For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
User Guide
User Guide
    • Home
      • Overview
      • Architecture Overview
      • Ecosystem
      • Release Notes
      • Prerequisites
      • Quickstart with Hermes
      • Inference Options
      • Use Local Inference
      • Switch Inference Providers
      • Manage Sandbox Lifecycle
      • Runtime Controls
      • Set Up Messaging Channels
      • Workspace Files
      • Backup and Restore
      • Install Hermes Plugins
      • Approve or Deny Network Requests
      • Customize the Network Policy
      • Integration Policy Examples
      • Monitor Sandbox Activity
      • Security Best Practices
      • Credential Storage
      • Architecture Details
      • Commands
      • Which CLI to Use
      • Network Policies
      • Troubleshooting
      • Agent Skills
      • Report Vulnerabilities
      • License
      • Discord
NVIDIANVIDIA
Developer-friendly docs for your API
Privacy Policy | Your Privacy Choices | Terms of Service | Accessibility | Corporate Policies | Product Security | Contact

Copyright © 2026, NVIDIA Corporation.

LogoLogoNemoClaw
On this page
  • v0.0.56
  • v0.0.55
  • v0.0.54
  • v0.0.53
  • v0.0.52
  • v0.0.51
  • v0.0.50
  • v0.0.49
  • v0.0.48
  • v0.0.47
  • v0.0.46
  • v0.0.45
  • v0.0.44
  • v0.0.43
  • v0.0.42
  • v0.0.41
  • v0.0.40
  • v0.0.39
  • v0.0.38
  • v0.0.34
  • Component Version Policy
About NemoClaw

Release Notes

||View as Markdown|
Previous

Ecosystem

Next

Prerequisites

NVIDIA NemoClaw is available in early preview starting March 16, 2026. Use this page to track the highlights of the latest release. For more detailed release notes, refer to the NemoClaw GitHub announcements.

v0.0.56

NemoClaw v0.0.56 improves install safety, local-inference validation, messaging diagnostics, sandbox lifecycle reporting, and day-two command behavior:

  • Public installer and nemoclaw update flows now follow the admin-promoted lkg release tag by default, so curl-piped installs and update checks target the maintained build while validation catches up to newer semver tags. Non-interactive Linux installs can also reactivate Docker group membership through sg docker and continue in the same installer run when that path is available. For more information, refer to Manage Sandbox Lifecycle.
  • nemoclaw <name> status, nemoclaw <name> connect, and nemoclaw upgrade-sandboxes now probe the live sandbox agent version before deciding whether a rebuild is needed, instead of trusting stale host metadata. Status output reports when the version cannot be verified and points at rebuild when the running agent may predate the current install. For more information, refer to NemoClaw CLI Commands Reference.
  • GPU Docker-driver local-inference onboarding now verifies that host-network sandboxes can reach the selected Ollama or vLLM health endpoint before onboarding reports success. Failures now include the provider endpoint, container network mode, and recovery guidance, which avoids discovering the broken route only after the first agent prompt. For more information, refer to Use a Local Inference Server.
  • Messaging setup is more diagnosable. Slack setup validates both required Slack credentials before enabling the channel, WhatsApp pairing renders a compact scan-friendly QR for OpenClaw sandboxes and separates gateway close errors from QR rendering, and Telegram DM allowlist aliases continue to work for existing automation. For more information, refer to Messaging Channels.
  • Command ergonomics are clearer for common day-two paths. nemoclaw inference set without both --provider and --model now points users to the underlying openshell inference set command, nemoclaw <name> skill remove <skill> removes uploaded skills by SKILL.md name, nemoclaw <name> status --json supports per-sandbox automation, and nemoclaw debug --sandbox validates explicit sandbox names before writing diagnostics. For more information, refer to NemoClaw CLI Commands Reference.
  • Policy and sandbox base-image compatibility improved. The pypi preset allows the uv package manager binary, the sandbox base image includes tmux for OpenClaw’s bundled tmux-session flow, and Jira preset validation docs now use observable status probes. For more information, refer to Common NemoClaw Integration Policy Examples.
  • Uninstall, rebuild, and snapshot flows protect user state more consistently. nemoclaw uninstall preserves host-side backups and the sandbox registry by default, rebuilds preserve explicit CPU-only sandbox intent, and snapshot restore blocks ambiguous existing-destination rollbacks unless you opt in with --force. For more information, refer to Manage Sandbox Lifecycle.

