NVIDIA · miyoungc · Jun 4, 2026 · Jun 4, 2026 · Jun 4, 2026 · Jun 4, 2026
diff --git a/docs/about/ecosystem-hermes.mdx b/docs/about/ecosystem-hermes.mdx
@@ -99,4 +99,4 @@ Use the following table to decide when to use NemoHermes versus OpenShell alone.
 - [Overview](overview) describes what NemoClaw is, including capabilities, benefits, and use cases.
 - [How It Works](how-it-works) describes how NemoClaw runs, the blueprint, sandbox creation, routing, and protection layers for Hermes.
 - [Architecture](../reference/architecture) shows the repository structure and technical diagrams.
-- [Quickstart with Hermes](../get-started/quickstart-hermes) installs NemoClaw and launches your first Hermes sandbox.
+- [Quickstart with Hermes](../get-started/quickstart) installs NemoClaw and launches your first Hermes sandbox.
diff --git a/docs/about/how-it-works.mdx b/docs/about/how-it-works.mdx
@@ -135,8 +135,8 @@ When the agent tries to reach an unlisted host, OpenShell blocks the request and
 </AgentOnly>
 <AgentOnly variant="hermes">
 
-- Read [Ecosystem](ecosystem-hermes) for stack-level relationships and NemoClaw versus OpenShell-only paths.
-- Follow [Quickstart with Hermes](../get-started/quickstart-hermes) to launch your first sandbox.
+- Read [Ecosystem](ecosystem) for stack-level relationships and NemoClaw versus OpenShell-only paths.
+- Follow [Quickstart with Hermes](../get-started/quickstart) to launch your first sandbox.
 - Refer to the [Architecture](../reference/architecture) for the full technical structure, including file layouts and the blueprint lifecycle.
 - Refer to [Inference Options](../inference/inference-options) for detailed provider configuration.
 - For details on the baseline rules, refer to [Network Policies](../reference/network-policies).

diff --git a/docs/about/overview.mdx b/docs/about/overview.mdx
@@ -82,8 +82,8 @@ Navigate to the following topics to learn more about NemoClaw and how to install
 <AgentOnly variant="hermes">
 
 - [Architecture Overview](how-it-works) to understand how NemoClaw works.
-- [Ecosystem](ecosystem-hermes) to understand how Hermes, OpenShell, and NemoClaw relate in the wider stack, and when to use NemoClaw versus OpenShell.
-- [Quickstart with Hermes](../get-started/quickstart-hermes) to install NemoClaw and run your first Hermes sandbox with `$$nemoclaw`.
+- [Ecosystem](ecosystem) to understand how Hermes, OpenShell, and NemoClaw relate in the wider stack, and when to use NemoClaw versus OpenShell.
+- [Quickstart with Hermes](../get-started/quickstart) to install NemoClaw and run your first Hermes sandbox with `$$nemoclaw`.
 - [Agent Skills](../resources/agent-skills) to load NemoClaw guidance into an AI coding assistant.
 - [Inference Options](../inference/inference-options) to check the inference providers that NemoClaw supports and how inference routing works.
 

