NVIDIA NemoClaw is available in early preview starting March 16, 2026. Use these release notes to track changes across NemoClaw, NemoHermes, and NemoDeepAgents.

For release announcements and downloadable assets, refer to NemoClaw announcements on GitHub.

v0.0.87

NemoClaw v0.0.87 adds bounded DGX Station factory-image qualification paths, fixes Station post-reboot resume, makes managed Deep Agents Code startup restart-safe, and improves rebuild recovery, managed vLLM storage checks, sandbox backups, and strict-provider compatibility.

  • DGX Station Express recognizes the exact April 2026 NVIDIA Colossus BaseOS and June 2026 NVIDIA AI Developer Tools GB300 factory profiles for qualification. The installer preserves each factory kernel, driver, Docker, and NVIDIA Container Toolkit stack, applies only the bounded access or runtime preparation required by that exact profile, and rejects identity, package, service, GPU, or runtime drift. DGX Station remains Deferred while physical qualification continues. For more information, refer to Prepare DGX Station to Install NemoClaw and Platform Support and Launch Claims.
  • Station Express onboarding now accepts both the current six-field installer resume receipt and the legacy three-field format after host preparation requires a reboot. The current format validates the agent, sandbox name, and policy tier in addition to the pinned revision, model, and receipt generation, while malformed, unsupported, or extended receipts remain fail-closed for troubleshooting. For more information, refer to Prepare DGX Station to Install NemoClaw.
  • Managed Deep Agents Code onboarding now persists the nemoclaw-dcode-entrypoint startup command when the OpenShell Docker driver recreates a sandbox. The recreated container also receives the required nproc=512:512 and nofile=65536:65536 limits, so the managed runtime remains available after a gateway restart without weakening its process and file-descriptor boundaries. For more information, refer to Security Best Practices.
  • Rebuild recovery verifies that a restored Hermes sandbox returns to healthy gateway and managed MCP state before reporting success. OpenClaw rebuilds also clear stale managed-provider session pins after an inference switch, allowing restored sessions to use the current configured model while preserving intentional pins to other providers. For more information, refer to Recover and Rebuild Sandboxes and Switch Inference Providers.
  • Managed vLLM storage preflight estimates cold image and model downloads from pinned image metadata and model payload sizes. It checks Docker storage and the Hugging Face cache separately when they use different filesystems, rechecks capacity after a cold image pull, warns and continues during express or other non-interactive setup, and requires confirmation during interactive setup. For more information, refer to Set Up vLLM.
  • Sandbox backup creation now streams archive data and validates entries incrementally instead of buffering the complete archive in host memory. Large backups therefore retain the existing traversal checks and partial-state behavior without requiring memory proportional to the archive size. For more information, refer to Create and Restore Snapshots.
  • Hermes registers NemoClaw tools with the single function-schema envelope required by strict OpenAI-compatible providers. Google Gemini no longer rejects the managed Hermes tool list because of a nested schema, and audio transcription retains its declared parameters. For more information, refer to Use Google Gemini.
  • Replacement-image rebuild failures preserve bounded, redacted Docker diagnostics when process output arrives as buffered data, making host-specific build failures actionable without exposing credentials or private host paths. For more information, refer to Recover and Rebuild Sandboxes.

v0.0.86

NemoClaw v0.0.86 enables the Station express recipe on qualified stock DGX OS GB300 systems, makes interrupted Station setup resumable, and fixes model validation, managed vLLM cache checks, sandbox builds, and upgrade guidance.

  • DGX Station GB300 express setup now accepts stock DGX OS 7.2.0, 7.4.0, and 7.5.0 when strict Station, GB300, release-marker, driver, ECC, Docker, CDI, and GPU-container checks pass. Direct-GPU sandboxes receive only the exact read-only GPU, CPU, memory, NUMA, and NVIDIA module-initialization sysfs paths required for CUDA instead of broad /sys access. A clean physical DGX OS 7.5.0 validation completed with local Nemotron Ultra inference, sandbox CUDA, and Hermes file-tool use; DGX Station support remains Deferred pending broader qualification. For more information, refer to Prerequisites, the NemoClaw Quickstart, and Platform Support and Launch Claims.
  • Interrupted Station Express setup now persists its validated, secret-free provider, model, sandbox, and interaction choices. nemoclaw onboard --resume restores those choices and retries the failed managed-vLLM step, while successful onboarding and --fresh retire stale Express intent and installer reboot receipts. For more information, refer to the NemoClaw CLI Commands Reference and Set Up vLLM.
  • Managed vLLM cache preflight now checks only the Hugging Face cache paths used by the selected model. Root-owned artifacts from an unrelated model no longer block a model switch, and repair guidance identifies the exact unwritable path. For more information, refer to Set Up vLLM.
  • Manual Google Gemini model IDs are validated against Google’s native model catalog before the existing OpenAI-compatible chat-completions probe. Catalog results with or without the models/ prefix are normalized, non-chat models are filtered out, and API credentials remain outside process arguments. For more information, refer to Use Google Gemini.
  • Sandbox image staging normalizes script and directory permissions before Docker consumes the build context. Fresh installs created under a restrictive umask no longer carry root-only modes into later non-root image-build stages.
  • Legacy sandbox recreation now warns before the destructive step that managed recovery restores .openclaw state only and does not preserve files elsewhere under /sandbox. Back up paths such as /sandbox/user-data separately before upgrading. For more information, refer to Recover and Rebuild Sandboxes.
  • The starter prompt now loads focused DGX Spark, DGX Station, or Windows WSL Express instructions only after platform detection, keeping unrelated platform guidance out of general onboarding while preserving each platform’s safeguards. The E2E workflow planner also owns typed selector, inference-mode, schema, and Hermes-selection validation before emitting the execution plan.

v0.0.85

NemoClaw v0.0.85 upgrades the supported OpenShell release, prepares qualified DGX Station hosts for express setup, strengthens inference identity and route changes, and improves recovery across onboarding, MCP, rebuild, and managed gateway operations.

  • NemoClaw now uses OpenShell v0.0.85 and pins its consumed release archives, manifests, binaries, and supervisor image to reviewed immutable identities. The integration preserves multiline command arguments byte-for-byte, rejects supervisor TLS credentials that reach child processes, validates release archives before extraction, and reports unavailable credential rewriting with specific recovery guidance. For more information, refer to Platform Support and Launch Claims, NemoClaw CLI Commands Reference, and Security Best Practices.
  • Authenticated MCP setup now rejects OpenShell’s reserved revisioned credential names before provider mutation and keeps child-visible compatibility checks aligned with OpenShell v0.0.85. MCP bridge validation also preserves fail-closed address pinning and reports credential-rewrite failures separately from generic transport errors. For more information, refer to About Managed MCP Servers, Add an MCP Server, and Troubleshoot MCP Servers.
  • DGX Station GB300 express setup can prepare a qualified generic Ubuntu 24.04 ARM64 host with reviewed NVIDIA driver, Docker, Buildx, and NVIDIA Container Toolkit versions. Preparation reuses exact matches, stops on unsupported version drift, validates CDI and GPU container access, restores Docker configuration after a failed runtime change, and resumes the accepted recipe after a required reboot. DGX Station remains Deferred pending physical end-to-end validation, and the --station-deepseek express flag now requires an interactive terminal instead of silently continuing headlessly. For more information, refer to Prerequisites, NemoClaw Quickstart, and Set Up vLLM.
  • Managed and existing vLLM routes now distinguish a safe served-model alias from a model mismatch by requiring /v1/models to report the exact registered model as its root. Managed Nemotron 3 Nano uses its reasoning parser, the Nemotron Ultra Build route removes an unsupported top-level thinking field, and inference switching verifies sandbox access before changing the live route. For more information, refer to Set Up vLLM, Understand Provider Validation, and Switch Models.
  • Onboarding routes custom endpoint DNS failures through the transport recovery flow, with retry, back, and exit choices instead of returning silently to provider selection. Installer upgrades also recover a user-local OpenShell installation, while interactive and non-interactive DGX Station notice handling remains explicit. For more information, refer to NemoClaw Quickstart, Meet Custom Endpoint Security Requirements, and Troubleshooting.
  • Rebuild now treats a backup as unsuccessful when every state directory fails, even if it captured loose files, and stops before deleting the original sandbox unless you explicitly accept the --force recovery path. Managed gateway discovery ignores only descriptor-pinned, single-thread zombies while failing closed on ambiguous empty command lines, and Hermes shields transitions attest the private mutable runtime topology before acting. For more information, refer to Recover and Rebuild Sandboxes and Trusted Computing Base.

