between NemoClaw and OpenShell CLIs NemoClaw uses two host-side CLIs. Use `nemoclaw` for NemoClaw-managed workflows. @@ -21,52 +21,52 @@ Use `nemoclaw` for operations where NemoClaw adds product-specific state, safety - Install, onboard, or recreate a NemoClaw sandbox: - ```console - $ nemoclaw onboard - $ nemoclaw onboard --resume --recreate-sandbox + ```bash + nemoclaw onboard + nemoclaw onboard --resume --recreate-sandbox ``` - List, connect to, check, or delete NemoClaw-managed sandboxes: - ```console - $ nemoclaw list - $ nemoclaw my-assistant connect - $ nemoclaw my-assistant status - $ nemoclaw my-assistant logs --follow - $ nemoclaw my-assistant destroy + ```bash + nemoclaw list + nemoclaw my-assistant connect + nemoclaw my-assistant status + nemoclaw my-assistant logs --follow + nemoclaw my-assistant destroy ``` - Rebuild or upgrade while preserving workspace state: - ```console - $ nemoclaw my-assistant rebuild - $ nemoclaw upgrade-sandboxes --check + ```bash + nemoclaw my-assistant rebuild + nemoclaw upgrade-sandboxes --check ``` - Snapshot, restore, or mount sandbox state: - ```console - $ nemoclaw my-assistant snapshot create --name before-change - $ nemoclaw my-assistant snapshot restore before-change - $ nemoclaw my-assistant share mount + ```bash + nemoclaw my-assistant snapshot create --name before-change + nemoclaw my-assistant snapshot restore before-change + nemoclaw my-assistant share mount ``` - Add or remove NemoClaw policy presets: - ```console - $ nemoclaw my-assistant policy-add pypi --yes - $ nemoclaw my-assistant policy-list - $ nemoclaw my-assistant policy-remove pypi --yes + ```bash + nemoclaw my-assistant policy-add pypi --yes + nemoclaw my-assistant policy-list + nemoclaw my-assistant policy-remove pypi --yes ``` - Manage NemoClaw messaging channels, credentials, diagnostics, and cleanup: - ```console - $ nemoclaw my-assistant channels add slack - $ nemoclaw credentials list - $ nemoclaw credentials reset nvidia-prod - $ nemoclaw debug --sandbox my-assistant - $ nemoclaw gc --dry-run + ```bash + nemoclaw my-assistant channels add slack + nemoclaw credentials list + nemoclaw credentials reset nvidia-prod + nemoclaw debug --sandbox my-assistant + nemoclaw gc --dry-run ``` ## Use `openshell` For OpenShell Operations @@ -75,40 +75,40 @@ Use `openshell` when the docs explicitly call for a live OpenShell gateway opera - Open the OpenShell TUI for network approvals and live activity: - ```console - $ openshell term + ```bash + openshell term ``` - Manage dashboard or service port forwards: - ```console - $ openshell forward start --background - $ openshell forward list + ```bash + openshell forward start --background + openshell forward list ``` - Inspect the underlying sandbox state: - ```console - $ openshell sandbox list - $ openshell sandbox get - $ openshell logs -n 20 - $ openshell doctor check + ```bash + openshell sandbox list + openshell sandbox get + openshell logs -n 20 + openshell doctor check ``` - Run one-off commands or move files without starting a NemoClaw chat session: - ```console - $ openshell sandbox exec -n -- ls -la /sandbox - $ openshell sandbox upload ./local-file /sandbox/ - $ openshell sandbox download /sandbox/output ./output + ```bash + openshell sandbox exec -n -- ls -la /sandbox + openshell sandbox upload ./local-file /sandbox/ + openshell sandbox download /sandbox/output ./output ``` - Inspect or replace raw OpenShell policy: - ```console - $ openshell policy get --full > live-policy.yaml - $ openshell policy update --add-endpoint api.example.com:443:read-only:rest:enforce - $ openshell policy set --policy live-policy.yaml + ```bash + openshell policy get --full > live-policy.yaml + openshell policy update --add-endpoint api.example.com:443:read-only:rest:enforce + openshell policy set --policy live-policy.yaml ``` `openshell policy update` merges specific endpoint and rule changes into the live sandbox policy. @@ -136,8 +136,8 @@ Use `openshell sandbox connect ` only when you intentionally want the raw For a one-off command, use `openshell sandbox exec` instead of opening an interactive shell. -```console -$ openshell sandbox exec -n my-assistant -- cat /tmp/gateway.log +```bash +openshell sandbox exec -n my-assistant -- cat /tmp/gateway.log ``` ### Check Health or Logs @@ -159,27 +159,27 @@ Approved endpoints are session-scoped unless you also add them to the policy thr Use the NemoClaw commands for model or provider inspection and switches so the OpenShell route and the running agent config stay consistent: -```console -$ nemoclaw inference get -$ nemoclaw inference set --provider nvidia-prod --model nvidia/nemotron-3-super-120b-a12b +```bash +nemoclaw inference get +nemoclaw inference set --provider nvidia-prod --model nvidia/nemotron-3-super-120b-a12b ``` For Hermes sandboxes, use the alias; it updates the route and `/sandbox/.hermes/config.yaml` without a rebuild or restart: -```console -$ nemohermes inference set --provider hermes-provider --model openai/gpt-5.4-mini +```bash +nemohermes inference set --provider hermes-provider --model openai/gpt-5.4-mini ``` For a build-time agent setting change, rerun onboarding so the sandbox configuration is recreated consistently: -```console -$ nemoclaw onboard --resume --recreate-sandbox +```bash +nemoclaw onboard --resume --recreate-sandbox ``` Verify either path with: -```console -$ nemoclaw status +```bash +nemoclaw status ``` ### Update Network Policy diff --git a/.agents/skills/nemoclaw-user-reference/references/commands-nemohermes.md b/.agents/skills/nemoclaw-user-reference/references/commands-nemohermes.md new file mode 100644 index 0000000000..13d10bd7ae --- /dev/null +++ b/.agents/skills/nemoclaw-user-reference/references/commands-nemohermes.md @@ -0,0 +1,1602 @@ + + +# NemoHermes CLI Commands Reference + +The `nemohermes` alias is the primary interface for managing Hermes sandboxes through NemoClaw. +It is installed automatically by the installer (`curl -fsSL https://www.nvidia.com/nemoclaw.sh | NEMOCLAW_AGENT=hermes bash`). +Most commands in this reference use the same arguments and subcommands across agent variants. +Use `nemohermes` when you want Hermes selected by default. +For guidance on choosing between the agent CLIs and the underlying `openshell` CLI, see [CLI Selection Guide](cli-selection-guide.md). + +## Agent Selection + +Use `nemohermes` for the Hermes variant. +It selects Hermes by default during onboarding and for other commands. +Use `--agent hermes` during onboarding or set `NEMOCLAW_AGENT=hermes` when you need the same selection through another entry point. +Hermes-specific sections below describe the OpenAI-compatible API endpoint, optional Hermes dashboard, Hermes config under `/sandbox/.hermes`, and provider updates that patch `config.yaml`. + +```bash +nemohermes onboard # selects Hermes by default +nemohermes my-sandbox connect # connects to a Hermes sandbox +``` + +## In-Sandbox Commands + +Hermes does not use the OpenClaw chat slash command. +Use the host-side `nemohermes` commands for lifecycle, status, policy, and inference operations. +The in-sandbox Hermes integration installs the NemoClaw Hermes plugin, which exposes tools for status, environment information, and skill reload support, plus an `on_session_start` hook. + +## Standalone Host Commands + +The CLI handles host-side operations that run outside the selected agent runtime. + +### `nemohermes help`, `nemohermes --help`, `nemohermes -h` + +Show the top-level usage summary and command groups. +Running `nemohermes` with no arguments shows the same help output. + +```bash +nemohermes help +``` + +### `nemohermes --version`, `nemohermes -v` + +Print the installed NemoClaw CLI version. + +```bash +nemohermes --version +``` + +### `nemohermes resources` + +Display host hardware inventory and configured sandbox resource profiles. +Use `--json` for machine-readable CPU, memory, GPU, Kubernetes allocatable-capacity, and profile data. + +```bash +nemohermes resources [--json] +``` + +If the gateway is not running, Kubernetes allocatable fields are omitted and host CPU/RAM totals are still shown. + +### `nemohermes onboard` + +Run the interactive setup wizard (recommended for new installs). +The wizard creates an OpenShell gateway, registers inference providers, builds the sandbox image, and creates the sandbox. +Use this command for new installs and for recreating a sandbox after changes to policy or configuration. + +```bash +nemohermes onboard [--non-interactive] [--resume | --fresh] [--recreate-sandbox] [--gpu | --no-gpu] [--from ] [--name ] [--sandbox-gpu | --no-sandbox-gpu] [--sandbox-gpu-device ] [--agent ] [--control-ui-port ] [--yes | -y] [--no-ollama-autostart] [--yes-i-accept-third-party-software] +``` + +For Hermes, use the alias or pass the agent explicitly: + +```bash +nemohermes onboard [options] +nemoclaw onboard --agent hermes [options] +``` + +#### `--resume` and `--fresh` + +NemoClaw records onboarding progress so interrupted runs can continue. +Use `--resume` to continue a resumable onboarding session with the provider, model, sandbox name, agent, and custom Dockerfile path recorded by the original run. +If the recorded session conflicts with flags you pass on the recovery run, NemoClaw exits and tells you to either rerun with the original settings or start over. + +Use `--fresh` to discard the saved onboarding session and start the wizard from the beginning. +This clears stale or failed session state before NemoClaw creates a new session record. +The installer also accepts `--fresh` and forwards it to `nemohermes onboard`, which skips automatic resume detection. +`--resume` and `--fresh` are mutually exclusive. + +**Warning:** + +For NemoClaw-managed environments, use `nemohermes onboard` when you need to create or recreate the OpenShell gateway or sandbox. +Avoid `openshell self-update`, `npm update -g openshell`, `openshell gateway start --recreate`, or `openshell sandbox create` directly unless you intend to manage OpenShell separately and then rerun `nemohermes onboard`. + +Use `--fresh` to ignore any saved onboarding session and restart the wizard from scratch. This is useful after an interrupted `nemohermes onboard` run when you want to discard saved state instead of continuing it with `--resume`. + +The installer detects existing sandbox sessions before onboarding and prints a warning if any are found. +To make the installer abort instead of continuing, set `NEMOCLAW_SINGLE_SESSION=1`: + +```bash +NEMOCLAW_SINGLE_SESSION=1 curl -fsSL https://www.nvidia.com/nemoclaw.sh | bash +``` + +When existing sandboxes were created with OpenShell earlier than `0.0.37`, the installer prompts before running the new automatic gateway upgrade path. +For scripted installs, set `NEMOCLAW_ACCEPT_EXPERIMENTAL_OPENSHELL_UPGRADE=1` to allow the installer to back up registered sandbox state, retire the old gateway, install the current supported OpenShell release, and restore state during onboarding. +The automatic path is disabled if the existing `nemohermes` CLI does not advertise `backup-all`; preserve sandbox state manually before retiring the old gateway in that case. +To perform those steps manually, run `nemohermes backup-all`, retire the old gateway registration with `openshell gateway remove nemoclaw || openshell gateway destroy -g nemoclaw || openshell gateway destroy` (both verbs are tried so the right one runs on either OpenShell release), stop any remaining privileged host gateway with `sudo pkill -f openshell-gateway`, then rerun the installer as `curl -fsSL https://www.nvidia.com/nemoclaw.sh | NEMOCLAW_OPENSHELL_UPGRADE_PREPARED=1 bash`. + +The wizard prompts for a provider first, then collects the provider credential if needed. +Supported non-experimental choices include NVIDIA Endpoints, OpenAI, Anthropic, Google Gemini, and compatible OpenAI or Anthropic endpoints. +Credentials are registered with the OpenShell gateway and never persisted to host disk. See Credential Storage (use the `nemoclaw-user-configure-security` skill) for details on inspection, rotation, and migration from earlier releases. +The legacy `nemohermes setup` command is deprecated; use `nemohermes onboard` instead. + +After provider selection, the wizard reviews the provider, model, credential state, and sandbox name before registering inference. +It then prompts for optional web search and messaging channels, builds and starts the sandbox, and asks for a **policy tier** that controls the default set of network policy presets applied to the sandbox. +Three tiers are available: + +| Tier | Description | +|------|-------------| +| Restricted | Base sandbox only. No third-party network access beyond inference and core agent tooling. | +| Balanced (default) | Full dev tooling and web search when the active agent supports web search. Package installs, model downloads, and inference. No messaging platform access. | +| Open | Broad access across third-party services including messaging and productivity. Agent-specific unsupported presets are filtered out. | + +After selecting a tier, the wizard shows a combined preset and access-mode screen where you can include or exclude individual presets and toggle each between read and read-write access. +For details on tiers and the presets each includes, see [Network Policies](network-policies.md#policy-tiers). + +In non-interactive mode, set the tier with `NEMOCLAW_POLICY_TIER` (default: `balanced`): + +```bash +NEMOCLAW_POLICY_TIER=restricted nemohermes onboard --non-interactive --yes-i-accept-third-party-software +``` + +`NEMOCLAW_POLICY_MODE` controls how non-interactive onboarding reconciles the tier-derived suggestions against the sandbox's currently-applied presets. +The default is `suggested`, which is *additive*. +Onboarding applies tier defaults and preserves any presets you previously added with [`nemohermes policy-add`](#nemohermes-name-policy-add) across re-onboards. +Use `custom` with `NEMOCLAW_POLICY_PRESETS` when you want the explicit list to be authoritative. +Onboarding removes any preset that is not in the list. +`skip` leaves the applied set untouched and does not apply tier defaults. +NemoClaw filters tier suggestions and resume selections by active agent support, so unsupported presets such as Brave Search are not reapplied to agents that do not support them. + +| Value | Behaviour | +|-------|-----------| +| `suggested` (default) | Apply tier defaults and preserve any extra presets already applied. Aliases: `default`, `auto`. | +| `custom` | Apply exactly `NEMOCLAW_POLICY_PRESETS`. Previously-applied presets not in the list are removed. Alias: `list`. | +| `skip` | Skip the policy step entirely. Aliases: `none`, `no`. | + +For non-interactive onboarding, you must explicitly accept the third-party software notice: + +```bash +nemohermes onboard --non-interactive --yes-i-accept-third-party-software +``` + +or: + +```bash +NEMOCLAW_ACCEPT_THIRD_PARTY_SOFTWARE=1 nemohermes onboard --non-interactive +``` + +For scripted installer runs, pass explicit acceptance to the `bash` side of the installer pipe: + +```bash +curl -fsSL https://www.nvidia.com/nemoclaw.sh | NEMOCLAW_NON_INTERACTIVE=1 NEMOCLAW_ACCEPT_THIRD_PARTY_SOFTWARE=1 bash +``` + +If the installer cannot prompt for the notice in a terminal and no explicit acceptance is set, it exits before installing Node.js or the NemoClaw CLI. + +To enable Brave Search in non-interactive mode, set: + +```bash +BRAVE_API_KEY=... \ + nemohermes onboard --non-interactive +``` + +`BRAVE_API_KEY` enables Brave Search in non-interactive mode and also enables `web_fetch`. +If Brave Search key validation fails in non-interactive mode, onboarding prints a warning, skips web search setup, and continues with the rest of the sandbox setup. +After fixing the key, re-enable web search with `nemohermes config web-search`. + +The wizard prompts for a sandbox name. +Names must be 1 to 63 characters, lowercase, start with a letter, contain only letters, numbers, and internal hyphens, and end with a letter or number. +The CLI rejects names that do not match these rules. +It also prints a `Try: ` recovery line whenever it can derive a valid lowercase, hyphen-separated form from the input, so passing `--name MyAssistant` reports `Try: myassistant`. +Names that match global CLI commands (`status`, `list`, `debug`, etc.) are rejected to avoid routing conflicts. +Use `--agent ` to target a specific installed agent profile during onboarding. + +Use `--control-ui-port ` to choose the host dashboard port for a sandbox. +The value must be an integer from `1024` through `65535`. +This flag takes precedence over `CHAT_UI_URL`, `NEMOCLAW_DASHBOARD_PORT`, the previous registry value, and the default port. + +If you enable Slack during onboarding, the wizard collects both the Bot Token (`SLACK_BOT_TOKEN`) and the App-Level Token (`SLACK_APP_TOKEN`). +Socket Mode requires both tokens. +The app-level token is stored in a