v0.0.52
NemoClaw v0.0.52 upgrades the bundled OpenClaw runtime, repairs Hermes sandbox startup, restores onboarding ready output, and hardens Slack onboarding, Windows bootstrap, and private-network handling:
- Bundles OpenClaw 2026.5.22 as the NemoClaw runtime target through
OPENCLAW_VERSIONin the NemoClaw Dockerfiles. The runtime upgrade addresses Telegram, Discord, and Slack channel registration issues seen on the 2026.5.18 runtime.nemoclaw-blueprint/blueprint.yamlkeepsmin_openclaw_versionas a compatibility floor for direct blueprint consumers, so the blueprint floor can be lower than the Dockerfile target. Runnemoclaw <name> rebuildto pick up the new OpenClaw runtime in existing sandboxes. - Hermes sandbox startup is more reliable on the v0.14 root entrypoint. NemoClaw precreates
hooks,image_cache,audio_cache, andlogs/curatorunderHERMES_HOME, makes/sandbox/.hermessticky group-writable so thegatewayuser can create runtime state without removing sandbox-owned config files, stops precreating/sandbox/.hermes/gateway.pidas a symlink that Hermes v0.14 treats as a PID race, and clears legacy PID and lock state before launch. nemoclaw onboardready output points users atnemoclaw <name> dashboard-url --quietagain, restoring the dashboard guidance that regressed during an earlier onboarding refactor.- Slack onboarding validates preconfigured Slack tokens before treating Slack as configured. Invalid
SLACK_BOT_TOKENvalues from the environment or stored credentials no longer cause onboarding to skip the Slack prompt, so the wizard re-prompts for a validxoxb-...token instead of silently advancing with a token Slack cannot use. - The Windows bootstrap script defers first-run Ubuntu account setup to a separate WSL handoff window again, which keeps PowerShell prompt alignment intact during install. The default distro is
Ubuntu-24.04, andbootstrap-windows.ps1 -DistroName Ubuntureuses an existingUbuntudistribution. - The blueprint private-network blocklist reloads when
private-networks.yamlchanges on disk, so long-running NemoClaw processes validate SSRF and private-network rules against the current file instead of stale cached data.
v0.0.51
NemoClaw v0.0.51 improves messaging controls, local inference setup, sandbox diagnostics, policy validation, and onboarding recovery:
- Slack setup now supports channel allowlisting. During onboarding,
channels add slack, and non-interactive rebuilds, setSLACK_ALLOWED_CHANNELSto restrict channel@mentionhandling to selected Slack channel IDs. Combine it withSLACK_ALLOWED_USERSwhen you want both channel and member checks. - Local Ollama setup now detects host installations that are below the minimum supported version and offers an explicit upgrade path. On macOS, NemoClaw uses Homebrew. On Linux, NemoClaw uses the system installer for upgrades and refuses non-interactive upgrade paths that would require a hidden sudo prompt.
- Non-interactive Linux Ollama setup can use a sudo-free user-local install path when passwordless sudo is unavailable. The docs now describe
NEMOCLAW_OLLAMA_INSTALL_MODE, the user-local install trade-offs, and the manualzstdrequirement. - Managed Ollama model selection now uses a memory-aware registry for starter models. If a known bootstrap model does not fit currently available GPU memory, NemoClaw warns and falls back to the largest known model that does fit instead of starting a model that is likely to fail.
nemoclaw onboardrestores the managed vLLM menu entry for DGX Spark and DGX Station hosts, which had been hidden after a previous onboard refactor dropped thegpu.platformvalue the vLLM menu builder relies on.nemoclaw resourcesandNEMOCLAW_RESOURCE_PROFILEexpose sandbox CPU and memory profiles. Profiles can be selected during onboarding, andNEMOCLAW_CPUorNEMOCLAW_RAMcan override the selected profile for scripted runs.- Cloudflare named tunnels are supported through
CLOUDFLARE_TUNNEL_TOKEN.nemoclaw tunnel startpasses the token through the environment and expects the named tunnel route to already point at the dashboard port. - Jira policy validation guidance now matches the maintained preset. Use a Node HTTPS status probe for Atlassian API access and the body-visible
api.atlassian.com/oauth/token/accessible-resourcescurl probe when validating approved requests manually. Plaincurl -sagainstauth.atlassian.comcan return empty output even when reachable, so it is not a pass/fail signal. - Sandbox logs merge OpenClaw gateway output and OpenShell audit events into one stream, and
--tailapplies once to the merged result so policy denials appear beside gateway logs. - Onboarding recovers more cleanly across host and runtime edge cases, including root-owned config sync directories, stale dashboard port allocation, unreachable Docker daemons, stale dashboard forwards, default NVIDIA CDI spec directories, and Linux Docker-driver health checks.