Architecture Details
NemoClaw combines a host CLI, an in-sandbox integration layer, and a versioned YAML blueprint that defines the sandbox image, policies, and inference profiles applied through OpenShell.
System Overview
NVIDIA OpenShell is a general-purpose agent runtime. It provides sandbox containers, a credential-storing gateway, inference proxying, and policy enforcement, but it has no opinions about what runs inside. NemoClaw is an opinionated reference stack built on OpenShell that handles what goes in the sandbox, prepares agent-specific integration, and makes the setup accessible.
Deployment Topology
The logical diagram above shows how components relate.
This section shows what actually runs where on the host.
NemoClawās default Docker-driver topology does not place the sandbox in an embedded k3s cluster.
On Linux, NemoClaw configures and restarts the package-managed OpenShell gateway user service when it is installed, then creates the sandbox as a Docker container.
NemoClaw treats that service as authoritative only when systemctl --user show openshell-gateway reports a package/vendor unit path and an openshell-gateway ExecStart.
Per-user units, partial units, and user-manager or bus outages do not take over gateway ownership; NemoClaw falls back to the standalone gateway process used by earlier installs.
That compatibility fallback remains until supported upgrade paths no longer include pre-service OpenShell installs and the package-managed handoff has direct nightly coverage.
On Apple Silicon macOS, NemoClaw starts the OpenShell Docker-driver gateway and creates the sandbox as a Docker container.
In both Docker-driver modes, the sandbox is a Docker container, not a Kubernetes pod.
The in-container /tmp/nemoclaw-gateway-local marker is written only by entrypoint paths that actually launch an in-container gateway.
Terminal runtimes may not write it.
NemoClaw does not treat sandbox environment hints such as OPENSHELL_DRIVERS as authoritative for gateway ownership.
Legacy non-Docker-driver installs still use the k3s-based gateway path; the diagram below shows the standard Docker-driver topology.
Layering from top to bottom:
NemoClaw never gives the sandbox a raw provider key.
At onboard time it registers credentials with OpenShellās provider/placeholder system, and the L7 proxy substitutes the real value into outbound requests at egress.
The CLI helper isInferenceRouteReady (in src/lib/onboard.ts) is a host-side readiness check used by the resume flow to decide whether the active route already covers the chosen provider and model.
It is not a runtime component.
For the DGX Spark-specific variant of this topology (cgroup v2, aarch64, unified memory), refer to the NVIDIA Spark playbook.
NemoClaw Agent Integration
NemoClaw integrates with each supported agent through a runtime layer that adapts the agent to OpenShell-managed providers, policies, and sandbox state. The concrete files differ by agent because each runtime has its own plugin system, config format, state layout, and startup command.
| Deep Agents | agents/langchain-deepagents-code/manifest.yaml, agents/langchain-deepagents-code/generate-config.ts, agents/langchain-deepagents-code/start.sh, and the managed dcode launchers | Declares the terminal agent contract, writes /sandbox/.deepagents/config.toml, installs managed wrappers for dcode and dcode -n, and routes inference through inference.local. |
The Deep Agents integration follows the generic agent-manifest path for terminal runtimes.
The manifest declares the dcode binary, smoke checks, config directory, state directories, and OpenAI-compatible inference route.
The build-time config generator turns NemoClaw onboarding choices into config.toml, and the managed launchers enforce the supported credential, MCP, tracing, and sandbox boundaries before dcode starts.
NemoClaw Blueprint
The blueprint is a versioned YAML package with its own release stream. The runner resolves, verifies, and applies the blueprint through the OpenShell CLI. The blueprint defines the sandbox shape, default policies, and inference profiles; the runner performs the OpenShell operations.
Deep Agents keeps its agent-owned image, config generator, entrypoint, wrappers, and policy additions under agents/langchain-deepagents-code/.
The default Deep Agents policy starts from agents/langchain-deepagents-code/policy-additions.yaml.
The current blueprint runner implementation lives in the nemoclaw/ TypeScript package:
Blueprint Lifecycle
- Resolve. The integration layer locates the blueprint artifact and checks the version against the OpenShell and agent runtime constraints in
blueprint.yaml. - Verify. The integration layer checks the artifact digest against the expected value.
- Plan. The runner determines what OpenShell resources to create or update, such as the gateway, providers, sandbox, inference route, and policy.
- Apply. The runner executes the plan by calling
openshellCLI commands. - Status. The runner reports current state.
Sandbox Environment
Deep Agents onboarding builds from the agent-specific agents/langchain-deepagents-code/Dockerfile.base image and layers the managed Deep Agents runtime Dockerfile on top.
That base installs Node, Python, shell tools, and the hash-locked deepagents-code package needed by the terminal harness.
Inside the sandbox:
-
The selected compatible agent runs with the NemoClaw integration layer installed or generated for that agent.
-
Inference calls are routed through OpenShell to the configured provider.
-
Network egress is restricted by the baseline policy for the selected agent profile.
-
Filesystem access is confined to
/sandboxand/tmpfor read-write access, with system paths read-only. -
NemoClaw writes generated Deep Agents configuration into the sandbox, then leaves interactive and headless execution to
dcode. -
Deep Agents is a terminal runtime, so there is no long-running dashboard or gateway health surface inside the sandbox.
Inference Routing
Inference requests from the agent never leave the sandbox directly. OpenShell intercepts them and routes them to the configured provider:
When you select the Model Router provider, the OpenShell gateway routes to a host-side router process instead of a single upstream model. The router selects from the configured pool, then calls the upstream NVIDIA endpoint with the credential held outside the sandbox.
Some model and provider combinations need agent-specific compatibility setup.
NemoClaw keeps those declarations under nemoclaw-blueprint/model-specific-setup/<agent>/ so fixes for each supported agent can be tested and reviewed independently.
Refer to Inference Options for provider configuration details.
Provider Credential Storage
Provider credentials live in the OpenShell gateway store, not on the host filesystem. NemoClaw never writes them to host disk. The OpenShell L7 proxy injects values at egress. Refer to Credential Storage for the inspection, rotation, and migration flow.
Host-Side State and Config
NemoClaw keeps non-secret operator-facing state on the host rather than inside the sandbox.
The following environment variables configure optional services and local access.
| NEMOCLAW_POLICY_TIER | Optional non-interactive policy tier selection during onboarding. |
| TAVILY_API_KEY | Host-side input for the optional managed Tavily provider. Register it with nemo-deepagents credentials add tavily-search --type tavily --credential TAVILY_API_KEY before attaching the provider to Deep Agents. |
| NEMOCLAW_GATEWAY_PORT | Optional host-side gateway port override when running multiple independent OpenShell gateways. |
For normal setup and reconfiguration, prefer nemo-deepagents onboard over editing these files by hand.