dedicated `slack-app` OpenShell provider and forwarded to the sandbox alongside the bot token. +The wizard also accepts optional `SLACK_ALLOWED_USERS` and `SLACK_ALLOWED_CHANNELS` values so you can restrict Slack DMs, channel `@mention` users, and channel IDs before the sandbox image is built. + +If you enable Discord during onboarding, the wizard can also prompt for a Discord Server ID, whether the bot should reply only to `@mentions` or to all messages in that server, and an optional Discord User ID. +NemoClaw bakes those values into the sandbox image as Discord guild workspace config so the bot can respond in the selected server, not just in DMs. +If you leave the Discord User ID blank, the guild config omits the user allowlist and any member of the configured server can message the bot. +Guild responses remain mention-gated by default unless you opt into all-message replies. + +If you enable Telegram during onboarding, the wizard can also prompt for whether group chats should reply only to `@mentions` or to all group messages. +Set `TELEGRAM_REQUIRE_MENTION=1` for non-interactive onboarding when you want mention-only group replies. +Pairing and `TELEGRAM_ALLOWED_IDS` still govern direct messages. + +If you run onboarding again with the same sandbox name and choose a different inference provider or model, NemoClaw detects the drift and recreates the sandbox so the running agent config matches your selection. +In interactive mode, the wizard asks for confirmation before delete and recreate. +In non-interactive mode, NemoClaw recreates automatically when the stored selection is readable and differs; if NemoClaw cannot read the stored selection, NemoClaw reuses by default. +Set `NEMOCLAW_RECREATE_SANDBOX=1` to force recreation even when no drift is detected. + +Before deleting an existing sandbox during recreation, NemoClaw backs up the workspace state declared by the selected agent profile and restores it into the new sandbox once it is live. +This applies whether the existing sandbox is ready or marked not-ready, so cross-version upgrades that pass `NEMOCLAW_RECREATE_SANDBOX=1` no longer drop user files from the selected agent workspace. +The behaviour matches `nemohermes rebuild --force`. +NemoClaw aborts the recreate when the backup cannot complete in full — including when individual state directories or files fail mid-backup — so failed entries are not silently dropped on delete. +Set `NEMOCLAW_RECREATE_WITHOUT_BACKUP=1` to skip the pre-recreate backup. +The destination sandbox starts with a fresh workspace. + +For Hermes, the backed-up paths come from `agents/hermes/manifest.yaml`, including `/sandbox/.hermes` state such as memories, sessions, skills, plugins, cron, logs, plans, workspace, messaging platform state, and `runtime/state.db`. + +Before creating the gateway, the wizard runs preflight checks. +It verifies that Docker is reachable, warns on untested runtimes such as Podman, and prints host remediation guidance when prerequisites are missing. +The preflight also enforces the OpenShell version range declared in the blueprint (`min_openshell_version` and `max_openshell_version`). +If the installed OpenShell version falls outside this range, onboarding exits with an actionable error and a link to compatible releases. +For fresh OpenShell installs, NemoClaw queries published OpenShell releases and asks the installer to use a release that fits the blueprint range. +If release metadata is unavailable, the installer uses its bundled fallback pin and the post-install version gate still enforces the range. + +When NemoClaw finds an existing gateway to reuse, it probes the host gateway HTTP endpoint before declaring the gateway reusable. +If the container is running but the upstream is still warming up (for example, immediately after a Docker daemon restart), NemoClaw rebuilds the gateway instead of trusting stale metadata. +On the Docker-driver gateway path, preflight stays read-only when it detects a stale gateway (for example, a Docker-driver runtime env hash drift). +It prints a `⚠ Gateway will be recreated when sandbox creation starts` notice and defers the actual teardown to step `[2/8] Starting OpenShell gateway`. +This means pressing `Ctrl+C` between preflight and step `[2/8]` leaves the running gateway and existing sandbox containers untouched, so `nemohermes onboard` is safe to run just to check preflight output. +For Linux Docker-driver gateways, onboarding also checks that a helper container on the OpenShell Docker network can reach `host.openshell.internal:`. +If a host firewall blocks that sandbox path, onboarding exits with a `sudo ufw allow from to port proto tcp` command before it reports the gateway healthy. +Set `NEMOCLAW_AUTO_FIX_FIREWALL=1` to opt in to automatic UFW remediation for this specific failure: NemoClaw uses `sudo -n` only, validates the Docker bridge subnet/gateway/port, applies the narrow UFW rule only after a proven TCP reachability failure, and re-probes before continuing. +If passwordless sudo, UFW, or active UFW is unavailable, NemoClaw falls back to the manual guidance path without prompting for a password. +Tune the wait via `NEMOCLAW_REUSE_HEALTH_POLL_COUNT` (default `6`) and `NEMOCLAW_REUSE_HEALTH_POLL_INTERVAL` (default `5` seconds). +The poll count is clamped to a minimum of `1` so the probe always runs at least once, and the interval is clamped to a minimum of `0` (no sleep between attempts). + +#### `--from ` + +Build the sandbox image from a custom Dockerfile instead of the stock NemoClaw image. +The entire parent directory of the specified file is used as the Docker build context, so any files your Dockerfile references (scripts, config, etc.) must live alongside it. +Onboarding skips common large directories (`node_modules`, `.git`, `.venv`, and `__pycache__`) while staging this context. +It also skips credential-style files and directories such as `.env*`, `.ssh/`, `.aws/`, `.netrc`, `.npmrc`, `secrets/`, `*.pem`, and `*.key`. +Other build outputs such as `dist/`, `target/`, or `build/` are still included. +If the staged context is larger than 100 MB, onboarding prints a warning before the Docker build starts. +If the directory contains unreadable files (for example, Windows system files visible in WSL), onboarding exits with an error suggesting you move the Dockerfile to a dedicated directory. + +```bash +nemohermes onboard --from path/to/Dockerfile +``` + +The Dockerfile path must exist. +Missing paths fail during command parsing before preflight, gateway setup, inference setup, or sandbox creation starts. + +The file can have any name; if it is not already named `Dockerfile`, onboard copies it to `Dockerfile` inside the staged build context automatically. +To create an isolated build context, create a dedicated directory that contains only the Dockerfile and the files it needs: + +```text +build-dir/ +├── Dockerfile +└── files-used-by-COPY/ +``` + +All NemoClaw build arguments (`NEMOCLAW_MODEL`, `NEMOCLAW_PROVIDER_KEY`, `NEMOCLAW_INFERENCE_BASE_URL`, etc.) are injected as `ARG` overrides at build time, so declare them in your Dockerfile if you need to reference them. + +In non-interactive mode, the path can also be supplied via the `NEMOCLAW_FROM_DOCKERFILE` environment variable. +You must also supply a sandbox name via `--name ` or `NEMOCLAW_SANDBOX_NAME` so a `--from` build cannot silently clobber the default `my-assistant` sandbox. + +```bash +NEMOCLAW_NON_INTERACTIVE=1 NEMOCLAW_FROM_DOCKERFILE=path/to/Dockerfile NEMOCLAW_SANDBOX_NAME=my-build nemohermes onboard +``` + +If a `--resume` is attempted with a different `--from` path than the original session, onboarding exits with a conflict error rather than silently building from the wrong image. + +#### `--name ` + +Set the sandbox name without going through the interactive prompt. +The same name format and reserved-name rules that the wizard enforces apply here too. Names must be 1 to 63 characters, lowercase, start with a letter, contain only letters, numbers, and internal hyphens, and end with a letter or number. +Names that match a NemoClaw CLI command (`status`, `list`, `debug`, etc.) are rejected up front. + +```bash +nemohermes onboard --non-interactive --name my-build --from path/to/Dockerfile +``` + +The flag wins over `NEMOCLAW_SANDBOX_NAME`. +When prompting is possible, `NEMOCLAW_SANDBOX_NAME` fills the interactive default so you can press Enter to accept it. +When prompting is impossible (no TTY or `--non-interactive`), the