> For clean Markdown of any page, append .md to the page URL.
> For a complete documentation index, see https://docs.nvidia.com/nemoclaw/llms.txt.
> For AI client integration (Claude Code, Cursor, etc.), connect to the MCP server at https://docs.nvidia.com/nemoclaw/_mcp/server.

# Understand Runtime Changes

> Determine which NemoClaw sandbox changes apply at runtime and which require a rebuild or re-onboard.

Use this matrix to choose the operation that makes a sandbox change take effect.
NemoClaw applies its security posture in three layers: what onboarding writes into the sandbox image, what the running sandbox can hot-reload, and what requires a rebuild or re-onboard.

## OpenClaw Runtime Changes

| Item                                                     | When the change takes effect                                                                                                                       | How to change it                                                                                                                                             |
| -------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| Inference provider                                       | Runtime route and config update while shields are down; rebuild only if you need to recreate the image                                             | Run `nemoclaw <name> shields down`, then `nemoclaw inference set`, then restore shields                                                                      |
| Inference model on the current provider                  | Runtime route and config update while shields are down                                                                                             | Run `nemoclaw <name> shields down`, then `nemoclaw inference set`, then restore shields                                                                      |
| Sub-agent                                                | Re-onboard required because the sub-agent and workspace are baked at onboard                                                                       | `nemoclaw onboard --recreate-sandbox`                                                                                                                        |
| Network policy preset                                    | Runtime on the next request; rebuild only if the preset adds bind-mounted secrets                                                                  | `nemoclaw <name> policy-add <preset>` or `policy-remove <preset>`                                                                                            |
| Network allowlist                                        | Runtime on the next request                                                                                                                        | `openshell policy set` or the interactive approval prompt at the gateway                                                                                     |
| Channel tokens                                           | Rebuild required because the channel configuration and credential attachment are created during onboarding or rebuild                              | `nemoclaw <name> channels add <channel>`, then accept the rebuild prompt                                                                                     |
| Channel enable or disable                                | Rebuild required because `openclaw.json` is the runtime source of truth                                                                            | `nemoclaw <name> channels stop <channel>`, then rebuild                                                                                                      |
| Dashboard forward port                                   | Runtime; the port is re-resolved on the next `connect`                                                                                             | `NEMOCLAW_DASHBOARD_PORT=<port> nemoclaw <name> connect`                                                                                                     |
| Dashboard bind address                                   | Build and runtime; an existing local-only sandbox must be recreated with the remote-bind opt-in                                                    | `NEMOCLAW_DASHBOARD_BIND=0.0.0.0 nemoclaw onboard --recreate-sandbox`, then use the same variable with `connect`                                             |
| Gateway process environment or startup-only plugin state | Runtime after gateway restart                                                                                                                      | `nemoclaw <name> gateway restart`                                                                                                                            |
| Default workspace template seed                          | Locked at first sandbox boot; re-onboard required to change the bake-time choice                                                                   | Set `NEMOCLAW_MINIMAL_BOOTSTRAP=1` before `nemoclaw onboard` to skip default template seeding for new or pristine workspaces; existing files are not deleted |
| Web search provider                                      | Rebuild required because onboarding bakes the provider plugin configuration and credential attachment into the image                               | Set `NEMOCLAW_WEB_SEARCH_PROVIDER=brave`, `tavily`, or `none`, then rerun onboarding and recreate the sandbox                                                |
| Filesystem layout                                        | Locked at creation                                                                                                                                 | Re-onboard with `nemoclaw onboard --recreate-sandbox`                                                                                                        |
| Sandbox name                                             | Locked at creation                                                                                                                                 | Re-onboard with a different `--name`                                                                                                                         |
| GPU passthrough or device selector                       | Locked at creation                                                                                                                                 | Re-onboard with `--gpu` or `--sandbox-gpu-device`                                                                                                            |
| `agents.list`                                            | Runtime; OpenClaw hot-reloads on config change                                                                                                     | Prefer agent or NemoClaw commands that keep host and sandbox state aligned                                                                                   |
| `openclaw.json` keys                                     | Mixed; supported config and inference updates run while shields are down, while image, policy, web search, and channel changes can require rebuild | Use `nemoclaw inference set` or `nemoclaw <name> config set` so the config and integrity hash change together                                                |

For a new or pristine OpenClaw workspace, `NEMOCLAW_MINIMAL_BOOTSTRAP=1` avoids roughly 3,000 tokens of per-turn project-context overhead by skipping the default template seed.
It does not delete existing workspace files.

The runtime source of truth is `/sandbox/.openclaw/openclaw.json`.
The host registry caches metadata, but the image and OpenClaw read from the in-sandbox file.

OpenClaw config and inference changes are refused while shields are up.
Run `nemoclaw <name> shields down` before the change, then restore lockdown with `nemoclaw <name> shields up`.

Host-side OpenClaw config writes run under the per-sandbox transition lock and bind the replacement to the SHA-256 digest of the matching read.
The root-only config guard validates bounded JSON input, transactionally publishes fresh config and hash inodes, and restores the prior mutable posture without adopting concurrent path changes.

In the direct root-entrypoint topology, gateway restart performs a read-only config and hash preflight, temporarily seals fresh inodes while the root PID 1 supervisor replaces the gateway child, and then restores the prior shields posture.
In the OpenShell-managed topology, the installed root controller performs the config preflight while the nonroot `nemoclaw-start` supervisor replaces the gateway child.

Mutable config in the managed topology keeps the same trust and time-of-check/time-of-use limits as a managed cold start and does not receive the direct root-entrypoint restart seal.
If preflight detects an unsafe path, invalid config, invalid ownership posture, or locked hash drift, restart refuses while the old healthy gateway is still serving.

## Timed Shields Windows

NemoClaw serializes host-side config and inference writes, snapshot mutation, sandbox destruction, and shields transitions for each sandbox.
When `shields down --timeout` is active, each mutation binds to that exact timer generation so a replaced or expired timer cannot race a later command or a new sandbox that reuses the same name.

If the timeout expires while a mutation is still changing sandbox state, auto-restore can stop that exact process tree, reclaim the transition, and restore the restrictive policy and config posture.
The ownership check includes both the process ID and process start identity so PID reuse does not grant control over an unrelated process.

Retry a command that the auto-restore deadline interrupts after you open a new shields-down window.

## Related Topics

* [Understand Gateway Lifecycle Control](understand-gateway-lifecycle-control) for `recover` and `gateway restart` trust boundaries.
* [Recover and Rebuild Sandboxes](../operate-sandboxes/recover-and-rebuild-sandboxes) for the operational recovery workflow.
* [Switch Inference Providers](../../inference/manage-inference/switch-providers) for model and provider changes.
* [Customize Network Policy](../../network-policy/customize-network-policy) for runtime policy editing.
* [Security Best Practices](../../security/best-practices) for the broader security posture.
* [CLI Commands Reference](../../reference/commands) for command flags and environment variables.