diff --git a/docs/about/release-notes.mdx b/docs/about/release-notes.mdx
@@ -51,7 +51,7 @@ NemoClaw v0.0.54 updates messaging activation, Windows WSL onboarding, NemoHerme
 - Generated OpenClaw config now marks Telegram, Discord, Slack, and WhatsApp as enabled at the channel level. Selected messaging plugins are pinned during the image build, and `channels add` verifies Telegram, Discord, and Slack bridge startup after the rebuild instead of leaving silent channel failures for later debugging. For more information, refer to [Messaging Channels](../manage-sandboxes/messaging-channels).
 - The Windows bootstrap flow waits for Ubuntu account creation before touching Docker settings, enables Docker Desktop WSL integration for the target distro, avoids changing the global WSL default distro, and adds WSL-specific Docker reachability hints during onboarding. For more information, refer to [Prepare Windows for NemoClaw](../get-started/prerequisites/windows-preparation).
 - Windows-host Ollama setup inside WSL now requires the Docker Desktop WSL integration path. NemoClaw still shows Windows-host Ollama options when it detects them, but labels the Docker Desktop requirement and blocks unsupported native Docker-in-WSL selections before it tries to start or install Ollama. For more information, refer to [Use a Local Inference Server](../inference/use-local-inference).
-- NemoHermes can expose the optional native Hermes web dashboard separately from the OpenAI-compatible API. Set `NEMOCLAW_HERMES_DASHBOARD=1` before onboarding to start and forward the dashboard on port `9119`, with `NEMOCLAW_HERMES_DASHBOARD_PORT` and `NEMOCLAW_HERMES_DASHBOARD_TUI` available for port and TUI tab control. For more information, refer to [NemoClaw Quickstart with Hermes](../../hermes/get-started/quickstart-hermes).
+- NemoHermes can expose the optional native Hermes web dashboard separately from the OpenAI-compatible API. Set `NEMOCLAW_HERMES_DASHBOARD=1` before onboarding to start and forward the dashboard on port `9119`, with `NEMOCLAW_HERMES_DASHBOARD_PORT` and `NEMOCLAW_HERMES_DASHBOARD_TUI` available for port and TUI tab control. For more information, refer to [NemoClaw Quickstart with Hermes](../../hermes/get-started/quickstart).
 - Onboarding diagnostics include more copy-paste-ready recovery hints. Invalid sandbox names now include a `Try: <suggested-slug>` line when NemoClaw can derive a valid name, and non-interactive NVIDIA Endpoints setup prints the exact `export NVIDIA_API_KEY=nvapi-...` shape when the key is missing. For more information, refer to [NemoClaw CLI Commands Reference](../reference/commands).
 - Homebrew stays on the Linuxbrew prefix while exposing installed formula commands in sandbox shell sessions, the `/nemoclaw` slash command activates at OpenClaw startup again, Hermes rebuilds tolerate older release tarballs that lack optional UI package lockfiles, and device scope-upgrade approvals recover without being pinned to the old gateway-scoped request. For more information, refer to [Common NemoClaw Integration Policy Examples](../network-policy/integration-policy-examples).
 - The host-gateway allowance for OpenClaw `web_fetch` is confined to the trusted proxy path, while strict and direct paths continue to block host-gateway names. Hermes Provider onboarding skips the host-side smoke probe only for OAuth-backed setup and keeps direct validation for Nous API key setup. For more information, refer to [NemoClaw Inference Options](../inference/inference-options).

diff --git a/docs/get-started/prerequisites.mdx b/docs/get-started/prerequisites.mdx
@@ -79,5 +79,5 @@ The table comes from [`ci/platform-matrix.json`](https://github.com/NVIDIA/NemoC
 ## Next Steps
 
 - [Prepare Windows for NemoClaw](prerequisites/windows-preparation) if you are using Windows.
-- [Quickstart](quickstart) to install NemoClaw and launch your first sandbox.
+- [Quickstart](quickstart) to install NemoClaw and launch your first sandboxed agent.
 - [Agent Skills](../resources/agent-skills) to load NemoClaw guidance into an AI coding assistant before setup.
diff --git a/docs/get-started/windows-preparation.mdx b/docs/get-started/windows-preparation.mdx
@@ -16,7 +16,7 @@ You can run NemoClaw inside Windows Subsystem for Linux (WSL 2) on Windows.
 Complete these steps before following the [Quickstart](../quickstart).
 </AgentOnly>
 <AgentOnly variant="hermes">
-Complete these steps before following [Quickstart with Hermes](../quickstart-hermes).
+Complete these steps before following [Quickstart with Hermes](../quickstart).
 </AgentOnly>
 Linux and macOS users do not need this page and can go directly to the Quickstart.
 
@@ -36,7 +36,7 @@ Verify the following before you begin:
 </AgentOnly>
 <AgentOnly variant="hermes">
 
-- Hardware requirements are the same as [Quickstart with Hermes](../quickstart-hermes).
+- Hardware requirements are the same as [Quickstart with Hermes](../quickstart).
 
 </AgentOnly>
 
@@ -167,7 +167,7 @@ If you used the bootstrap script, follow the installer command it printed inside
 If you prepared Windows manually, open a WSL terminal (type `wsl` in PowerShell, or open Ubuntu from Windows Terminal) and continue with the [Quickstart](../quickstart) to install NemoClaw and launch your first sandbox.
 </AgentOnly>
 <AgentOnly variant="hermes">
-If you prepared Windows manually, open a WSL terminal (type `wsl` in PowerShell, or open Ubuntu from Windows Terminal) and continue with [Quickstart with Hermes](../quickstart-hermes) to install NemoClaw and launch your first Hermes sandbox.
+If you prepared Windows manually, open a WSL terminal (type `wsl` in PowerShell, or open Ubuntu from Windows Terminal) and continue with [Quickstart with Hermes](../quickstart) to install NemoClaw and launch your first Hermes sandbox.
 </AgentOnly>
 
 All NemoClaw commands run inside WSL, not in PowerShell.