env var is also honoured so existing CI scripts keep working. +Combining `--from ` with non-interactive onboarding requires one of `--name` or `NEMOCLAW_SANDBOX_NAME`; otherwise onboarding exits rather than silently defaulting to `my-assistant` and clobbering the default sandbox. + +### `nemohermes onboard --from` + +Use a custom Dockerfile for the sandbox image. +This variant of `nemohermes onboard` accepts a `--from ` argument to build the sandbox from a user-supplied Dockerfile instead of the default NemoClaw image. + +```bash +nemohermes onboard --from ./Dockerfile.custom +``` + +### GPU passthrough + +When `nemohermes onboard` detects an NVIDIA GPU on the host, it enables OpenShell GPU passthrough at both the gateway and sandbox level by default. +Detection proceeds along two paths. The `nvidia-smi`-based paths (the primary `--query-gpu=name,memory.total,memory.free` probe and the unified-memory `--query-gpu=name` fallback) require `nvidia-smi` to succeed and, on hosts whose firmware does not classify as a known NVIDIA platform (DGX Spark, DGX Station, Jetson, or Tegra), additionally require that the GPU name does not match the placeholder family observed on the Windows-on-ARM WSL2 nvidia-smi shim (`JMJWOA-Generic-*`) and that either the host is not ARM64 Linux (the observed shim is Windows-on-ARM only) or the NVIDIA kernel driver is bound (`/proc/driver/nvidia/` present), so that placeholder shims on non-NVIDIA hardware are not mistaken for real GPUs. +Jetson/Tegra hosts that ship without `nvidia-smi` continue to be detected via the devicetree firmware fallback (`/sys/firmware/devicetree/base/model`) or the Tegra device-node fallback (`/dev/nvhost-gpu`, `/dev/nvhost-ctrl-gpu`, `/dev/nvhost-ctrl`, or `/dev/nvmap`); both bypass the trust-tier gate above. +Use `--no-gpu` to opt out when you want host-side inference providers only and do not need direct GPU access inside the sandbox. +Use `--gpu` to require GPU passthrough and fail fast if an NVIDIA GPU is not detected. +Use `--sandbox-gpu` or `--no-sandbox-gpu` to control only direct NVIDIA GPU access inside the sandbox. +Use `--sandbox-gpu --sandbox-gpu-device ` to pass a specific OpenShell GPU device selector to `openshell sandbox create`; device selectors require explicit sandbox GPU enablement. +On Linux Docker-driver gateways, NemoClaw can create the sandbox first and then recreate the OpenShell-managed Docker container with NVIDIA GPU access when that compatibility path is needed. +If the patch fails, onboarding keeps diagnostics and prints a manual cleanup command rather than deleting the failed sandbox automatically. + +Prerequisites: + +- Ensure NVIDIA GPU drivers are installed and working. + - On generic NVIDIA hosts, `nvidia-smi` must succeed. + - On Jetson/Tegra hosts shipping without `nvidia-smi`, the devicetree firmware fallback substitutes. +- NVIDIA Container Toolkit configured for Docker. + +When GPU passthrough is enabled and a gateway already exists without it, onboarding first checks whether replacing the CPU-only gateway is safe. +If no other registered sandbox depends on that gateway, or if `--recreate-sandbox` is recreating the only registered sandbox with the same name, onboarding cleans up the stale gateway and continues. +If other sandboxes depend on the gateway or Docker state is unclear, onboarding exits without cleanup and prints targeted destroy or gateway-removal guidance. +To add GPU to an existing sandbox, rerun with `--recreate-sandbox`. +Set `NEMOCLAW_DOCKER_GPU_PATCH=0` only when you need to bypass the Linux Docker-driver compatibility patch during troubleshooting. + +### `nemohermes list` + +List all registered sandboxes with their model, provider, and policy presets. +Pass `--json` for machine-readable output that includes a `schemaVersion`, the default sandbox, recovery metadata, and the sandbox inventory. +Sandboxes with an active SSH session are marked with a `●` indicator so you can tell at a glance which sandbox you are already connected to in another terminal. +When a sandbox has a recorded dashboard port, the output includes its local dashboard URL. + +```bash +nemohermes list [--json] +nemohermes list --json +``` + +### `nemohermes deploy` + +**Warning:** + +The `nemohermes deploy` command is deprecated. +Prefer provisioning the remote host separately, then running the standard NemoClaw installer and `nemohermes onboard` on that host. + +Deploy NemoClaw to a remote GPU instance through [Brev](https://brev.nvidia.com). +This command remains as a compatibility wrapper for the older Brev-specific bootstrap flow. +The Brev instance name is the positional argument. +The sandbox name comes from `NEMOCLAW_SANDBOX_NAME` and defaults to `my-assistant`; invalid sandbox names fail before Brev provisioning starts. + +```bash +nemohermes deploy +``` + +### `nemohermes connect` + +Connect to a sandbox by name. +If the sandbox is not yet in the `Ready` phase, `connect` polls `openshell sandbox list` every few seconds and prints the current phase. This gives you progress output right after onboarding, when the 2.4 GB image is still pulling, instead of a silent hang. +Control the wait budget with `NEMOCLAW_CONNECT_TIMEOUT` (integer seconds, default `120`). When the deadline expires, `connect` exits non-zero with the last-seen phase. + +On a TTY, a one-shot hint prints before dropping into the sandbox shell. +The hint is agent-aware. It names the correct TUI command for the sandbox's agent and reminds you to use `/exit` to leave the chat before `exit` returns you to the host shell. +Set `NEMOCLAW_NO_CONNECT_HINT=1` to suppress the hint in scripted workflows. +If the sandbox is running an outdated agent version, a non-blocking warning prints before connecting with a `nemohermes rebuild` hint. +If another terminal is already connected to the sandbox, `connect` prints a note with the number of existing sessions before proceeding. Multiple concurrent sessions are allowed. + +`connect` does not pull or serve a model itself, but it does inspect `NEMOCLAW_VLLM_MODEL` if you exported it for the managed-vLLM install path. +An unknown slug or a gated model (for example `deepseek-r1-distill-70b`) with no `HF_TOKEN` or `HUGGING_FACE_HUB_TOKEN` exits non-zero with the same error the installer would emit, before any sandbox readiness probe or SSH attach. +Unset the variable, or supply the missing token, before retrying. + +After a host reboot, the OpenShell gateway rotates its SSH host keys. +`connect` detects the resulting identity drift, prunes stale `openshell-*` entries from `~/.ssh/known_hosts`, and retries automatically. +You no longer need to re-run `nemohermes onboard` after a reboot in this case. + +```bash +nemohermes my-assistant connect [--probe-only] +``` + +The `--probe-only` flag verifies the sandbox is reachable over SSH and exits without opening a shell. +Use it for health checks and scripted readiness probes. + +### `nemohermes exec` + +Run a single command non-interactively in a running sandbox via the OpenShell exec endpoint. +The command runs as the sandbox user with `HOME=/sandbox`, so in-sandbox tooling resolves NemoClaw-provisioned config the same way it does for `connect` and `openshell sandbox connect`. +This is the supported substitute for `docker exec` on the sandbox container; raw `docker exec` runs as root and lands on `HOME=/root`, where the selected agent config is not present. + +Hermes config resolves under `/sandbox/.hermes`. + +```bash +nemohermes my-assistant exec -- hermes --version +nemohermes my-assistant exec --workdir /sandbox/workspace -- ls -la +``` + +Everything after `--` is forwarded verbatim to the sandbox command, including flags the inner command needs. +The exit code is the remote command's exit code. + +| Flag | Description | +|------|-------------| +| `--workdir ` | Working directory inside the sandbox | +| `--tty` / `--no-tty` | Allocate a pseudo-terminal; defaults to auto-detection (on when stdin and stdout are terminals) | +| `--timeout ` | Timeout in seconds (`0` means no timeout) | + +### `nemohermes recover` + +Restart the in-sandbox gateway and re-establish the host-side dashboard port-forward without opening an SSH session. +Use this after a sandbox pod restart, a sandbox crash, or whenever `nemohermes status` reports the gateway is not running but the sandbox is alive. + +`recover` runs the same recovery the `connect` command performs as a side effect, but without dropping into a shell, so it is safe