v0.0.84

NemoClaw v0.0.84 adds DGX Station Nemotron Ultra express setup, trusted private inference endpoints, model-aware readiness checks, per-gateway host state, and safer recovery for snapshots, onboarding, configuration, messaging, and Hermes runtime changes.

  • DGX Station now offers a one-confirmation express path that selects the pinned NVIDIA Nemotron 3 Ultra 550B managed-vLLM recipe, while --station-deepseek selects the existing DeepSeek V4 Flash recipe. Verified low Docker or model-cache capacity is advisory during express and other non-interactive setup while the storage checks mature, interactive setup still requires explicit confirmation, and an inconclusive model-cache check still stops non-interactive setup. For more information, refer to Set Up vLLM and the NemoClaw Quickstart.
  • Custom endpoint onboarding can admit an exact trusted private hostname or IP literal from NEMOCLAW_TRUSTED_PRIVATE_INFERENCE_HOSTS when it resolves only to RFC1918, CGNAT, or IPv6 ULA destinations. DNS resolution, connection-address pinning, exact-match semantics, and fail-closed blocking for metadata, link-local, multicast, translation, documentation, and other reserved ranges remain enforced. For more information, refer to Meet Custom Endpoint Security Requirements and Set Up an OpenAI-Compatible Endpoint.
  • Ollama onboarding prefers NEMOCLAW_MODEL, accepts NEMOCLAW_PROVIDER_MODEL as a compatibility fallback, and uses a requested model as the interactive default when it appears in the rendered model list. Hermes setup now carries its 64000-token Ollama context floor through daemon configuration, model validation, and generated config, while OpenClaw keeps its existing 16384-token floor. For more information, refer to Use Ollama and Configure Model Limits.
  • Sandbox status and doctor checks compare the configured Ollama or vLLM model with the provider inventory without issuing a completion or consuming tokens. Onboarding finalization also treats an unreachable or HTTP 5xx inference route as not ready, preserves the session at retryable final verification, and lets onboard --resume complete after you repair the same route. For more information, refer to View Sandbox Status and Verify the Sandbox Inference Route.
  • OpenClaw resume checkpoints completed sandbox name, web search, messaging, and resource choices, then reuses validated OpenShell credential registrations when their live bindings still match. Installer failures and rebuild retry output now print complete fresh-install and resume commands that retain the selected agent and sandbox name. For more information, refer to the NemoClaw CLI Commands Reference, Troubleshooting, and Credential Storage.
  • A non-default NEMOCLAW_GATEWAY_PORT now owns a separate ~/.nemoclaw/gateways/<port>/ host state root for its registry, onboarding state, snapshots, migration files, and local inference adapter state. The default port keeps ~/.nemoclaw/, and uninstall preserves other port-scoped environments. For more information, refer to Architecture Details and Uninstall NemoClaw.
  • OpenClaw snapshots no longer capture machine-local device identity or pairing-token directories, and restore ignores those directories even in older snapshots. OpenClaw regenerates device identity as needed and NemoClaw pairs clients again on connect instead of replacing live pairing state with sanitized snapshot data. For more information, refer to Create and Restore Snapshots.
  • nemoclaw <name> channels status --channel telegram now combines non-secret config comparison with a live OpenClaw log-based health probe and reports healthy, idle, unreachable, token_rejected, or not_started. An unhealthy Telegram channel exits non-zero, and the default summary says when runtime health was not checked instead of presenting an all-green result. For more information, refer to the NemoClaw CLI Commands Reference.
  • nemohermes inference set re-seeds the isolated Hermes dashboard config after an in-place route change and withholds the synced success message when the dashboard does not converge. Hermes MCP reload also recognizes when the gateway already committed the intended config and integrity state during a concurrent apply-state update, so it returns success instead of starting a destructive rollback. For more information, refer to Switch Models and Manage MCP Servers.
  • Host-side OpenClaw config set validates the complete candidate with the installed OpenClaw runtime before replacing live config. Schema failures, validator failures, timeouts, size-limit failures, and concurrent changes leave the existing config in place and do not reach the destructive gateway restart path. For more information, refer to Understand Runtime Changes.
  • shields up and shields down can quarantine and recover a transition-lock record only when its recorded process is definitively dead or its process ID was reused. Live, malformed, ambiguous, identity-unavailable, or concurrently replaced lock owners still fail closed with manual recovery guidance. For more information, refer to Trusted Computing Base.

v0.0.83

NemoClaw v0.0.83 makes shared inference route changes explicit and safe, restores DGX Station GB300 express setup, warns on risky local vLLM configurations, and fixes several onboarding and platform edge cases.

  • Shared inference route changes are now explicit and fail-safe. When multiple sandboxes share a gateway, onboarding warns immediately before re-pointing the live route and fails closed before replacing a provider-global identity used by another sandbox. Status output shows each sandbox’s recorded route, the live route, and whether connect can safely restore a drifted route. For more information, refer to Use Shared Gateway Routes and View Active Inference Route.
  • DGX Station GB300 systems enter the express-install path, and managed vLLM storage preflight treats verified shortages as advisory during express and other non-interactive setup while the checks mature. Interactive setup still requires explicit confirmation, and non-interactive setup still stops when model-cache capacity is inconclusive. For more information, refer to Set Up vLLM and NemoClaw CLI Commands Reference.
  • Onboarding warns when a bring-your-own vLLM server on DGX Spark appears to serve a large unquantized model that may exhaust GPU memory under agent tool-call load. The warning is suppressed for the managed Spark vLLM recipe. For more information, refer to Set Up vLLM and Troubleshooting.
  • Re-onboarding with the reuse path preserves tier-default policy presets such as brave and tavily when the policy tier and web-search choice are unchanged.
  • Unreachable custom endpoints during onboarding now route through the transport-recovery path with DNS/VPN guidance and a retry/back/exit prompt instead of silently looping back to provider selection.
  • Rebuild preflight uses the model-aware token field for GPT-5 and o-series models, preventing spurious HTTP 400 failures before rebuild processing begins.
  • Corporate CA trust anchors are available throughout the sandbox image build, so npm audit signatures succeeds behind TLS-intercepting corporate proxies without manual workarounds. For more information, refer to Configure Corporate CA Trust.
  • SSH ControlMaster-delegated forwards are recognized by the untracked-forward fallback, preventing a healthy sandbox from being deleted after a forward-detection timeout.
  • Hermes light terminal skin writes correctly on macOS via stdin streaming.

v0.0.82

NemoClaw v0.0.82 adds non-destructive sandbox stop and start commands, protects managed vLLM downloads with storage checks, strengthens custom policy and dependency validation, and improves onboarding, backup, snapshot, and contributor guidance.

