> For clean Markdown of any page, append .md to the page URL.
> For a complete documentation index, see https://docs.nvidia.com/nemoclaw/llms.txt.
> For full documentation content, see https://docs.nvidia.com/nemoclaw/llms-full.txt.
> For AI client integration (Claude Code, Cursor, etc.), connect to the MCP server at https://docs.nvidia.com/nemoclaw/_mcp/server.

# Runtime Controls and Sandbox Mutability

> Consolidated reference for what you can change on a running NemoClaw sandbox and what requires rebuild or re-onboard.

This page explains which parts of a running NemoClaw sandbox can change immediately and which changes require a rebuild or re-onboard.

## What You Can Change at Runtime

NemoClaw applies its security posture in three layers: what onboarding bakes into the sandbox image, what the running sandbox can hot-reload, and what requires a rebuild or re-onboard.
The table below maps each commonly changed item to the layer that owns it and the command that changes it.

| Item                                                                                      | When the change takes effect                                                                                                  | How to change it                                                                                                |
| ----------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------- |
| Inference provider (cloud, NVIDIA Endpoints, local Ollama / vLLM, compatible-endpoint, …) | Runtime route changes apply immediately; rebuild if you need to rebake model metadata into the image                          | `nemohermes inference set` for route changes, or `nemohermes <name> rebuild` after changing build-time settings |
| Inference model on the current provider                                                   | Hot-reloadable through the Hermes config sync path                                                                            | `nemohermes inference set`                                                                                      |
| Agent runtime (Hermes compared to OpenClaw)                                               | Re-onboard required (the agent and its state layout are baked at onboard)                                                     | `nemohermes onboard --recreate-sandbox` or `nemoclaw onboard --agent openclaw --recreate-sandbox`               |
| Network policy preset (slack, discord, telegram, brave, …)                                | Runtime. Applies on the next request; rebuild only required if the preset adds bind-mounted secrets                           | `nemohermes <name> policy-add <preset>` / `policy-remove <preset>`                                              |
| Network allow-list (custom hosts)                                                         | Runtime. Picks up at next request                                                                                             | `openshell policy set` or interactive approval prompt at the gateway                                            |
| Channel tokens (Slack / Discord / Telegram bot credentials)                               | Rebuild required (tokens are baked into the sandbox image at onboard so they never leave the host clear-text)                 | `nemohermes <name> channels add <channel>` then accept the rebuild prompt                                       |
| Channel enable/disable (turn a configured channel off without removing the token)         | Rebuild required (`/sandbox/.hermes/.env` and Hermes config are baked at image build time)                                    | `nemohermes <name> channels stop <channel>` then rebuild                                                        |
| API/dashboard forward port                                                                | Runtime. Port is re-resolved on next `connect`                                                                                | `nemohermes <name> connect` or `openshell forward start`                                                        |
| Filesystem layout (Landlock zones, read-only mounts, container caps)                      | **Locked at creation**. No runtime change                                                                                     | Re-onboard with `nemohermes onboard --recreate-sandbox`                                                         |
| Sandbox name                                                                              | **Locked at creation**                                                                                                        | Re-onboard with a different `--name`                                                                            |
| GPU passthrough enable / device selector                                                  | **Locked at creation**                                                                                                        | Re-onboard with `--gpu` / `--sandbox-gpu-device`                                                                |
| Hermes `config.yaml` keys                                                                 | Mixed. Inference keys can be patched by `nemohermes inference set`; image, policy, and channel changes still require rebuild. | Prefer NemoClaw host commands so the host registry and rebuilt image stay aligned                               |

If a row above conflicts with what you observe, the runtime source of truth for
Hermes is `/sandbox/.hermes/config.yaml` plus `/sandbox/.hermes/.env`; the host
registry caches metadata but the image and Hermes runtime read from the
in-sandbox files.

## See Also

The mutability table above is a consolidated index of information that lives in more detail on per-topic pages:

* [Manage Sandbox Lifecycle](lifecycle) for the full rebuild, re-onboard, and upgrade workflow.
* [Switch Inference Providers](../inference/switch-inference-providers) for the runtime route and rebuild paths for provider and model changes.
* [Customize Network Policy](../network-policy/customize-network-policy) and [Approve Network Requests](../network-policy/approve-network-requests) for runtime policy editing and operator approval flow.
* [Security Best Practices](../security/best-practices) for the per-attack-surface posture table that this page complements.
* [CLI Commands Reference](../reference/commands) for the full flag surface for every `nemohermes` and `nemoclaw` command, including the environment variables that affect runtime behavior.