to call from scripts and automation. +It is idempotent. +If the gateway is already running, the command exits zero with a probe message and makes no changes. + +```bash +nemohermes my-assistant recover +``` + +### `nemohermes status` + +Show sandbox status, health, and inference configuration. + +Pass `--json` to emit a structured per-sandbox report instead of the text renderer. +The JSON output includes at least `schemaVersion`, `name`, `found`, `model`, `provider`, `phase`, `gatewayState`, `inferenceHealth`, `rpcIssue`, `hostGpuDetected`, `sandboxGpuEnabled`, `sandboxGpuMode`, `sandboxGpuDevice`, `openshellDriver`, `openshellVersion`, `policies`, `failureLayer`, and `dockerPaused`. +`openshellDriver` and `openshellVersion` are always strings (falling back to `"unknown"` when the registry has no value), so consumers can rely on `typeof` checks. +`failureLayer` is `null` when no preflight failure was detected and otherwise one of `docker_unreachable`, `sandbox_container_stopped`, or `sandbox_dashboard_port_conflict`; when set, `inferenceHealth` is suppressed to `null` so automation does not see a stale remote-provider healthy status during a local outage. +The command exits non-zero when the sandbox is missing locally, the gateway state is not `present`, the gateway reports a schema/protobuf mismatch (mirrored as `rpcIssue`), or `failureLayer` is non-null. +The alias form `nemohermes status --json` requires the sandbox to be registered locally; the canonical form `nemohermes sandbox status --json` is the one to use from automation that may run against an unknown sandbox name, since it still emits a JSON document with `found: false` instead of a text error. + +```bash +nemohermes my-assistant status +nemohermes my-assistant status --json +nemohermes sandbox status my-assistant --json +``` + +The command probes every inference provider and reports one of three states on the `Inference` line: + +| State | Meaning | +|-------|---------| +| `healthy` | The provider endpoint returned a reachable response. | +| `unreachable` | The probe failed. The output includes the endpoint URL and a remediation hint. | +| `not probed` | The endpoint URL is not known (for example, `compatible-*` providers). | +| `not verified` | NemoClaw could not verify the sandbox or gateway state, so it skips inference probing. | + +Local providers (Ollama, vLLM) probe the host-side health endpoint. +Remote providers (NVIDIA Endpoints, OpenAI, Anthropic, Gemini) use a lightweight reachability check; any HTTP response, including `401` or `403`, counts as reachable. +No API keys are sent. + +For Local Ollama, the command also probes the authenticated proxy and prints an `Inference (auth proxy)` line when a proxy token is available. +Use that line to distinguish a healthy backend from a broken proxy path that the sandbox uses for inference. + +For cloud-only providers, the output omits the NIM status line unless a NIM container is registered or an unexpected NIM container is running. + +When the sandbox's recorded driver is `docker` and the host Docker daemon is not reachable, the command prints `Failure layer: docker_unreachable — Docker daemon is not reachable.` as the first line of stdout, suppresses the host-side `Inference` probe (which otherwise hits the remote provider directly and is misleading when the local stack is down), and exits with a non-zero status. + +When the host Docker daemon is reachable but the per-sandbox container is stopped, the command prints `Failure layer: sandbox_container_stopped — sandbox container exists but is not running.` as the first line of stdout, suppresses the host-side `Inference` probe, and exits with a non-zero status. +If the sandbox's recorded dashboard port is also held by a foreign listener, the header escalates to `Failure layer: sandbox_dashboard_port_conflict — sandbox container is stopped and the dashboard port is held by a foreign listener.` so the operator can recover the port before restarting the sandbox. + +If the sandbox or gateway cannot be verified, the command exits non-zero instead of reporting healthy inference from stale registry state. +Gateway and dashboard health checks treat HTTP `401` from device auth as a live service, not as an offline gateway. + +A `Connected` line reports whether the sandbox has any active SSH sessions and, if so, how many. +The sandbox list in the status output includes the dashboard port suffix for sandboxes with a recorded dashboard port. + +The Policy section displays the live enforced policy (fetched via `openshell policy get --full`), which reflects presets added or removed after sandbox creation. +When OpenShell reports an active policy version, the displayed YAML `version` line uses that active version instead of the static schema version. +If the sandbox is running an outdated agent version, the output includes an `Update` line with the available version and a `nemohermes rebuild` hint. + +When other sandboxes have the same messaging channel enabled (Telegram, Discord, or Slack) with the same bot token, the output includes a cross-sandbox overlap warning so you can resolve the conflict before messages start dropping. +The command also tails `/tmp/gateway.log` inside the default sandbox and flags Telegram `409 Conflict` errors that indicate a duplicate consumer for the bot token. + +```bash +nemohermes my-assistant status +``` + +#### Checking the Hermes version + +NemoClaw pins the Hermes version inside the sandbox image at build time, not at runtime. +The Hermes agent manifest declares the expected version and the `hermes --version` probe command. +Existing sandboxes do not auto-upgrade when a newer NemoClaw release ships a newer Hermes pin; you upgrade by rebuilding the sandbox. + +`nemohermes status` prints the running Hermes version on the `Agent` line: + +```console +$ nemohermes my-assistant status +... + Agent: Hermes v2026.5.16 +... +``` + +If the sandbox is running an older Hermes version than this NemoClaw release expects, `status` and `connect` add an `Update` line pointing at `nemohermes rebuild` to pick up the newer version. +The rebuild reuses the existing sandbox name and persisted credentials, so messaging tokens and provider keys carry over. + +### `nemohermes doctor` + +Run a focused health check for one sandbox and the host services it depends on. +The command checks the local CLI build, Docker daemon, OpenShell CLI, NemoClaw gateway container, gateway port mapping, live sandbox state, inference route, provider reachability, messaging channel conflicts, Ollama reachability, and the cloudflared tunnel state. + +Warnings do not make the command fail. +Failed checks exit non-zero so scripts can use `doctor` as a readiness gate. +Use `--json` for machine-readable output. + +```bash +nemohermes my-assistant doctor [--json] +``` + +### `nemohermes logs` + +View sandbox logs. +Use `--follow` to stream output in real time. +Use `--tail ` or `-n ` to limit the number of returned lines. +Use `--since ` to show recent logs only, such as `5m`, `1h`, or `30s`. +The command reads both agent gateway output and OpenShell audit events, so policy denials appear alongside the gateway log stream. +If one log source is unavailable, NemoClaw prints a warning and keeps reading the remaining source. +NemoClaw's `--tail ` flag is a line-count flag; the lower-level `openshell logs --tail` flag means follow live output, so use `openshell logs -n ` when running OpenShell directly for a fixed line count. + +```bash +nemohermes my-assistant logs [--follow] [--tail |-n ] [--since ] +``` + +### `nemohermes dashboard-url` + +`dashboard-url` is not applicable to Hermes sandboxes because Hermes exposes an OpenAI-compatible API endpoint instead of the OpenClaw dashboard URL. +Use `nemohermes my-assistant status` to find the forwarded API endpoint. +The Hermes API remains on port `8642` and uses `/v1` for OpenAI-compatible clients. +If you enabled `NEMOCLAW_HERMES_DASHBOARD=1`, use the optional Hermes dashboard port from the status output instead. + +### `nemohermes gateway-token` + +`gateway-token` is not applicable to Hermes sandboxes. +Hermes API access uses bearer-token authentication configured through the Hermes runtime, not the OpenClaw gateway token. +If you need the endpoint for an OpenAI-compatible client, use `nemohermes my-assistant status` and the API URL it reports. + +### `nemohermes destroy` + +Stop the NIM container, remove the host-side Docker image built during onboard, and