  • Sandbox lifecycle controls can now free host resources without deleting a workspace. nemoclaw <name> stop stops managed channels and the sandbox’s Docker containers while leaving the workspace, registry entry, OpenShell record, credentials, shared gateway, and inference services intact. nemoclaw <name> start starts or unpauses the container, then checks runtime health and repairs the gateway and host forwards where applicable. For more information, refer to Run Sandboxes and NemoClaw CLI Commands Reference.
  • Backup and snapshot recovery handle stopped and cloned sandboxes more safely. backup-all can temporarily start an eligible stopped Docker sandbox, capture its backup, and return it to the stopped state, while strict mode still fails when identity, startup, backup, or cleanup cannot be proven. Snapshot clones receive a destination-owned dashboard port so their dashboard URL and later rebuilds do not conflict with the source sandbox. Installer upgrades also ignore route-only placeholders left by interrupted onboarding instead of treating them as backupable sandboxes. For more information, refer to Create and Restore Snapshots and Run Sandboxes.
  • Managed vLLM setup checks storage before large downloads begin. NemoClaw verifies Docker image storage and the Hugging Face model cache before an uncached image pull or model download, rechecks model capacity after the image pull, and treats low verified capacity as an advisory warning in express and other non-interactive setup paths. Interactive setup still stops unless the operator explicitly accepts the warning. Managed profiles use immutable platform digests, and the model download and serving containers use --pull=never so an implicit pull cannot bypass the storage gate. For more information, refer to Set Up vLLM and Choose an Inference Provider.
  • Onboarding reports local inference and gateway conflicts more accurately. An identifiable foreign listener on the OpenShell gateway port now fails fast with process details and recovery guidance, interactive setup continues to detect running Ollama and vLLM services when another registry route exists, and an installed but stopped Ollama daemon appears as a start action instead of a running status. Loopback readiness checks bypass host proxies, compatible endpoint validation recommends an OpenAI-compatible endpoint or switching to OpenClaw when a Chat-Completions-only agent selects an Anthropic-compatible endpoint that does not serve /v1/chat/completions, and an eligible matching successful check can satisfy the immediately following smoke probe without a duplicate request. For more information, refer to Troubleshooting, Choose a Local Inference Server, and Understand Provider Validation.
  • Interrupted onboarding preserves more of the selected route and sandbox intent. Resume repairs a missing pending route reservation when inference setup is already complete, and sandbox creation resolves its secret-free policy, messaging, provider, resource, and cleanup intent before destructive state changes begin. These protections keep resumed setup and stale-provider cleanup aligned with the choices made before the interruption. For more information, refer to NemoClaw Quickstart and NemoClaw CLI Commands Reference.
  • Managed Deep Agents headless sessions now use the bounded session supervisor, so completed sessions reap their DCode and LangGraph descendants without affecting other sessions or leaving the sandbox unusable. For more information, refer to Quickstart with LangChain Deep Agents Code.
  • Custom policy application rejects catch-all destinations before widening sandbox egress. Runtime custom presets now reject *, 0.0.0.0, 0.0.0.0/0, ::, and ::/0 while continuing to allow scoped subdomain wildcards such as *.example.com. The same semantic check protects repository validation, policy-add --from-file, and in-memory custom preset application. For more information, refer to Customize the Network Policy.
  • NemoClaw now requires Node.js 22.19 or later for host installs and contributor tooling, matching current OpenClaw runtime and advisor SDK requirements. Ubuntu 26.04 has a digest-pinned userspace contract lane for CLI, preflight, installer, and platform checks, while Docker-host, AppArmor, Landlock, and live onboarding validation remain pending. For more information, refer to Prerequisites and Platform Support and Launch Claims.
  • Contributor guidance now routes independent integrations, custom images, recipes, and complete workflows through Community Solutions while reserving canonical NemoClaw documentation for approved, maintained product surfaces. The contributor skill catalog also adds evidence-driven workflows for semantic dependency upgrades and route-safe documentation refactors. For more information, refer to Community Solutions and the Documentation Contributor Guide.
  • Build and dependency trust boundaries cover more of the sandbox image path. Reviewed npm archives now share one production dependency audit, OpenClaw’s managed WeChat runtime installs from a NemoClaw-owned offline lock, and the messaging build plan no longer persists in final OpenClaw or Hermes image environments. Source and blueprint rebuilds also reuse cached plugin dependency layers. For more information, refer to the OpenClaw 2026.6.10 Dependency Review.

v0.0.81

NemoClaw v0.0.81 strengthens rebuild and snapshot state preservation, repairs local compatible inference and WhatsApp setup, improves Docker restart recovery, and makes onboarding, backup, and security diagnostics easier to act on.

  • Rebuild and restore preserve more user-owned state without letting old backups replace current managed configuration. Agent manifests can declare key-level restore ownership, managed Deep Agents restores keep only allowlisted UI and thread preferences, and Hermes rebuilds retain the Web Dashboard profile under /sandbox/.hermes/dashboard-home/, including its MEMORY.md and USER.md files. Deep Agents snapshot creation also falls back to /proc when ps is unavailable while continuing to fail closed when it cannot prove the runtime is idle. For more information, refer to Create and Restore Snapshots and Understand Sandbox State.
  • Compatible inference setup handles more endpoint and model contracts automatically. Eligible loopback endpoints on ports 8000, 11434, and 11435 are validated on the host and registered through host.openshell.internal, GPT-5 and the o1, o3, and o4 model families use max_completion_tokens, and related provider validation probes can reuse bounded HTTPS connections with established fallbacks. Direct blueprint apply now aborts without persisting an incomplete plan or reporting false completion when provider creation or inference configuration fails. For more information, refer to Set Up an OpenAI-Compatible Endpoint and Choose a Compatible Inference API.
  • Sandbox lifecycle recovery covers more host restart and teardown cases. On supported local Docker deployments, recover can transactionally replace a legacy keepalive container whose managed supervisor disappeared after a restart, and it commits only after health and settle checks pass. Hermes persists its managed startup command across direct Docker restarts, while unattended destruction of the final sandbox releases the shared gateway by default on macOS. For more information, refer to Recover and Rebuild Sandboxes, NemoClaw CLI Commands Reference, and Troubleshooting.
  • Managed Deep Agents sessions skip optional first-run setup and clean up their own process trees on disconnect. The image includes ripgrep, pre-completes optional upstream onboarding, suppresses the optional Tavily warning unless web search is configured or used, and refuses a managed fetch CA bundle with unsafe ownership, permissions, links, or content. For more information, refer to Quickstart with LangChain Deep Agents Code and Security Best Practices.
  • WhatsApp pairing now uses the OpenClaw loopback gateway so a successful QR login can start the channel without moving a gateway token or requiring operator.admin. Externally installed channel plugins now retain verified npm provenance, which enables the trusted persistent-state features expected by current OpenClaw releases. For more information, refer to Set Up WhatsApp.
  • Backup and onboarding failures provide more specific recovery evidence. backup-all tells you to start a stopped sandbox or container and rerun the backup or installer, and backup failures identify these causes when available: permission denied, tar read error, or absent after extraction. A created-but-not-ready sandbox prints a lifecycle receipt with its readiness gate, timeout, and cleanup result, onboarding progress waits while an interactive prompt owns the terminal, and resumed onboarding does not advance durable state from stale replay results. For more information, refer to Create and Restore Snapshots, NemoClaw Quickstart, NemoClaw CLI Commands Reference, and Troubleshooting.
  • Security and policy diagnostics preserve more context without hiding risk. OpenClaw security audits keep NemoClaw-managed dashboard compatibility findings visible with their severity, remediation, and recorded reason, while token-shaped URL query values are redacted even when their parameter names look benign. The custom Streamable HTTP MCP policy recipe also scopes DELETE to the exact MCP endpoint used for session termination. For more information, refer to Security Best Practices and Customize the Network Policy.

