Runtime Controls and Sandbox Mutability

What You Can Change at Runtime

NemoClaw applies its security posture in three layers: what onboarding bakes into the sandbox image, what the running sandbox can hot-reload, and what requires a rebuild or re-onboard. The table below maps each commonly changed item to the layer that owns it and the command that changes it.

Item	When the change takes effect	How to change it
Inference provider (cloud, NVIDIA Endpoints, local Ollama / vLLM, compatible-endpoint, …)	Runtime route changes apply immediately; rebuild if you need to rebake model metadata into the image	`nemohermes inference set` for route changes, or `nemohermes <name> rebuild` after changing build-time settings
Inference model on the current provider	Hot-reloadable through the Hermes config sync path	`nemohermes inference set`
Agent runtime (Hermes compared to OpenClaw)	Re-onboard required (the agent and its state layout are baked at onboard)	`nemohermes onboard --recreate-sandbox` or `nemoclaw onboard --agent openclaw --recreate-sandbox`
Network policy preset (slack, discord, telegram, brave, …)	Runtime. Applies on the next request; rebuild only required if the preset adds bind-mounted secrets	`nemohermes <name> policy-add <preset>` / `policy-remove <preset>`
Network allow-list (custom hosts)	Runtime. Picks up at next request	`openshell policy set` or interactive approval prompt at the gateway
Channel tokens (Slack / Discord / Telegram bot credentials)	Rebuild required (tokens are baked into the sandbox image at onboard so they never leave the host clear-text)	`nemohermes <name> channels add <channel>` then accept the rebuild prompt
Channel enable/disable (turn a configured channel off without removing the token)	Rebuild required (`/sandbox/.hermes/.env` and Hermes config are baked at image build time)	`nemohermes <name> channels stop <channel>` then rebuild
API/dashboard forward port	Runtime. Port is re-resolved on next `connect`	`nemohermes <name> connect` or `openshell forward start`
Filesystem layout (Landlock zones, read-only mounts, container caps)	Locked at creation. No runtime change	Re-onboard with `nemohermes onboard --recreate-sandbox`
Sandbox name	Locked at creation	Re-onboard with a different `--name`
GPU passthrough enable / device selector	Locked at creation	Re-onboard with `--gpu` / `--sandbox-gpu-device`
Hermes `config.yaml` keys	Mixed. Inference keys can be patched by `nemohermes inference set`; image, policy, and channel changes still require rebuild.	Prefer NemoClaw host commands so the host registry and rebuilt image stay aligned

If a row above conflicts with what you observe, the runtime source of truth for Hermes is /sandbox/.hermes/config.yaml plus /sandbox/.hermes/.env; the host registry caches metadata but the image and Hermes runtime read from the in-sandbox files.

See Also

The mutability table above is a consolidated index of information that lives in more detail on per-topic pages:

Manage Sandbox Lifecycle for the full rebuild, re-onboard, and upgrade workflow.

Switch Inference Providers for the runtime route and rebuild paths for provider and model changes.

Customize Network Policy and Approve Network Requests for runtime policy editing and operator approval flow.

Security Best Practices for the per-attack-surface posture table that this page complements.

CLI Commands Reference for the full flag surface for every nemohermes and nemoclaw command, including the environment variables that affect runtime behavior.

What You Can Change at Runtime

Item	When the change takes effect	How to change it
Inference provider (cloud, NVIDIA Endpoints, local Ollama / vLLM, compatible-endpoint, …)	Runtime route changes apply immediately; rebuild if you need to rebake model metadata into the image	`nemohermes inference set` for route changes, or `nemohermes <name> rebuild` after changing build-time settings
Inference model on the current provider	Hot-reloadable through the Hermes config sync path	`nemohermes inference set`
Agent runtime (Hermes compared to OpenClaw)	Re-onboard required (the agent and its state layout are baked at onboard)	`nemohermes onboard --recreate-sandbox` or `nemoclaw onboard --agent openclaw --recreate-sandbox`
Network policy preset (slack, discord, telegram, brave, …)	Runtime. Applies on the next request; rebuild only required if the preset adds bind-mounted secrets	`nemohermes <name> policy-add <preset>` / `policy-remove <preset>`
Network allow-list (custom hosts)	Runtime. Picks up at next request	`openshell policy set` or interactive approval prompt at the gateway
Channel tokens (Slack / Discord / Telegram bot credentials)	Rebuild required (tokens are baked into the sandbox image at onboard so they never leave the host clear-text)	`nemohermes <name> channels add <channel>` then accept the rebuild prompt
Channel enable/disable (turn a configured channel off without removing the token)	Rebuild required (`/sandbox/.hermes/.env` and Hermes config are baked at image build time)	`nemohermes <name> channels stop <channel>` then rebuild
API/dashboard forward port	Runtime. Port is re-resolved on next `connect`	`nemohermes <name> connect` or `openshell forward start`
Filesystem layout (Landlock zones, read-only mounts, container caps)	Locked at creation. No runtime change	Re-onboard with `nemohermes onboard --recreate-sandbox`
Sandbox name	Locked at creation	Re-onboard with a different `--name`
GPU passthrough enable / device selector	Locked at creation	Re-onboard with `--gpu` / `--sandbox-gpu-device`
Hermes `config.yaml` keys	Mixed. Inference keys can be patched by `nemohermes inference set`; image, policy, and channel changes still require rebuild.	Prefer NemoClaw host commands so the host registry and rebuilt image stay aligned