delete the sandbox. +This removes the sandbox from the registry. +For Ollama-backed sandboxes, `destroy` also asks Ollama to unload currently loaded models and clears stale auth proxy state on a best-effort basis. + +**Warning:** + +This command permanently deletes the sandbox **and its persistent volume**. +All workspace files (use the `nemoclaw-user-manage-sandboxes` skill) (SOUL.md, USER.md, IDENTITY.md, AGENTS.md, MEMORY.md, and daily memory notes) are lost. +Back up your workspace first with `nemohermes snapshot create` or see Backup and Restore (use the `nemoclaw-user-manage-sandboxes` skill). +If you want to upgrade the sandbox while preserving state, use `nemohermes rebuild` instead. + +If another terminal has an active SSH session to the sandbox, `destroy` prints an active-session warning and requires a second confirmation before it proceeds. +Pass `--yes`, `-y`, or `--force` to skip the prompt in scripted workflows. +By default, `destroy` preserves the shared NemoClaw gateway. +Pass `--cleanup-gateway` to remove the shared gateway when destroying the last sandbox, or `--no-cleanup-gateway` to force preservation when environment defaults request cleanup. + +```bash +nemohermes my-assistant destroy [--yes|-y|--force] [--cleanup-gateway|--no-cleanup-gateway] +``` + +### `nemohermes policy-add` + +Add a policy preset to a sandbox. +Presets extend the baseline network policy with additional endpoints. +Before applying, the command shows which endpoints the preset would open and prompts for confirmation. + +```bash +nemohermes my-assistant policy-add +``` + +To apply a specific preset without the interactive picker, pass its name as a positional argument: + +```bash +nemohermes my-assistant policy-add pypi --yes +``` + +The positional form is required in scripted workflows. +Set `NEMOCLAW_NON_INTERACTIVE=1` instead of `--yes` if you want the same behavior from an environment variable. +If the preset name is unknown or already applied, the command exits non-zero with a clear error. +Custom preset files are tracked with the sandbox that applied them. +`policy-list`, `policy-add`, and `policy-remove` compare the local registry and live gateway state using that sandbox-scoped preset metadata, so custom presets do not appear missing just because they are not part of the built-in preset catalog. + +| Flag | Description | +|------|-------------| +| `--from-file ` | Apply a custom preset YAML file instead of a built-in preset | +| `--from-dir ` | Apply every custom preset YAML file in a directory in lexicographic order | +| `--yes`, `--force` | Skip the confirmation prompt (requires a preset name, `--from-file`, or `--from-dir`) | +| `--dry-run` | Preview the endpoints a preset would open without applying changes | + +Use `--dry-run` to audit a preset before applying it: + +```bash +nemohermes my-assistant policy-add --dry-run +``` + +Apply a custom preset file when you need to grant access to an endpoint that is not covered by a built-in preset: + +```bash +nemohermes my-assistant policy-add --from-file ./presets/my-internal-api.yaml +``` + +For batch workflows, apply all preset files from a directory: + +```bash +nemohermes my-assistant policy-add --from-dir ./presets/ --yes +``` + +Review every host in custom preset files before applying them. +Custom presets bypass the built-in preset review process and can widen sandbox egress. + +### `nemohermes policy-list` + +List available policy presets and show which ones are applied to the sandbox. +The command cross-references the local registry against the live gateway state (via `openshell policy get`), so it flags presets that are applied in one place but not the other. +This catches desync caused by external edits to the gateway policy or stale registry entries after a manual rollback. + +```bash +nemohermes my-assistant policy-list +``` + +### `nemohermes policy-remove` + +Remove a previously applied policy preset from a sandbox. +The command lists only the presets currently applied, prompts you to select one, shows the endpoints that would be removed, and asks for confirmation before narrowing egress. + +```bash +nemohermes my-assistant policy-remove +``` + +To remove a specific preset non-interactively, pass its name as a positional argument: + +```bash +nemohermes my-assistant policy-remove pypi --yes +``` + +Set `NEMOCLAW_NON_INTERACTIVE=1` as an alternative to `--yes`. +If the preset is unknown or not currently applied, the command exits non-zero with a clear error. + +| Flag | Description | +|------|-------------| +| `--yes`, `--force` | Skip the confirmation prompt (requires a preset name) | +| `--dry-run` | Preview which endpoints would be removed without applying changes | + +Unchecking a preset in the onboard TUI checkbox also removes it from the sandbox. + +### `nemohermes hosts-add` + +Add a host alias to the sandbox pod template. +Use this when a sandbox needs a stable LAN-only name, such as a local SearXNG or internal model endpoint, without dropping to `docker exec` and `kubectl patch`. + +```bash +nemohermes my-assistant hosts-add searxng.local 192.168.1.105 +``` + +The command validates the hostname and IP address, rejects duplicate hostnames, and patches `spec.podTemplate.spec.hostAliases` on the sandbox resource. + +| Flag | Description | +|------|-------------| +| `--dry-run` | Print the JSON patch for the resulting `hostAliases` list without applying it | + +### `nemohermes hosts-list` + +List host aliases configured on the sandbox resource. + +```bash +nemohermes my-assistant hosts-list +``` + +### `nemohermes hosts-remove` + +Remove a hostname from the sandbox `hostAliases` list. + +```bash +nemohermes my-assistant hosts-remove searxng.local +``` + +| Flag | Description | +|------|-------------| +| `--dry-run` | Print the JSON patch for the resulting `hostAliases` list without applying it | + +### `nemohermes channels list` + +List the messaging channels NemoClaw knows about (`telegram`, `discord`, `slack`, `wechat`, `whatsapp`) with a short description. +The command is a static reference; it does not consult credentials or the running sandbox. +WeChat and WhatsApp are experimental. + +```bash +nemohermes my-assistant channels list +``` + +### `nemohermes channels add ` + +Register a messaging channel with the sandbox and rebuild so the image picks up the new channel. +Channels fall into three login modes: + +- **Token paste** (`telegram`, `discord`, `slack`): the command prompts for any missing token and registers it with the OpenShell gateway. +- **Host-side QR** (`wechat`, experimental): the command renders an iLink QR code on the host and you scan it from WeChat on your phone. + On confirm, NemoClaw captures the bot token, registers it with the OpenShell gateway, and stores non-secret per-account metadata (`WECHAT_ACCOUNT_ID`, `WECHAT_BASE_URL`, `WECHAT_USER_ID`) for the in-sandbox bridge. + NemoClaw automatically adds the scanning operator's WeChat user ID to `WECHAT_ALLOWED_IDS`. + Supply additional comma-separated IDs to authorize more DM senders. + NemoClaw advertises WeChat for both OpenClaw (the `@tencent-weixin/openclaw-weixin` plugin) and Hermes (the built-in iLink WeChat adapter). +- **In-sandbox QR** (`whatsapp`, experimental): the command records the channel without a host-side token or OpenShell credential provider. + NemoClaw advertises WhatsApp for OpenClaw and Hermes sandboxes; after rebuild, run `openclaw channels login --channel whatsapp` for OpenClaw or `hermes whatsapp` for Hermes. + This intentionally leaves QR-created mutable session state in the sandbox until you unpair it or clear the durable agent state. + +After registering the channel, NemoClaw asks whether to rebuild immediately. +Running `add` for an already-configured channel simply overwrites the stored credentials where applicable — the operation is idempotent. +Channel names are trimmed and lowercased before NemoClaw stores credentials, names bridge providers, or prints rebuild messages. +NemoClaw requires the matching built-in network policy preset YAML to be present. +A missing or malformed preset YAML (no `network_policies:` section) aborts `channels add` before any token prompt, registry write, or rebuild prompt. +With the preset file in place, NemoClaw applies it to the sandbox before the rebuild so the bridge has egress to its upstream API. +When the apply step itself fails after the registry write on a fresh add, NemoClaw attempts to roll back the bridge providers, the `messagingChannels` entry, and any staged environment credentials, then exits without prompting for a rebuild; if any gateway-side step (provider detach or delete) fails the rollback continues and prints a `Rollback could not fully clean ` warning so the operator can clean up manually. +When the same failure happens on a re-add of an already-enabled channel, NemoClaw restores the prior `messagingChannels` entry, restores staged environment credentials when available, restores registry credential hashes, and attempts to re-upsert the prior bridge providers, but flags `gateway-providers` as residual because the in-flight upsert may have left the gateway with the new token; verify the gateway bridge before relying on the channel. +Restore the preset YAML and re-run `nemohermes channels add `. +For Telegram, Discord, and Slack, a rebuild triggered by `channels add` also verifies that the selected bridge starts and reports credential, startup, or plugin discovery warnings. + +```bash +nemohermes my-assistant channels add telegram +``` + +| Flag | Description | +|------|-------------| +| `--dry-run` | Validate the channel name and matching policy preset without prompting for credentials, contacting the gateway, or rebuilding | + +Slack requires both `SLACK_BOT_TOKEN` (bot user OAuth) and `SLACK_APP_TOKEN` (app-level Socket Mode token); the command prompts for each in turn. +Optional Slack allowlists come from `SLACK_ALLOWED_USERS` and `SLACK_ALLOWED_CHANNELS` at rebuild time. +When `NEMOCLAW_NON_INTERACTIVE=1` is set, any missing token fails fast and no rebuild prompt is shown — instead, the change is queued and you are told to run `nemohermes rebuild` manually. +If you omit the required `` argument, the CLI prints the `channels add ` usage with the supported channel list instead of falling back to top-level help. + +### `nemohermes channels remove ` + +Clear the stored credentials for a messaging channel and rebuild the sandbox so the image drops the channel. +Running `remove` for a channel that was never configured is a no-op against the credentials file and still triggers the rebuild prompt. +When the bridge provider is attached to a live sandbox, NemoClaw detaches it before deleting the provider from the OpenShell gateway. +If the matching built-in policy preset is applied, such as `telegram`, `discord`, `slack`, `wechat`, or `whatsapp`, NemoClaw also removes that preset so the upstream API is no longer allow-listed after the channel is gone. +NemoClaw also strips the channel from `session.policyPresets` so a subsequent `onboard --resume` does not re-apply the preset on the next rebuild. + +For QR-paired channels (today: WhatsApp), NemoClaw destructively clears the in-sandbox session directory before the rebuild so the `state_dirs` backup does not restore the auth blob and let the channel reconnect: + +- OpenClaw: `/sandbox/.openclaw//` (for example `/sandbox/.openclaw/whatsapp/`). +- Hermes: `/sandbox/.hermes/platforms//` (for example `/sandbox/.hermes/platforms/whatsapp/`). + +The cleanup tries `openshell sandbox exec` first and falls back to SSH if the exec wrapper does not return the success sentinel. If both transports fail (the sandbox is stopped, the gateway is down, or SSH cannot reach it) the command refuses to proceed to the rebuild and asks you to start the sandbox and re-run, so a half-removed state cannot leave stale Baileys auth files behind for the next rebuild to restore. + +```bash +nemohermes my-assistant channels remove telegram +``` + +| Flag | Description | +|------|-------------| +| `--dry-run` | Report the channel that would be removed without clearing credentials or rebuilding | + +As with `channels add`, `NEMOCLAW_NON_INTERACTIVE=1` skips the rebuild prompt and queues the change for a manual `nemohermes rebuild`. +If you omit the required `` argument, the CLI prints the `channels remove ` usage with the supported channel list. + +Host-side removal is the supported path because agent channel config is baked into the container image at build time (`/sandbox/.openclaw/openclaw.json` for OpenClaw and `/sandbox/.hermes/.env` for Hermes); agent-specific channel removals inside the sandbox would modify the running config but not persist changes across rebuilds. + +### `nemohermes channels stop ` + +Pause a single messaging bridge (`telegram`, `discord`, `slack`, `wechat`, or `whatsapp`) without clearing its credentials. +The channel is marked disabled in the per-sandbox registry, and the sandbox is rebuilt so the onboard step skips registering the bridge with the gateway. +The provider stays registered with the OpenShell gateway, so a later `channels start` brings the bridge back without re-entering tokens. + +```bash +nemohermes my-assistant channels stop telegram +``` + +| Flag | Description | +|------|-------------| +| `--dry-run` | Report the channel that would be disabled without updating the registry or rebuilding | + +Use `channels stop` instead of `channels remove` when you want to pause a bridge temporarily. `channels remove` is destructive to credentials; `channels stop` is not. + +### `nemohermes channels start ` + +Re-enable a channel previously paused with `channels stop`. The channel is removed from the disabled list, the sandbox is rebuilt, and the bridge registers with the gateway again using the stored credentials. + +```bash +nemohermes my-assistant channels start telegram +``` + +| Flag | Description | +|------|-------------| +| `--dry-run` | Report the channel that would be re-enabled without updating the registry or rebuilding | + +### `nemohermes channels status` + +Run channel-specific runtime diagnostics. For WhatsApp the command probes the sandbox to separately report pairing/session state, the Noise WebSocket connection, inbound event delivery, and policy/config coverage; a paired channel with no observed inbound delivery exits non-zero with verdict `idle` so an unhealthy bridge cannot pass as healthy. + +```bash +nemohermes my-assistant channels status --channel whatsapp +``` + +| Flag | Description | +|------|-------------| +| `--channel ` | Channel to inspect; defaults to `whatsapp` when registered | +| `--json` | Emit the diagnostic report as JSON (exit non-zero when the verdict is not `healthy` or `unknown`) | + +The probe is bounded by an in-sandbox `openshell sandbox exec` with a hard timeout, captures only short matched bridge log signals (e.g. `connection.open`, `401 unauthorized`, `qr expired`), and never forwards message bodies to the host diagnostic output. + +### `nemohermes skill install ` + +Deploy a skill directory to a running sandbox. +The command validates the `SKILL.md` frontmatter (a `name` field is required), uploads all non-dot files preserving subdirectory structure, and performs agent-specific post-install steps. + +```bash +nemohermes my-assistant skill install ./my-skill/ +``` + +The skill directory must contain a `SKILL.md` file with YAML frontmatter that includes a `name` field. +Skill names must contain only alphanumeric characters, dots, hyphens, and underscores. + +Hermes plugins are different from NemoClaw skills. +`skill install` uploads agent skills, while Hermes plugin configuration is managed by the Hermes runtime and the NemoClaw Hermes plugin baked into the sandbox image. + +Run `nemohermes skill install --help` to print usage for this subcommand. +If you pass a plugin-shaped directory to `skill install`, the CLI prints a plugin-specific hint instead of treating it as a missing skill file. + +Files with names starting with `.` (dotfiles) are skipped and listed in the output. +Files with unsafe path characters are rejected to prevent shell injection. + +If the skill already exists on the sandbox, the command updates it in place and preserves chat history. +For new installs, the agent session index is refreshed so the agent discovers the skill on the next session. + +### `nemohermes skill remove ` + +Remove an installed skill from a running sandbox by skill name. +The command validates the skill name, removes the sandbox upload directory, and refreshes the agent session index so the remaining skills are rediscovered on the next session. + +For Hermes, restart the Hermes gateway if prompted so the removal takes effect. + +```bash +nemohermes my-assistant skill remove my-skill +``` + +Use the skill name from the `SKILL.md` frontmatter, not the local directory name. +Skill names must contain only alphanumeric characters, dots, hyphens, and underscores, and cannot be `.