v0.0.80

NemoClaw v0.0.80 upgrades Hermes to the v0.18 line with richer Slack rendering, routes OpenRouter runtime traffic through a host-local attribution adapter, imports host corporate proxy CAs into sandbox trust, hardens sandbox base-image selection and route probing, and preserves intent across more interrupted onboarding and recovery flows.

  • Hermes upgrades to the v0.18 release line and enables Slack Block Kit rendering. Final Hermes Slack responses can use Block Kit, including native table blocks for Markdown tables, without new scopes or reinstalling the Slack app, and NemoClaw pins the resulting multi-architecture sandbox base image by immutable digest. For more information, refer to Set Up Slack.
  • OpenRouter runtime traffic now flows through a host-local NemoClaw adapter that injects the OpenRouter attribution headers HTTP-Referer and X-OpenRouter-Title. The adapter binds to the OpenShell-held OPENROUTER_API_KEY by SHA-256 hash, never stores the key, and listens on port 11437 by default; set NEMOCLAW_OPENROUTER_RUNTIME_ADAPTER_PORT to use a different host port. OpenRouter-backed LangChain Deep Agents Code sandboxes now use Deep Agents’ native openrouter provider instead of OpenAI request shaping. For more information, refer to Use OpenRouter, NemoClaw CLI Commands Reference, and Platform Support and Launch Claims.
  • NemoClaw can import a host corporate proxy root CA into the sandbox trust bundle so external channel endpoints such as api.telegram.org verify TLS behind a corporate MITM proxy. Set NEMOCLAW_CORPORATE_CA_BUNDLE before onboarding, or rely on detection of the conventional CA variables and host administrator anchor directories. NemoClaw appends the validated CA and never replaces the OpenShell root, and you can opt out with NEMOCLAW_CORPORATE_CA_IMPORT=0. For more information, refer to Configure Corporate CA Trust.
  • Sandbox base-image resolution now prefers release-matched image tags before mutable :latest for release installs and stale source checkouts, validates explicit base-image overrides exactly, and fails closed when a requested image cannot be pulled or fails compatibility checks. Failed cluster-image builds now surface captured, redacted Docker diagnostics instead of an opaque exit code, and the LangChain Deep Agents Code image build preserves the native OpenRouter Nemotron profile registration. For more information, refer to NemoClaw CLI Commands Reference and Troubleshooting.
  • Bare nemoclaw connect with no sandbox name now connects to the registry default and falls back to the first non-pending registration, with clear guidance when only pending or no registrations remain. Sandbox route probing rejects untrusted probe results and reports actionable rebuild guidance when the trusted Deep Agents route-probe helper is missing. For more information, refer to NemoClaw CLI Commands Reference and Troubleshooting.
  • Onboarding and recovery preserve intent across more interrupted flows. Live inference recovery is scoped to the sandbox, pending route reservations survive a not-ready recreate, re-onboarding probes registered extra providers exactly, and compatible provider recovery is preserved through the rebuild handoff. Docker health checks no longer trust a stale gateway PID after the start supervisor exits, the installer’s pre-upgrade backup abort message now names skipped sandboxes as well as failures, and the running Local vLLM provider entry drops the experimental label on DGX Spark and DGX Station. For more information, refer to NemoClaw Quickstart with OpenClaw, NemoClaw CLI Commands Reference, Choose a Local Inference Server, and Architecture Details.
  • Terminal and MCP startup behavior is more robust. Hermes sandbox connections automatically apply a light-compatible terminal skin when the host terminal reports a light background, unless you set a Hermes theme override, and MCP stdio servers launched through npx now start non-interactively so a first-use install prompt no longer blocks the MCP initialize handshake. For more information, refer to About Managed MCP Servers and NemoClaw Quickstart with Hermes.

v0.0.79

NemoClaw v0.0.79 expands hosted and local inference options, improves operator diagnostics and shell integration, and hardens sandbox recovery, Deep Agents runtime limits, policy boundaries, and release validation. The release also refreshes quickstarts and variant rendering so OpenClaw, Hermes, and LangChain Deep Agents Code readers see only the agent-specific setup paths that apply to them.

v0.0.78

NemoClaw v0.0.78 adds opt-in thread-scoped auto-approval and policy-routed repository reads for managed LangChain Deep Agents Code, authoritative agent-visible inference health, round-trippable policy export, and stronger recovery for local inference, custom images, managed MCP, remote dashboards, and credential capture.