diff --git a/docs/index.mdx b/docs/index.mdx
@@ -60,7 +60,7 @@ By default, NemoClaw installs the OpenClaw agent. Use one of the following quick
 | Agent | Guide |
 |-------|-------|
 | OpenClaw (default) | [Quickstart with OpenClaw](../openclaw/get-started/quickstart) |
-| Hermes | [Quickstart with Hermes](../hermes/get-started/quickstart-hermes) |
+| Hermes | [Quickstart with Hermes](../hermes/get-started/quickstart) |
 
 ## Select User Guide for Your Agent
 

diff --git a/docs/index.yml b/docs/index.yml
@@ -203,7 +203,7 @@ navigation:
                     slug: windows-preparation
               - page: "Quickstart with Hermes"
                 path: get-started/quickstart-hermes.mdx
-                slug: quickstart-hermes
+                slug: quickstart
           - section: "Inference"
             slug: inference
             collapsed: open-by-default

diff --git a/docs/inference/inference-options.mdx b/docs/inference/inference-options.mdx
@@ -199,5 +199,7 @@ Other provider credentials, such as `OPENAI_API_KEY`, `ANTHROPIC_API_KEY`, `GEMI
 ## Next Steps
 
 - [Use a Local Inference Server](use-local-inference) for Ollama, vLLM, NIM, and compatible-endpoint setup details.
+<AgentOnly variant="openclaw">
 - [Tool-Calling Reliability](tool-calling-reliability) for deciding when Ollama is enough and when vLLM with a parser is safer.
+</AgentOnly>
 - [Switch Inference Models](switch-inference-providers) for changing the model at runtime without re-onboarding.
diff --git a/docs/inference/use-local-inference.mdx b/docs/inference/use-local-inference.mdx
@@ -26,7 +26,7 @@ OpenShell intercepts inference traffic and forwards it to the local endpoint you
 - NemoClaw installed. Refer to the [Quickstart](../get-started/quickstart) if you have not installed yet.
 </AgentOnly>
 <AgentOnly variant="hermes">
-- NemoClaw installed. Refer to [Quickstart with Hermes](../get-started/quickstart-hermes) if you have not installed yet.
+- NemoClaw installed. Refer to [Quickstart with Hermes](../get-started/quickstart) if you have not installed yet.
 </AgentOnly>
 - A local model server running, or a supported Ollama, vLLM, or NIM setup that the NemoClaw onboard wizard can use, start, or install.
 
@@ -109,13 +109,15 @@ Windows-host Ollama requires Docker Desktop WSL integration because the sandbox
 If NemoClaw detects native Docker Engine inside WSL, the provider menu labels Windows-host Ollama actions as requiring Docker Desktop integration.
 Selecting one of those actions in the unsupported native Docker topology exits early with a remediation message instead of trying to start or install Ollama on Windows.
 
+<AgentOnly variant="openclaw">
 <Warning>
 Ollama is convenient for local chat, but some model/template combinations can
 return tool calls as plain text under realistic agent load. If the TUI shows raw
 JSON such as `{"name":"memory_search","arguments":{...}}` instead of running a
 tool, switch to vLLM with `--enable-auto-tool-choice` and the correct
 `--tool-call-parser`. See [Tool-Calling Reliability](tool-calling-reliability).
 </Warning>
+</AgentOnly>
 
 ### Authenticated Reverse Proxy
 
@@ -466,6 +468,6 @@ If the provider itself needs to change (for example, switching from vLLM to a cl
 
 - [Inference Options](inference-options) for the full list of providers available during onboarding.
 - [Switch Inference Models](switch-inference-providers) for runtime model switching.
-- [Quickstart with Hermes](../get-started/quickstart-hermes) for first-time installation.
+- [Quickstart with Hermes](../get-started/quickstart) for first-time installation.
 
 </AgentOnly>
diff --git a/docs/manage-sandboxes/lifecycle.mdx b/docs/manage-sandboxes/lifecycle.mdx
@@ -17,7 +17,7 @@ import { AgentOnly } from "../_components/AgentGuide";
 Use this guide after you finish the [OpenClaw quickstart](../get-started/quickstart).
 </AgentOnly>
 <AgentOnly variant="hermes">
-Use this guide after you finish [Quickstart with Hermes](../get-started/quickstart-hermes).
+Use this guide after you finish [Quickstart with Hermes](../get-started/quickstart).
 </AgentOnly>
 It covers day-two sandbox operations such as listing sandboxes, checking health, managing ports, rebuilding safely, upgrading, and uninstalling.
 <AgentOnly variant="openclaw">

diff --git a/docs/manage-sandboxes/messaging-channels.mdx b/docs/manage-sandboxes/messaging-channels.mdx
@@ -337,6 +337,8 @@ $$nemoclaw tunnel start
 
