Create and Restore Snapshots
NemoClaw snapshots preserve manifest-defined sandbox state before destructive or state-changing operations. They are the preferred backup and restore path.
When to Create a Snapshot
- Before running
nemoclaw <name> destroy. - Before major NemoClaw version upgrades.
- Periodically, if you have invested time customizing your agent.
Understand Snapshot Contents
Snapshots capture all workspace state directories defined in the agent manifest and store them in ~/.nemoclaw/rebuild-backups/<name>/.
Agent manifests can also declare durable top-level state files.
Treat snapshot directories as private local data.
Snapshots preserve sandbox registry metadata that affects rebuild behavior, including custom policy presets applied with policy-add --from-file or policy-add --from-dir.
When you restore a snapshot, NemoClaw replays those recorded custom presets with their stored YAML content, so you do not need the original preset files on disk.
The target sandbox’s current agent manifest remains authoritative for state-file restore behavior. NemoClaw rejects the restore when the snapshot’s agent, config directory, state-file path, or state-file strategy conflicts with that manifest.
For managed images, NemoClaw applies the current manifest’s managed config merge rules by default and does not fall back to whole-file replacement. For Deep Agents targets, whole-file config replacement is limited to sandboxes created from a custom Dockerfile.
Create and List Snapshots
snapshot list prints a table of version, name, timestamp, and path.
NemoClaw computes versions (v1, v2, through vN) from timestamp order, so vN is always the newest snapshot.
snapshot create requires shields to be down.
Snapshot creation and restore share the per-sandbox transition lock with the shields auto-restore timer.
If a timed shields-down window expires during snapshot work, auto-restore can interrupt the operation and restore lockdown instead of allowing state or policy changes to continue past the deadline. Retry the snapshot in a new shields-down window if the deadline interrupts it.
Tag a snapshot with a human-readable label:
Restore a Snapshot
Restore the latest snapshot:
Pass a version, name, or timestamp prefix to select a specific snapshot:
To clone a snapshot into a different sandbox name, pass --to <name>.
If the destination sandbox already exists, NemoClaw refuses to overwrite it unless you pass --force:
For dashboard-enabled agents, NemoClaw allocates the destination sandbox its own dashboard port instead of reusing the source port.
If no port is available, restore stops before deleting an existing --force destination.
The force-overwrite path restores and verifies lockdown on a destination with an active shields timer, then revokes that timer before it deletes the destination. It clears the remaining local shields state only after deletion succeeds, before a same-name replacement is created.
Restore Agent Configuration Safely
The nemoclaw <name> rebuild command uses the same snapshot mechanism automatically.
NemoClaw rejects unsafe symlinks and hard links inside sandbox state during backup creation before they can enter a snapshot.
Snapshot restore performs a targeted repair for legacy .openclaw-data symlinks that older images created.
Snapshots also preserve user-owned openclaw.json settings.
During rebuild or restore, NemoClaw merges those settings with the freshly generated runtime config so current provider placeholders, messaging enablement, and gateway state win over stale snapshot values. If the restored config cannot be parsed or applied safely, NemoClaw stops the restore instead of replacing the generated config with an unsafe fallback.
Back Up Every Registered Sandbox
Run nemoclaw backup-all before broad maintenance such as nemoclaw update, nemoclaw upgrade-sandboxes, or an OpenShell gateway migration.
backup-all walks the sandboxes registered on the host, creates a snapshot for each eligible running or temporarily started sandbox, and stores the snapshot bundles under ~/.nemoclaw/rebuild-backups/<name>/.
If a registered docker-driver sandbox’s container is stopped, backup-all starts the container for the duration of the backup and returns it to its stopped state afterward.
If the container cannot be returned to the stopped state, the backup run fails and reports that the container was left running.
If a sandbox is not running and its container cannot be started this way, start the sandbox or its container and rerun nemoclaw backup-all.
When a backup fails, NemoClaw identifies the affected state item and reports permission denied, tar read error, or absent after extraction when available.
Use nemoclaw <name> snapshot list and nemoclaw <name> snapshot restore to inspect or restore one sandbox’s bundles later.
Related Topics
- Understand Sandbox State for the files each agent persists.
- Transfer State Manually when you need specific files instead of a managed snapshot.
- Recover and Rebuild Sandboxes for automatic snapshot-backed rebuilds.
- Commands reference for snapshot and backup flags.