  • Managed LangChain Deep Agents Code sandboxes keep auto-approval disabled by default and can enable the thread-opt-in capability through a named transactional rebuild. Each thread must still opt in through the TUI or dcode -y, and approval state resets across process, thread, and agent transitions without bypassing OpenShell controls. Managed Nemotron 3 Ultra aliases now load through a version-pinned first-party profile plugin, preserve required nonempty tool-call content, and reject the observed literal [content] execute placeholder before shell dispatch. For more information, refer to Quickstart with LangChain Deep Agents Code, Security Best Practices, Audit Model Capabilities, and NemoClaw CLI Commands Reference.
  • Managed LangChain Deep Agents Code fetch_url requests now use NemoClaw’s policy proxy, allowing GitHub file links and repository source to resolve inside the sandbox while keeping initial and redirected destinations inside the managed egress boundary. The baseline GitHub policy permits only GET and HEAD requests to raw.githubusercontent.com from the listed managed binaries. For more information, refer to Network Policies.
  • status, doctor, and connect now treat the agent-visible https://inference.local/v1/models route as authoritative and return nonzero or fail closed when trusted evidence is unavailable. Deep Agents probes reject login-shell preambles and multiline contamination while preserving configured observability through a side-effect-free managed execution path. For more information, refer to NemoClaw CLI Commands Reference, Monitor Sandbox Activity, and Troubleshooting.
  • Compatible-endpoint onboarding now probes max_model_len and carries it into Hermes context_length unless NEMOCLAW_CONTEXT_WINDOW is set. Inference switches also synchronize explicit OpenClaw main-agent model state, and NVIDIA Endpoints no longer advertises Kimi K2.6 while its production Chat Completions route is unavailable. For more information, refer to Switch Inference Providers, Choose an Inference Provider, and Audit Model Capabilities.
  • Local inference setup waits for newly pulled Ollama models to appear, warms an unloaded model before OpenClaw agent passthrough after daemon restarts, and allows a 15-minute quiet Docker pull window for large managed vLLM images. For more information, refer to Choose a Local Inference Server and Troubleshooting.
  • New nemoclaw <name> policy-get output provides validated base-policy YAML suitable for review, editing, and reapplication, while --raw preserves the metadata-bearing response for diagnostics. The plugin registration banner now uses stderr, and agents apply tolerates warning-prefixed and wrapped JSON so command stdout remains usable by automation. For more information, refer to Customize the Network Policy, Common Integration Policy Examples, and NemoClaw CLI Commands Reference.
  • Rebuild now prints redacted managed MCP destroy diagnostics before backup or deletion, recovers prepared-only transactions through mcp remove --force, and lets an explicit rebuild --force continue without a backup when a crashed sandbox cannot be reached. The no-backup path warns that prior sandbox state is not preserved, and gateway recovery reports its bounded retry budget. For more information, refer to About Managed MCP Servers, NemoClaw CLI Commands Reference, and Recover and Rebuild Sandboxes.
  • Custom OpenClaw image handling now detects base-only images that lack the managed runtime and reconciles image-owned plugin provenance across recreate and rebuild while preserving user-owned plugin, channel, tool, and workspace state. Workspace template seeding also survives the startup function serialization path. A new reference defines lifecycle contributions, managed agent packages, agent-native plugins, and the gates required before any future public NemoClaw plugin SDK. For more information, refer to Install OpenClaw Plugins, Recover and Rebuild Sandboxes, and Extension Taxonomy and SDK Readiness.
  • Remote dashboard and shutdown flows now provide copyable SSH port-forward hints, recognize a live untracked loopback forward before rolling back onboarding, align the Hermes WebUI with the resolved host dashboard port, and make the deprecated full stop attempt agent-owned host-forward cleanup before safely releasing an unshared, ownership-verified OpenShell gateway port. Supervisor-owned Hermes runtime processes remain under sandbox control, and OpenClaw Slack and compact-QR WhatsApp runtime hooks compose safely when both are enabled. For more information, refer to Deploy to a Remote GPU Host, NemoClaw Quickstart with Hermes, Choose Messaging Channels, and NemoClaw CLI Commands Reference.
  • Starter prompts now bind the local credential form to an authenticated one-shot helper with immutable commit and SHA-256 pins, explicit isolated or account-home execution profiles, denial of ambient process-control variables, and a preview, edit, and confirm flow. This keeps credential collection behind verified helper and approved-command boundaries. For more information, refer to NemoClaw Quickstart with OpenClaw and Use NemoClaw Docs with Your Coding Agents.

v0.0.77

NemoClaw v0.0.77 hardens LangChain Deep Agents Code packaging, tracing, and guided setup. The release publishes and validates the current Deep Agents sandbox base image, reduces telemetry credential exposure, reports the upstream provider selected during onboarding, and reuses a reviewed local credential form in starter prompts.

  • LangChain Deep Agents Code base-image handling now rejects stale published, cached, or overridden base images when the installed Deep Agents Code version does not match the managed manifest and dependency lock. This prevents an obsolete base from reaching final-image construction silently. For more information, refer to Quickstart with LangChain Deep Agents Code and Architecture Details.
  • The managed Deep Agents runtime disables LangGraph CLI analytics and reports the upstream provider selected during NemoClaw onboarding in the TUI status bar, launch banner, and model-identity prompt. The runtime still uses the OpenAI-compatible adapter internally for inference routing. For more information, refer to Quickstart with LangChain Deep Agents Code and Choose an Inference Provider.
  • Managed Deep Agents observability now applies a bounded, best-effort scrub pass to recognized credential-shaped values before OTLP trace export. Treat exported traces as sensitive application data and keep collector-side filtering or redaction controls in place for unrecognized sensitive content. For more information, refer to Quickstart with LangChain Deep Agents Code, Credential Storage, and Security Best Practices.
  • Starter prompts now reuse a checked-in local credential form with loopback-only submission, a restrictive content security policy, redacted confirmation output, and no external resources. This gives coding agents one reviewed credential-capture path instead of asking them to generate credential forms or collect secrets in chat. For more information, refer to NemoClaw Quickstart with OpenClaw and Use NemoClaw Docs with Your Coding Agents.

v0.0.76

NemoClaw v0.0.76 adds opt-in OTLP observability and a dedicated documentation guide for LangChain Deep Agents Code, makes Nemotron 3 Ultra the managed NVIDIA Endpoints default for Deep Agents Code, contains shared-gateway inference-route conflicts, and improves upgrade recovery, MCP diagnostics, local inference, messaging, and day-two commands.

  • LangChain Deep Agents Code now defaults to nvidia/nemotron-3-ultra-550b-a55b for NVIDIA Endpoints and uses the native Nemotron 3 Ultra profile from hash-locked Deep Agents Code 0.1.34. Managed interactive sessions preserve the optional first-run name prompt while skipping dependency and model selection, and existing sandboxes should be rebuilt after upgrading. The docs site now publishes a dedicated Deep Agents guide. For more information, refer to Quickstart with LangChain Deep Agents Code and Choose an Inference Provider.
  • Deep Agents sandboxes can opt into backend-neutral OTLP/HTTP tracing during onboarding or rebuild with --observability. The managed exporter sends bounded model and tool content only to a fixed host-local receiver, while an operator-managed collector holds remote backend credentials and controls forwarding. Treat exported trace content as sensitive application data. For more information, refer to Quickstart with LangChain Deep Agents Code, Credential Storage, and Network Policies.
  • Shared OpenShell gateways now reject inference-route changes that conflict with another registered sandbox, including stopped sandboxes. Compatibility checks cover provider, model, normalized custom endpoint, API family, legacy metadata, and gateway binding before onboarding, inference set, or connect-time repair changes state. inference set also accepts onboarding provider aliases and gives actionable model-only and Deep Agents re-onboarding guidance, while OpenClaw onboarding validates Anthropic-compatible streaming event sequences by default. For more information, refer to Switch Inference Providers, Choose an Inference Provider, and Troubleshooting.
  • Installer upgrades require a fresh backup of every registered sandbox before replacing the gateway. Pre-fingerprint OpenClaw and Hermes sandboxes can recover only after exact-name managed-image confirmation, recorded custom-image cases remain blocked, and successful recovery restores the recorded provider and route without starting generic onboarding. For more information, refer to Recover and Rebuild Sandboxes, NemoClaw CLI Commands Reference, and Credential Storage.
  • Startup and onboarding recover more bounded local drift. OpenClaw can bootstrap the same-device CLI pairing request when device listing is itself pairing-gated, startup safely reclaims an exact root-owned mutable-config posture while rejecting ambiguous states, and interrupted resumable onboarding points to onboard --resume. For more information, refer to Security Best Practices, Troubleshooting, and NemoClaw CLI Commands Reference.
  • Managed MCP diagnostics can now verify OpenShell credential replacement at the wire boundary. mcp add and single-server mcp status run a gated differential probe and report verified or inconclusive credential resolution without capturing endpoint response bodies; --probe and --no-probe control the check. For more information, refer to About Managed MCP Servers and NemoClaw CLI Commands Reference.
  • Managed local inference enables automatic tool choice with the qwen3_coder parser for the generic-Linux Nemotron 3 Nano vLLM default. Linux arm64 DGX Spark and DGX Station onboarding warns that some NIM images may lack an arm64 manifest, and troubleshooting now distinguishes direct sandbox DNS limitations from policy-covered inference, messaging, and search health. For more information, refer to Choose a Local Inference Server, Choose an Inference Provider, and Troubleshooting.
  • Messaging setup handles more runtime and installation edge cases. OpenClaw WhatsApp pairing renders a terminal QR code with a four-module quiet zone, Teams plugin installation tolerates verbose npm metadata, and newly generated OpenClaw config no longer references the uninstalled qqbot plugin. For more information, refer to Choose Messaging Channels.
  • Day-two commands behave more predictably in automation and across agents. Non-terminal exec closes stdin unless --stdin explicitly forwards a pipe, session passthrough selects the sandbox’s native agent binary, resumed Hermes one-shot turns append to the selected session, and gc finds orphaned gateway-built and locally prebuilt sandbox images. For more information, refer to NemoClaw CLI Commands Reference and Recover and Rebuild Sandboxes.