 ## Related Topics
 
+<AgentOnly variant="openclaw">
 - [Deploy NemoClaw to a Remote GPU Instance](../deployment/deploy-to-remote-gpu) for remote deployment with messaging.
+</AgentOnly>
 - [Architecture](../reference/architecture) for how providers, the gateway, and the sandbox fit together.
 - [Commands](../reference/commands) for `channels add`, `channels remove`, `channels start`, `channels stop`, `tunnel start`, `tunnel stop`, and `status`.
diff --git a/docs/reference/commands-nemohermes.mdx b/docs/reference/commands-nemohermes.mdx
@@ -1661,19 +1661,6 @@ These flags change defaults for commands that manage existing sandboxes.
 | `NEMOCLAW_DISABLE_INFERENCE_ROUTE_REPAIR` | `1` to enable | Skips the automatic DNS-proxy repair for stale `inference.local` routes during `nemohermes <name> connect` and `nemohermes <name> connect --probe-only`. Use only as a troubleshooting escape hatch. |
 | `NEMOCLAW_SHIELDS_ACCEPT_LEGACY_BASELINE` | `1` to opt in | Allows advanced immutable-config verification to trust the current on-disk bytes for older or partial content baselines. Use only after you have rebuilt or manually inspected the sandbox state and accepted that the baseline is operator-approved. |
 
-### Remote Deployment
-
-These variables seed defaults for `nemohermes deploy` and `nemohermes onboard --remote`, which provision a sandbox on a Brev instance.
-Each has a flag equivalent on `deploy`; the env var lets non-interactive runs skip the prompt.
-For narrative how-to coverage of `NEMOCLAW_BREV_PROVIDER` and `NEMOCLAW_GPU`, see [Deploy to Remote GPU](../deployment/deploy-to-remote-gpu.mdx).
-
-| Variable | Default | Effect |
-|----------|---------|--------|
-| `NEMOCLAW_BREV_PROVIDER` | `gcp` | Cloud provider for Brev instance creation. |
-| `NEMOCLAW_GPU` | `a2-highgpu-1g:nvidia-tesla-a100:1` | GPU specification (instance type and GPU model) for the Brev instance. |
-| `NEMOCLAW_DEPLOY_NO_CONNECT` | unset | When set to `1`, skips the automatic `connect` step after the remote deploy completes. |
-| `NEMOCLAW_DEPLOY_NO_START_SERVICES` | unset | When set to `1`, skips starting services automatically after the remote deploy. |
-
 ### Legacy `nemohermes setup`
 
 Deprecated. Use `nemohermes onboard` instead.

diff --git a/docs/reference/commands.mdx b/docs/reference/commands.mdx
@@ -1930,19 +1930,6 @@ These flags change defaults for commands that manage existing sandboxes.
 | `NEMOCLAW_DISABLE_INFERENCE_ROUTE_REPAIR` | `1` to enable | Skips the automatic DNS-proxy repair for stale `inference.local` routes during `$$nemoclaw <name> connect` and `$$nemoclaw <name> connect --probe-only`. Use only as a troubleshooting escape hatch. |
 | `NEMOCLAW_SHIELDS_ACCEPT_LEGACY_BASELINE` | `1` to opt in | Allows advanced immutable-config verification to trust the current on-disk bytes for older or partial content baselines. Use only after you have rebuilt or manually inspected the sandbox state and accepted that the baseline is operator-approved. |
 
-### Remote Deployment
-
-These variables seed defaults for `$$nemoclaw deploy` and `$$nemoclaw onboard --remote`, which provision a sandbox on a Brev instance.
-Each has a flag equivalent on `deploy`; the env var lets non-interactive runs skip the prompt.
-For narrative how-to coverage of `NEMOCLAW_BREV_PROVIDER` and `NEMOCLAW_GPU`, see [Deploy to Remote GPU](../deployment/deploy-to-remote-gpu.mdx).
-
-| Variable | Default | Effect |
-|----------|---------|--------|
-| `NEMOCLAW_BREV_PROVIDER` | `gcp` | Cloud provider for Brev instance creation. |
-| `NEMOCLAW_GPU` | `a2-highgpu-1g:nvidia-tesla-a100:1` | GPU specification (instance type and GPU model) for the Brev instance. |
-| `NEMOCLAW_DEPLOY_NO_CONNECT` | unset | When set to `1`, skips the automatic `connect` step after the remote deploy completes. |
-| `NEMOCLAW_DEPLOY_NO_START_SERVICES` | unset | When set to `1`, skips starting services automatically after the remote deploy. |
-
 ### Legacy `$$nemoclaw setup`
 