` or `..`. + +### `nemohermes agents add` + +Run the OpenClaw interactive add wizard inside the sandbox. +This is a thin pass-through to `openclaw agents add` via `openshell sandbox exec`; flags accepted by the in-sandbox CLI are forwarded verbatim. + +```bash +nemohermes my-assistant agents add +nemohermes my-assistant agents add work --model gpt-4o +``` + +### `nemohermes agents delete ` + +Remove an OpenClaw agent from the sandbox. +This is a thin pass-through to `openclaw agents delete ` via `openshell sandbox exec`; the OpenClaw CLI owns gateway dispatch (`agents.delete`), host-side workspace removal, and config edits. +Flags accepted by the in-sandbox CLI (`--force`, `--json`) are forwarded verbatim. + +```bash +nemohermes my-assistant agents delete work +nemohermes my-assistant agents delete work --force --json +``` + +### `nemohermes sessions` + +List OpenClaw conversation sessions in the sandbox. +With no subcommand the in-sandbox CLI lists stored sessions for the configured default agent. +This is a thin pass-through to `openclaw sessions` via `openshell sandbox exec`; flags accepted by the in-sandbox CLI are forwarded verbatim. + +```bash +nemohermes my-assistant sessions +nemohermes my-assistant sessions --all-agents --json +``` + +### `nemohermes sessions list` + +Pass-through to `openclaw sessions list` inside the sandbox. +Accepts every flag the in-sandbox CLI does (`--agent`, `--all-agents`, `--active`, `--limit`, `--json`, `--store`, `--verbose`). + +```bash +nemohermes my-assistant sessions list +nemohermes my-assistant sessions list --agent work --json +``` + +### `nemohermes sessions reset ` + +Archive a session and rebind its key to a fresh `sessionId` by invoking the OpenClaw gateway `sessions.reset` RPC inside the sandbox. +Goes through `openshell sandbox exec` -> `openclaw gateway call sessions.reset`, so the gateway owns archival, lock handling, and lifecycle events; the host never edits `sessions.json` directly. + +```bash +nemohermes my-assistant sessions reset main +nemohermes my-assistant sessions reset agent:work:telegram:t-1 +nemohermes my-assistant sessions reset telegram:t-1 --agent work --reason new +nemohermes my-assistant sessions reset agent:main:main --json +``` + +| Flag | Description | +|------|-------------| +| `--agent ` | Agent id when `` is an alias rather than the canonical `agent::` form. | +| `--reason new\|reset` | `reset` (default) archives the prior transcript; `new` rebinds without preserving the archive trail. | +| `--json` | Print the reset result as JSON. | +| `--verbose` | Print the gateway entry payload after a successful reset. | + +The `` argument accepts an alias (e.g. `main`, `telegram:t-1`) or the canonical `agent::` form. +Mismatched `--agent` plus canonical-key combinations are refused before the gateway is invoked. + +### `nemohermes sessions delete ` + +Remove a session entry by invoking the OpenClaw gateway `sessions.delete` RPC inside the sandbox. +The gateway refuses to remove the agent's main session. +The transcript on disk is removed by default; pass `--keep-transcript` to retain it. + +```bash +nemohermes my-assistant sessions delete telegram:t-1 +nemohermes my-assistant sessions delete agent:work:telegram:t-1 +nemohermes my-assistant sessions delete telegram:t-1 --agent work --keep-transcript +nemohermes my-assistant sessions delete agent:main:slack:c-9 --json +``` + +| Flag | Description | +|------|-------------| +| `--agent ` | Agent id when `` is an alias rather than the canonical `agent::` form. | +| `--keep-transcript` | Retain the session transcript on disk after the entry is removed. | +| `--json` | Print the delete result as JSON. | +| `--verbose` | Print the gateway entry payload after a successful delete. | + +### `nemohermes rebuild` + +Upgrade a sandbox to the current agent version while preserving workspace state. +The command backs up workspace state, destroys the old sandbox (including its host-side Docker image), recreates it with the current image via `onboard --resume`, and restores workspace state into the new sandbox. +Credentials are stripped from backups before storage. +Policy presets applied to the old sandbox are reapplied to the new one so your egress rules survive the rebuild. +The recorded sandbox GPU mode is preserved across rebuild. +A sandbox onboarded with an explicit GPU opt-out (stored as `sandboxGpuMode: "0"`, plus legacy registry entries that only record `gpuEnabled: false`) is recreated with the same opt-out, so the inner `onboard --resume` skips the Docker CDI GPU preflight on hosts without an NVIDIA GPU. +Auto-mode sandboxes remain auto. + +```bash +nemohermes my-assistant rebuild [--yes|-y|--force] [--verbose|-v] +``` + +| Flag | Description | +|------|-------------| +| `--yes`, `-y`, `--force` | Skip the confirmation prompt | +| `--verbose`, `-v` | Log SSH commands, exit codes, and session state (also enabled by `NEMOCLAW_REBUILD_VERBOSE=1`) | + +If another terminal has an active SSH session to the sandbox, `rebuild` prints an active-session warning and requires confirmation before destroying the sandbox. +Pass `--yes`, `-y`, or `--force` to skip the prompt in scripted workflows. + +The sandbox must be running for the backup step to succeed. +If an archive command reports partial output while still producing usable data, `rebuild` keeps the captured backup entries and reports only the manifest-defined paths that could not be archived. +If any required state path still cannot be backed up, `rebuild` exits before destroying the original sandbox. + +After restore, the command restores Hermes manifest-defined state and starts the rebuilt Hermes gateway with the regenerated `/sandbox/.hermes` config. + +### `nemohermes update` + +Check for a NemoClaw CLI update and, when requested, run the maintained installer flow. +This command is a discoverable CLI wrapper around the supported installer path: + +```bash +curl -fsSL https://www.nvidia.com/nemoclaw.sh | bash +``` + +```bash +nemohermes update [--check] [--yes|-y] +``` + +| Flag | Description | +|------|-------------| +| `--check` | Show the current version, latest maintained version, install type, and maintained update command without changing anything | +| `--yes`, `-y` | Skip the confirmation prompt and run the maintained installer flow | + +`nemohermes update` updates the host-side NemoClaw installation. +The maintained installer flow follows the admin-promoted `lkg` release tag by default, so it may trail the newest semver or `latest` tag while validation completes. +It does not replace `nemohermes upgrade-sandboxes`; use that command to inspect or rebuild existing sandboxes after the CLI has been updated. +When the command is running from a source checkout, it reports that state and does not replace the checkout with a global package install. + +### `nemohermes upgrade-sandboxes` + +Rebuild sandboxes whose base image is older than the one currently pinned by NemoClaw. +NemoClaw resolves the digest of `ghcr.io/nvidia/nemoclaw/sandbox-base:latest` from the registry, then compares it against the digest each sandbox was created with. +Sandboxes that match the current digest are left alone. + +```bash +nemohermes upgrade-sandboxes [--check] [--auto] [--yes|-y] +``` + +| Flag | Description | +|------|-------------| +| `--check` | List stale sandboxes without rebuilding any of them. Exits non-zero if any are stale. | +| `--auto` | Rebuild every stale sandbox without prompting. Used by the installer to upgrade in place. | +| `--yes`, `-y` | Skip the confirmation prompt for the rebuild plan. | + +Each rebuild reuses the same workspace backup-and-restore flow as `nemohermes rebuild`, so workspace files survive the upgrade. +If the registry is unreachable (offline or firewalled hosts), NemoClaw falls back to the unpinned `:latest` tag and reports that the digest could not be resolved instead of failing. + +### `nemohermes backup-all` + +Back up all registered running sandboxes to `~/.nemoclaw/rebuild-backups/`. +Sandboxes that are not running are skipped. + +```bash +nemohermes backup-all +``` + +The installer calls `backup-all` automatically before onboarding to protect against data loss during OpenShell upgrades. + +### `nemohermes snapshot create` + +Create a timestamped snapshot of sandbox state. +Snapshots are stored in `~/.nemoclaw/rebuild-backups//`. + +```bash +nemohermes my-assistant snapshot create +``` + +| Flag | Description | +|------|-------------| +| `--name