v0.0.75

NemoClaw v0.0.75 upgrades the bundled OpenClaw runtime to 2026.6.10 and improves sandbox upgrade and prepared-backup recovery, custom endpoint inference routing, and local Docker-driver sandbox JWT handling.

  • The bundled OpenClaw runtime upgrades to 2026.6.10 with reviewed package pins, fail-closed archive and patch validation, safer same-device pairing repair, and stricter rebuild route and credential recovery. For more information, refer to the OpenClaw 2026.6.10 Dependency Review.
  • Upgrading an existing install now recovers a previously onboarded sandbox instead of failing when the recreated gateway has not yet reconfigured its inference route. Prepared-backup recovery defers the live route check to authoritative onboarding, which restores and verifies the gateway provider and inference route before sandbox recreation; in-place upgrades recover gateway-orphaned sandboxes, and a same-name --fresh re-onboard preserves the newly selected LangChain Deep Agents Code routing. For more information, refer to NemoClaw CLI Commands Reference and Troubleshooting.
  • Hermes custom Anthropic-compatible inference now uses the OpenAI frontend, and OpenAI-only agents keep the /v1 base URL when pointed at an Anthropic-compatible endpoint, so switching a managed sandbox to a compatible endpoint routes and reports the provider and model correctly. For more information, refer to Choose an Inference Provider and Switch Inference Providers.
  • Local Docker-driver sandbox JWTs now use OpenShell’s non-expiring local contract, which keeps a long-running local sandbox reachable without a manual gateway restart. For more information, refer to OpenShell 0.0.71 Gateway Authentication Review.
  • Hermes runtime and managed MCP state reconcile after a runtime change, and Hermes installs accept a pinned base platform digest. For more information, refer to About Managed MCP Servers and NemoClaw CLI Commands Reference.
  • OpenClaw local CLI pairing restores its previous connection path so a local sandbox reconnects without re-pairing. For more information, refer to NemoClaw CLI Commands Reference.

v0.0.74

NemoClaw v0.0.74 upgrades the OpenShell policy boundary, adds managed MCP and progressive tool disclosure, strengthens the experimental LangChain Deep Agents Code integration, and improves onboarding, local inference, messaging, recovery, and contributor workflows.

  • Stable installs pin OpenShell 0.0.72 release artifacts and the supervisor image, adding MCP Streamable HTTP and JSON-RPC request-policy enforcement. Policy mutations read the round-trippable base policy instead of the effective policy, which preserves existing MCP rules without sending provider-composed _provider_* entries back through policy set. For more information, refer to OpenShell 0.0.72 Compatibility Review and Customize the Network Policy.
  • Managed MCP commands use add, list, status, restart, and remove to manage authenticated HTTPS Streamable HTTP servers for OpenClaw, Hermes, and experimental LangChain Deep Agents Code through native OpenShell policy enforcement and provider-backed credential replacement. The LangChain Deep Agents Code rebuild path validates the recorded gateway, route, image, staged build context, and prepared replacement inputs before deleting the previous sandbox, then restores managed MCP state after the recreated runtime is ready. For more information, refer to About Managed MCP Servers, Quickstart with LangChain Deep Agents Code, and the accepted architecture decision.
  • New sandboxes default to progressive tool disclosure across OpenClaw, Hermes, and LangChain Deep Agents Code, while --tool-disclosure direct restores the full visible catalog. The selected mode persists through resume and transactional rebuilds, and model-specific compatibility safeguards can keep an incompatible model on direct disclosure. Sandbox-first inference get and inference set commands now provide the same route controls as their global forms. For more information, refer to Troubleshooting, Audit Model Capabilities, and NemoClaw CLI Commands Reference.
  • LangChain Deep Agents Code now provides managed status, whoami, and identity commands without launching the interactive UI, validates the installed agent version during onboarding, and keeps credential-shaped or tracing configuration out of persisted runtime metadata. Its rebuild path validates recreation before destructive handoff and preserves the managed proxy, tool-disclosure, and MCP boundaries. For more information, refer to Quickstart with LangChain Deep Agents Code, NemoClaw CLI Commands Reference, and Security Best Practices.
  • Onboarding uses BuildKit prebuilds with bounded progress heartbeats, reuses validated release and source-commit sandbox images, and rejects stale or incompatible image contracts before sandbox creation. Readiness handling tolerates a bounded run of transient OpenShell Error phases, while preflight output distinguishes an unreachable container DNS resolver from one that answers but rejects the query. On Windows on Arm N1X systems, automatic Local Ollama setup treats the integrated GPU as compute-constrained and selects qwen3.5:9b instead of the 30B and 35B starter models. For more information, refer to NemoClaw CLI Commands Reference, Install OpenClaw Plugins, Choose a Local Inference Server, Prepare Windows for NemoClaw, and Troubleshooting.
  • Messaging configuration now keeps channel policy ownership with the enabled channel, persists selected policy presets through onboarding and rebuilds, reports Telegram mention mode in channel status, and detects credential conflicts before a destructive rebuild starts. For more information, refer to Choose Messaging Channels, Customize the Network Policy, and NemoClaw CLI Commands Reference.
  • Day-two commands provide safer recovery and clearer automation behavior. update --fresh can reinstall the current version, and destroy --force can remove a local record when the OpenShell gateway is unavailable while warning that the sandbox and retained volume may still exist. Failed exec commands can surface recent policy-denial context, tunnel stop releases its gateway port, WSL keeps a usable loopback dashboard URL, and affected CLI user-error surfaces preserve a nonzero exit status. For more information, refer to NemoClaw CLI Commands Reference, Troubleshooting, and Choose an Inference Provider.
  • Contributor workflows now provide idempotent one-command setup, read-only readiness checks, diff-scoped local verification, and validated Git signing configuration while preserving development dependencies during installation. The new agent-runnable value benchmark emits machine-readable and Markdown reports for inference latency and trace-backed sandbox startup without turning advisory timings into a release gate. For more information, refer to the NemoClaw Contributor Guide and NemoClaw Value Benchmark.

v0.0.73

NemoClaw v0.0.73 improves custom endpoint safety, Linux GPU onboarding, agent-aware policy validation, upgrade recovery, LangChain Deep Agents Code inference, and operator documentation.