 Deprecated. Use `$$nemoclaw onboard` instead.

diff --git a/docs/reference/troubleshooting.mdx b/docs/reference/troubleshooting.mdx
@@ -1359,7 +1359,13 @@ sudo systemctl stop ollama
 OLLAMA_CONTEXT_LENGTH=16384 ollama serve
 ```
 
-For additional troubleshooting, see the [Quickstart](../get-started/quickstart) and [Windows Setup](../get-started/prerequisites/windows-preparation) pages.
+For additional troubleshooting, see the [Windows Setup](../get-started/prerequisites/windows-preparation) page.
+<AgentOnly variant="openclaw">
+For first-time OpenClaw setup, see the [Quickstart](../get-started/quickstart).
+</AgentOnly>
+<AgentOnly variant="hermes">
+For first-time Hermes setup, see [Quickstart with Hermes](../get-started/quickstart).
+</AgentOnly>
 
 ## Podman
 
@@ -1369,7 +1375,9 @@ If you encounter issues with Podman, switch to a tested runtime (Docker Engine,
 
 ## Brev
 
+<AgentOnly variant="openclaw">
 For Brev setup instructions, refer to [Brev Web UI](../deployment/brev-web-ui).
+</AgentOnly>
 
 ### Most OpenClaw skills show as blocked
 
@@ -1453,7 +1461,7 @@ After the rebuild completes, return to the Skills page to confirm the skill is r
 ## Hermes
 
 The issues below are common problems you may encounter when running Hermes through `nemohermes`.
-For setup, refer to [Quickstart with Hermes](../../hermes/get-started/quickstart-hermes).
+For setup, refer to [Quickstart with Hermes](../../hermes/get-started/quickstart).
 
 ### Port 8642 in a browser shows a blank page or `Cannot GET /`
 
@@ -1550,7 +1558,7 @@ Reset a specific provider's credentials with `nemohermes credentials reset <prov
 
 ### `Brave Search` policy preset has no effect under Hermes
 
-The Hermes wizard intentionally omits the Brave Search preset because Hermes does not use NemoClaw's OpenClaw web-search configuration (see [Quickstart with Hermes](../../hermes/get-started/quickstart-hermes) and [Network Policies](network-policies)).
+The Hermes wizard intentionally omits the Brave Search preset because Hermes does not use NemoClaw's OpenClaw web-search configuration (see [Quickstart with Hermes](../../hermes/get-started/quickstart) and [Network Policies](network-policies)).
 If you add the `brave` preset to a Hermes sandbox after onboarding, the L7 egress allowlist opens for Brave's endpoints but the agent itself does not start consuming the credential.
 Configure Hermes web search from the agent's own configuration inside the sandbox.
 

diff --git a/docs/security/best-practices.mdx b/docs/security/best-practices.mdx
@@ -300,7 +300,9 @@ The agent then refuses to start unless the agent process tree's bounding set is
 This is opt-in because such hosts are common (many cloud VMs, Docker Desktop, WSL); leaving it unset preserves the best-effort default.
 The check covers the agent process tree only — a `$$nemoclaw connect` shell is spawned by the container runtime outside that tree and is not affected (tracked in [NVIDIA/OpenShell#1452](https://github.com/NVIDIA/OpenShell/issues/1452)).
 
-For additional protection, pass `--cap-drop=ALL` with `docker run` or Compose (see [Sandbox Hardening](../manage-sandboxes/sandbox-hardening)).
+<AgentOnly variant="openclaw">
+For additional protection, pass `--cap-drop=ALL` with `docker run` or Compose. Refer to [Sandbox Hardening](../manage-sandboxes/sandbox-hardening).
+</AgentOnly>
 
 | Aspect | Detail |
 |---|---|
@@ -599,7 +601,9 @@ The following patterns weaken security without providing meaningful benefit.
 - [Network Policies](../reference/network-policies) for the full baseline policy reference.
 - [Customize the Network Policy](../network-policy/customize-network-policy) for static and dynamic policy changes.
 - [Approve or Deny Network Requests](../network-policy/approve-network-requests) for the operator approval flow.
+<AgentOnly variant="openclaw">
 - [Sandbox Hardening](../manage-sandboxes/sandbox-hardening) for container-level security measures.
+</AgentOnly>
 - [Inference Options](../inference/inference-options) for provider configuration details.
 - [How It Works](../about/how-it-works) for the protection layer architecture.
 {/* - OpenShell [Security Best Practices](https://docs.nvidia.com/openshell/latest/security/best-practices.html) for the platform-level controls reference, including network namespace isolation, seccomp filters, SSRF protection, TLS termination, and gateway authentication. */}