  • Custom endpoint handling now fails closed before downstream handoff when an HTTPS endpoint relies on DNS and NemoClaw cannot pin the validated peer across the OpenShell runtime boundary. Public HTTP endpoints continue to use DNS-pinned IP URLs, and HTTPS IP-literal endpoints remain accepted. For more information, refer to NemoClaw CLI Commands Reference, Choose an Inference Provider, and Troubleshooting.
  • GPU sandbox onboarding now uses OpenShell native GPU injection by default on ordinary native Linux hosts with usable CDI. Docker Desktop WSL and Jetson/Tegra retain the compatibility path, which preserves the OpenShell supervisor boundary, captures bounded redacted diagnostics, and attempts rollback when a recreated container fails. For more information, refer to NemoClaw CLI Commands Reference, Troubleshooting, and Choose a Local Inference Server.
  • Messaging policy presets now respect agent support before policy-add changes state. Terminal runtimes such as LangChain Deep Agents Code reject unsupported channel presets before endpoint disclosure or confirmation, matching the existing channels add boundary. For more information, refer to NemoClaw CLI Commands Reference, Choose Messaging Channels, and Platform Support and Launch Claims.
  • Pre-upgrade backups can skip a running sandbox whose in-sandbox SSH endpoint is unreachable when NEMOCLAW_SKIP_UNREACHABLE_SANDBOX_BACKUP=1 is set. Installer-driven upgrades restore skipped sandboxes from the latest validated backup, while standalone backup-all runs only skip the failure and do not schedule a restore. Any uncommitted state since the latest successful backup is not preserved. For more information, refer to NemoClaw CLI Commands Reference, Recover and Rebuild Sandboxes, and Host Files and State.
  • LangChain Deep Agents Code now reaches inference.local through the managed OpenShell proxy across interactive, login-shell, direct-exec, and connect-probe paths. The runtime normalizes proxy environment state, clears inherited bypass settings, and keeps credential-shaped values out of persisted proxy configuration. Rebuild existing LangChain Deep Agents Code sandboxes after upgrading so they receive the corrected image scripts. For more information, refer to Quickstart with LangChain Deep Agents Code and Troubleshooting.
  • Setup and recovery guidance now covers the Docker CLI requirement for Homebrew Colima, Cursor terminal restrictions on Windows, stale Kubernetes namespace cleanup, OpenShell and OpenClaw gateway startup order, and stopped-container recovery. The new Host Files and State reference explains files under ~/.nemoclaw/ and which registry and backup state uninstall preserves. For more information, refer to Prerequisites, Prepare Windows for NemoClaw, Host Files and State, and Troubleshooting.

v0.0.72

NemoClaw v0.0.72 improves installer recovery, sandbox diagnostics, inference setup, credential handling, and custom policy safety.

  • Installer and upgrade flows now recover eligible non-Ready sandboxes before generic onboarding. The installer runs backup-all when available, runs upgrade-sandboxes --auto, restores only validated latest backups with matching sandbox identity and managed-image provenance, and exits before onboarding if any eligible recovery is blocked or fails. For more information, refer to NemoClaw Quickstart with OpenClaw and Recover and Rebuild Sandboxes.
  • Day-two commands provide clearer diagnostics before work reaches a lower-level failure. channels status prints a compact summary for configured channels and non-secret rendered-config comparisons, credentials add registers provider credentials by provider name and type, status separates host inventory from per-sandbox health, exec rejects newline-containing arguments with recovery guidance, and connect shells point policy-denial failures at logs. For more information, refer to NemoClaw CLI Commands Reference and Troubleshooting.
  • Inference setup and model switching fail with safer context. NVIDIA Endpoints onboarding uses a public featured-model catalog with safe bundled fallback behavior, provider-not-found errors list registered providers and point back to onboarding, Hermes Provider endpoint URLs are validated before credentials are dispatched, and curl-based probes keep API keys out of process arguments. For more information, refer to Choose an Inference Provider, Switch Inference Providers, and Security Best Practices.
  • Custom policy and sandbox credential boundaries are tighter. User-supplied custom presets reject allowed_ips except the explicit host bridge, OpenClaw processes receive AWS_EC2_METADATA_DISABLED=true, Hermes runtime configuration output masks API key fields, and exec restores mutable OpenClaw config permissions after one-shot commands. For more information, refer to Customize the Network Policy, Security Best Practices, and NemoClaw CLI Commands Reference.
  • Runtime repair covers more sandbox-specific drift. OpenClaw gateway watchdog exits respawn the gateway instead of ending PID 1, Hermes upgrade checks compare agent versions in the Hermes runtime scheme, Tavily access is restored for managed Python workflows, and prompt-stdin EOF during onboarding is treated as cancellation. For more information, refer to Recover and Rebuild Sandboxes, Common NemoClaw Integration Policy Examples, and NemoClaw CLI Commands Reference.

v0.0.71

NemoClaw v0.0.71 improves gateway recovery, OpenShell gateway authentication, policy provenance, uninstall safety, Windows bootstrap diagnostics, messaging behavior, and inference guidance.

  • Gateway lifecycle operations use a host-mediated control path for built-in OpenClaw and Hermes sandboxes. recover and gateway restart target the supervised gateway through the supported topology controller, re-check forwards after replacement, preserve explicit runtime model overrides during OpenClaw reconciliation, and write guard-chain recovery warnings into the gateway log for crash-loop diagnosis. For more information, refer to Recover and Rebuild Sandboxes, NemoClaw CLI Commands Reference, Troubleshooting, and Trusted Computing Base.
  • OpenShell 0.0.71 is the validated gateway release for this train. NemoClaw generates local TLS, mTLS, and sandbox JWT material for Docker-driver gateways, keeps gateway binds on loopback while JWT auth is active, and documents the explicit compatibility-container boundary for older trusted Linux hosts. For more information, refer to OpenShell 0.0.71 Review, Security Best Practices, and Troubleshooting.
  • Network policy output now explains why active presets are present. policy-list annotates verified active presets with tier, agent, user-added, or source-unverified provenance; Restricted onboarding suppresses agent-required preset additions; the Balanced tier no longer includes weather; and the weather preset covers read-only wttr.in lookups when you add it explicitly. For more information, refer to Network Policies, NemoClaw CLI Commands Reference, and Common NemoClaw Integration Policy Examples.
  • Day-two maintenance paths are more explicit. nemoclaw uninstall --destroy-user-data provides a visible full-purge flag while keeping --yes non-destructive for preserved user data, custom Dockerfile onboarding documents cold and warm build-cache behavior, and host-side OpenClaw agent dispatch warns on stderr when a recent shields auto-relock may explain a failed one-shot command. For more information, refer to Recover and Rebuild Sandboxes and NemoClaw CLI Commands Reference.
  • Messaging and inference setup have clearer runtime defaults and selection guidance. Microsoft Teams channel setup uses final-message delivery by default and runtime mention hints, non-interactive Ollama setup refuses unsafe loopback rewrites when sudo evidence is unavailable, compatible local endpoint docs explain the default chat-completions path, and the inference guide adds model task-fit and capability-audit guidance. For more information, refer to Choose Messaging Channels, Choose a Local Inference Server, Choose an Inference Provider, and Audit Model Capabilities.
  • Windows setup output is safer to share during troubleshooting. The Windows bootstrap redacts PowerShell transcript metadata and temporary paths from WSL install output, and it asks for a reboot only when WSL reports one is required. For more information, refer to Prepare Windows for NemoClaw and Troubleshooting.

v0.0.70

NemoClaw v0.0.70 completes the E2E migration and improves day-two operation, inference setup, messaging repair, Windows bootstrap guidance, and documentation.

  • Day-two CLI operations are easier to steer from the host. nemoclaw use <name> selects the default registered sandbox, and mistyped sandbox names now receive the closest registered-sandbox suggestion. For more information, refer to NemoClaw CLI Commands Reference.
  • Onboarding and inference validation handle more common setup drift. Docker Desktop gateway bridge checks retry through the short first-start race, OpenAI-compatible endpoints can opt into reasoning-mode validation with NEMOCLAW_REASONING, and Windows bootstrap failures preserve WSL recovery guidance. For more information, refer to Choose an Inference Provider, Prepare Windows for NemoClaw, and Troubleshooting.
  • Messaging and Hermes repair paths carry less stale state forward. Rebuilds write the effective policy preset set back to the sandbox registry, channels start reapplies the matching network policy preset before rebuilding, and Hermes image repair removes inherited OpenClaw state from older base layers. For more information, refer to Choose Messaging Channels, NemoClaw CLI Commands Reference, and Troubleshooting.
  • Documentation now covers the operator workflows added during this release. The OpenClaw quickstart explains the two-terminal network approval workflow, and the messaging guide separates Teams direct-message allowlists from OpenClaw group and channel policy. For more information, refer to NemoClaw Quickstart with OpenClaw, Approve or Deny Agent Network Requests, and Choose Messaging Channels.
  • Release validation now runs through one Vitest scenario system. GitHub Actions owns orchestration and reporting, while the scenario runner keeps scheduled failure routing, scorecards, trace-timing summaries, docs validation, and two-agent security-posture coverage in the same selection model.

v0.0.69

NemoClaw v0.0.69 improves sandbox recovery, Deep Agents Code workflows, Hermes messaging, inference setup, policy approval guidance, and release validation.

  • Sandbox lifecycle and onboarding flows now preserve state more predictably across destroy, recreate, rebuild, recovery, and validation failures. Destroy wipes persistent workspace and state directories, GPU recreate rolls back failed pre-patch sandboxes, recovery can rediscover live sandboxes when the local registry is empty, and hosted endpoint validation failures keep a nonzero exit status. For more information, refer to Recover and Rebuild Sandboxes, Create and Restore Snapshots, and Troubleshooting.
  • Deep Agents Code workflows now have clearer terminal and CLI behavior. Session export reports actionable guidance for dash-prefixed arguments, warm-up sessions stay out of normal history, nemo-deepagents aliases share a consistent command surface, terminal runtime dispatch and version probes are more accurate, and status reports out-of-memory degradation with useful context. For more information, refer to Quickstart with LangChain Deep Agents Code and NemoClaw CLI Commands Reference.
  • Deep Agents Code rebuild and snapshot operations now protect more user state. Skills created with skill-creator persist across rebuilds, the managed Python environment stays on PATH, rebuild warns before dropping user-managed files, and snapshot creation refuses to capture an active Deep Agents Code session. For more information, refer to Understand Sandbox State, Create and Restore Snapshots, and Security Best Practices.
  • Hermes, messaging, and provider switching now use more explicit runtime state. Hermes moves to the 2026.6.19 release line, supported messaging channels come from manifests, invalid channel values fail fast, reused sandboxes refresh stale messaging plans, Hermes preserves Slack-compatible aliases after upgrades, and provider switches retain endpoint, credential, and inference API metadata. For more information, refer to Choose Messaging Channels, NemoClaw Quickstart with Hermes, and Switch Inference Providers.
  • Inference setup now handles local and compatible endpoints with tighter validation. DGX Station managed vLLM defaults to DeepSeek V4 Flash, Ollama setup records explicit interaction state, compatible endpoint smoke checks retry only recognized transient failures, and validation redacts sensitive error details. For more information, refer to Choose an Inference Provider and Choose a Local Inference Server.
  • Security, policy, and observability paths now report safer runtime state. Auto-restore seals the expected configuration hash, sandbox connect and login apply process and file-descriptor limits quietly, JSON agent failures keep parseable output with provenance warnings, log collection preserves per-source breadcrumbs, and in-sandbox Shields status no longer claims host posture it cannot verify. For more information, refer to Security Best Practices, Credential Storage, NemoClaw CLI Commands Reference, and Monitor Sandbox Activity.
  • Documentation and release gates now cover more policy, approval, and live validation paths. The docs include clearer policy round-trip and network-request approval examples, while the live release gates distinguish public NVIDIA API keys from hosted inference keys and exercise Deep Agents Code terminal behavior more directly. For more information, refer to Network Policies, Customize the Network Policy, and Approve or Deny Agent Network Requests.

v0.0.68

NemoClaw v0.0.68 improves onboarding recovery, messaging setup, agent-specific CLI behavior, local inference defaults, and release validation:

  • Installer and onboarding paths now stop on real setup failures and recover more cleanly after interrupted runs. Scripted installs propagate onboarding exit codes, interrupted installer runs start fresh when no sandbox exists to resume, and resume behavior stays tied to onboarding sessions with a real sandbox. For more information, refer to NemoClaw Quickstart with OpenClaw and Troubleshooting.
  • Messaging setup adds experimental Microsoft Teams channel onboarding for OpenClaw and Hermes, including Bot Framework credentials, webhook forwarding, the teams network policy preset, and local webhook port conflict checks. NemoClaw also derives channel availability from each channel manifest’s supportedAgents declaration and rejects channels add before policy, provider, registry, credential, or rebuild mutations when no channel manifest supports the selected agent. LangChain Deep Agents Code therefore fails closed for messaging until a real channel bridge and matching manifest support land. For more information, refer to Choose Messaging Channels and Platform Support and Launch Claims.
  • Agent-specific CLI commands now route more accurately and fail earlier with clearer local guidance. sessions export routes by sandbox agent kind, Hermes gateway-token points users to dashboard-url, bare OpenClaw agent invocations print wrapper help locally, and omitted extra-agent workspace and agentDir fields use canonical OpenClaw paths. For more information, refer to NemoClaw CLI Commands Reference.
  • LangChain Deep Agents Code sandboxes now stay alive with a stable entrypoint, use their own product branding, reject unsupported messaging mutations, and preserve the hosted-compatible default model ID without doubling the provider namespace. For more information, refer to Quickstart with LangChain Deep Agents Code, Choose an Inference Provider, and Platform Support and Launch Claims.
  • DGX Spark express install now selects managed local vLLM by default, while hosted NVIDIA inference setup preserves the provider, namespace, and model ID shape used by the compatible endpoint path. For more information, refer to NemoClaw Quickstart with OpenClaw, Choose an Inference Provider, and Platform Support and Launch Claims.
  • Platform-support docs now rely on the canonical support matrix, so users and agents see one source of truth for supported platforms, inference providers, agents, messaging integrations, deployment paths, capabilities, and out-of-scope items. For more information, refer to Platform Support and Launch Claims.