v0.0.55

NemoClaw v0.0.55 improves local Ollama onboarding reliability, plugin secret-scanner resilience, and messaging-channel prompt clarity:

  • Local Ollama validation retries host-side curl process timeouts with a larger timeout before failing, and Docker runtime detection retries docker info before choosing the local inference route. For more information, refer to Use a Local Inference Server.
  • The NemoClaw OpenClaw plugin keeps the memory secret scanner active when OpenClaw runs in embedded fallback mode without a usable path resolver. The scanner falls back to literal memory and workspace-relative paths instead of crashing before the first write-tool call. For more information, refer to Security Best Practices.
  • The onboarding messaging-channel picker now states that pressing Enter with no channels selected skips messaging setup. For more information, refer to Messaging Channels.

v0.0.54

NemoClaw v0.0.54 updates messaging activation, Windows WSL onboarding, NemoHermes dashboard access, and sandbox repair paths:

  • Generated OpenClaw config now marks Telegram, Discord, Slack, and WhatsApp as enabled at the channel level. Selected messaging plugins are pinned during the image build, and channels add verifies Telegram, Discord, and Slack bridge startup after the rebuild instead of leaving silent channel failures for later debugging. For more information, refer to Messaging Channels.
  • The Windows bootstrap flow waits for Ubuntu account creation before touching Docker settings, enables Docker Desktop WSL integration for the target distro, avoids changing the global WSL default distro, and adds WSL-specific Docker reachability hints during onboarding. For more information, refer to Prepare Windows for NemoClaw.
  • Windows-host Ollama setup inside WSL now requires the Docker Desktop WSL integration path. NemoClaw still shows Windows-host Ollama options when it detects them, but labels the Docker Desktop requirement and blocks unsupported native Docker-in-WSL selections before it tries to start or install Ollama. For more information, refer to Use a Local Inference Server.
  • NemoHermes can expose the optional native Hermes web dashboard separately from the OpenAI-compatible API. Set NEMOCLAW_HERMES_DASHBOARD=1 before onboarding to start and forward the dashboard on port 9119, with NEMOCLAW_HERMES_DASHBOARD_PORT and NEMOCLAW_HERMES_DASHBOARD_TUI available for port and TUI tab control. For more information, refer to NemoClaw Quickstart with Hermes.
  • Onboarding diagnostics include more copy-paste-ready recovery hints. Invalid sandbox names now include a Try: <suggested-slug> line when NemoClaw can derive a valid name, and non-interactive NVIDIA Endpoints setup prints the exact export NVIDIA_API_KEY=nvapi-... shape when the key is missing. For more information, refer to NemoClaw CLI Commands Reference.
  • Homebrew stays on the Linuxbrew prefix while exposing installed formula commands in sandbox shell sessions, the /nemoclaw slash command activates at OpenClaw startup again, Hermes rebuilds tolerate older release tarballs that lack optional UI package lockfiles, and device scope-upgrade approvals recover without being pinned to the old gateway-scoped request. For more information, refer to Common NemoClaw Integration Policy Examples.
  • The host-gateway allowance for OpenClaw web_fetch is confined to the trusted proxy path, while strict and direct paths continue to block host-gateway names. Hermes Provider onboarding skips the host-side smoke probe only for OAuth-backed setup and keeps direct validation for Nous API key setup. For more information, refer to NemoClaw Inference Options.

v0.0.53

NemoClaw v0.0.53 focuses on safer sandbox recreation, stricter onboarding preflight defaults, local inference reliability, policy coverage, and day-two repair workflows:

  • nemoclaw onboard backs up workspace state before deleting an existing sandbox during recreation, including sandboxes that are registered but not ready. If the backup is partial or fails, onboarding aborts before delete so workspace, skills, extensions, identity, memory, messaging state, and credentials are not silently dropped. Set NEMOCLAW_RECREATE_WITHOUT_BACKUP=1 only when you intentionally want a fresh workspace.
  • Under-provisioned container-runtime warnings now default to abort in interactive onboarding. Pressing Enter at the warning stops the run so you can resize Docker Desktop or Colima before the sandbox build stalls. Non-interactive runs continue with a warning, and NEMOCLAW_IGNORE_RUNTIME_RESOURCES=1 still suppresses the check when you have already accepted the resource trade-off.
  • OpenClaw sandboxes can use the new openclaw-pricing policy preset for model-pricing reference fetches from LiteLLM and OpenRouter. NemoClaw suggests this preset during OpenClaw onboarding so session JSONL records can populate usage.cost without widening egress beyond the two read-only pricing endpoints.
  • Local Ollama onboarding is more accurate. NemoClaw validates the /api/tags response body through the authenticated proxy, honors accepted no-tools overrides through validation and proxy setup, and uses Ollama’s reported runtime context length for contextWindow unless you set NEMOCLAW_CONTEXT_WINDOW.
  • Onboarding and gateway reuse recover from more host-runtime drift. NemoClaw recovers stopped gateways before preserving PVC-backed state, verifies gateway containers before reusing port-conflict state, defers Docker-driver gateway teardown until step [2/8], records Docker-driver sandboxes on macOS, and uses Docker --gpus rather than CDI repair on WSL Docker Desktop.
  • The sandbox and integration paths handle more common failures cleanly, including Brave Search credential rewrite through OpenShell providers, Telegram placeholder repair, host-gateway web_fetch routing, read-only host targets for share mount, live gateway drift in list, host-alias Kubernetes invocations, Jetson bridge DNS preflight failures, and non-ready sandboxes during maintenance backups.
  • Hermes startup no longer treats a fresh root-entrypoint layout as locked state, which avoids false locked-layout detection during sandbox boot.
  • Maintainer tooling can export a signed skills catalog, detect untracked files during skills refresh diffs, and run the stale-issue verification workflow added for maintainers.

v0.0.52

NemoClaw v0.0.52 upgrades the bundled OpenClaw runtime, repairs Hermes sandbox startup, restores onboarding ready output, and hardens Slack onboarding, Windows bootstrap, and private-network handling:

  • Bundles OpenClaw 2026.5.22 as the NemoClaw runtime target through OPENCLAW_VERSION in the NemoClaw Dockerfiles. The runtime upgrade addresses Telegram, Discord, and Slack channel registration issues seen on the 2026.5.18 runtime. nemoclaw-blueprint/blueprint.yaml keeps min_openclaw_version as a compatibility floor for direct blueprint consumers, so the blueprint floor can be lower than the Dockerfile target. Run nemoclaw <name> rebuild to pick up the new OpenClaw runtime in existing sandboxes.
  • Hermes sandbox startup is more reliable on the v0.14 root entrypoint. NemoClaw precreates hooks, image_cache, audio_cache, and logs/curator under HERMES_HOME, makes /sandbox/.hermes sticky group-writable so the gateway user can create runtime state without removing sandbox-owned config files, stops precreating /sandbox/.hermes/gateway.pid as a symlink that Hermes v0.14 treats as a PID race, and clears legacy PID and lock state before launch.
  • nemoclaw onboard ready output points users at nemoclaw <name> dashboard-url --quiet again, restoring the dashboard guidance that regressed during an earlier onboarding refactor.
  • Slack onboarding validates preconfigured Slack tokens before treating Slack as configured. Invalid SLACK_BOT_TOKEN values from the environment or stored credentials no longer cause onboarding to skip the Slack prompt, so the wizard re-prompts for a valid xoxb-... token instead of silently advancing with a token Slack cannot use.
  • The Windows bootstrap script defers first-run Ubuntu account setup to a separate WSL handoff window again, which keeps PowerShell prompt alignment intact during install. The default distro is Ubuntu-24.04, and bootstrap-windows.ps1 -DistroName Ubuntu reuses an existing Ubuntu distribution.
  • The blueprint private-network blocklist reloads when private-networks.yaml changes on disk, so long-running NemoClaw processes validate SSRF and private-network rules against the current file instead of stale cached data.

v0.0.51

NemoClaw v0.0.51 improves messaging controls, local inference setup, sandbox diagnostics, policy validation, and onboarding recovery:

  • Slack setup now supports channel allowlisting. During onboarding, channels add slack, and non-interactive rebuilds, set SLACK_ALLOWED_CHANNELS to restrict channel @mention handling to selected Slack channel IDs. Combine it with SLACK_ALLOWED_USERS when you want both channel and member checks.
  • Local Ollama setup now detects host installations that are below the minimum supported version and offers an explicit upgrade path. On macOS, NemoClaw uses Homebrew. On Linux, NemoClaw uses the system installer for upgrades and refuses non-interactive upgrade paths that would require a hidden sudo prompt.
  • Non-interactive Linux Ollama setup can use a sudo-free user-local install path when passwordless sudo is unavailable. The docs now describe NEMOCLAW_OLLAMA_INSTALL_MODE, the user-local install trade-offs, and the manual zstd requirement.
  • Managed Ollama model selection now uses a memory-aware registry for starter models. If a known bootstrap model does not fit currently available GPU memory, NemoClaw warns and falls back to the largest known model that does fit instead of starting a model that is likely to fail.
  • nemoclaw onboard restores the managed vLLM menu entry for DGX Spark and DGX Station hosts, which had been hidden after a previous onboard refactor dropped the gpu.platform value the vLLM menu builder relies on.
  • nemoclaw resources and NEMOCLAW_RESOURCE_PROFILE expose sandbox CPU and memory profiles. Profiles can be selected during onboarding, and NEMOCLAW_CPU or NEMOCLAW_RAM can override the selected profile for scripted runs.
  • Cloudflare named tunnels are supported through CLOUDFLARE_TUNNEL_TOKEN. nemoclaw tunnel start passes the token through the environment and expects the named tunnel route to already point at the dashboard port.
  • Jira policy validation guidance now matches the maintained preset. Use a Node HTTPS status probe for Atlassian API access and an explicit status-only curl probe for auth.atlassian.com when validating approved requests manually.
  • Sandbox logs merge OpenClaw gateway output and OpenShell audit events into one stream, and --tail applies once to the merged result so policy denials appear beside gateway logs.
  • Onboarding recovers more cleanly across host and runtime edge cases, including root-owned config sync directories, stale dashboard port allocation, unreachable Docker daemons, stale dashboard forwards, default NVIDIA CDI spec directories, and Linux Docker-driver health checks.

v0.0.50

NemoClaw v0.0.50 focused on onboarding reliability, local inference hardening, messaging diagnostics, and sandbox lifecycle cleanup:

  • nemoclaw onboard detects DGX Spark hosts where managed Ollama falls back to CPU execution. Local inference setup fails the Ollama validation step with a tailored diagnostic, adds a Spark OLLAMA_LLM_LIBRARY=cuda_v13 systemd override when that backend is installed, and enables the managed Linux Ollama service so local inference survives reboot.
  • Compatible endpoint setup rejects host.docker.internal inference URLs because OpenShell sandboxes do not have a portable host-service route through that name. Use Local Ollama’s authenticated proxy path or a policy-managed host service instead.
  • Telegram setup now surfaces BotFather group privacy guidance. Disable privacy mode, then remove and re-add the bot to each group before testing group delivery.
  • Maintenance commands recover the OpenShell gateway before retrying sandbox-list operations, which makes rebuild, recover, upgrade, and backup flows more resilient after gateway drift.
  • NemoClaw no longer writes proxy hooks into sandbox shell startup files. Local proxy configuration stays on supported OpenShell and NemoClaw paths rather than mutating user shell rc files.
  • Windows bootstrap installs Ubuntu 24.04 when WSL is present but no Ubuntu distribution is registered.

v0.0.49

NemoClaw v0.0.49 is a hardening release focused on reliability, clearer diagnostics, OpenClaw compatibility, and stronger validation coverage:

  • Gateway failures now fail faster and explain more. nemoclaw status classifies gateway probe failures by layer, distinguishing a named gateway port that is not accepting connections, a named gateway that is present but not Connected, the active OpenShell gateway pointing at a different name, and a named gateway that is not configured at all. nemoclaw <name> connect exits early with recovery guidance when the OpenShell gateway is down.
  • Gateway upgrade and fallback paths are more stable. The release hardens older gateway fallback coverage, OpenShell gateway upgrade checks, crash-loop detection tests, and Brev GPU bridge gateway traffic coverage.
  • Status and doctor now report a fresh mutable sandbox as not configured instead of down, and nemoclaw <name> logs --tail <lines> is locked in as a NemoClaw line count rather than OpenShell’s follow-flag pun. nemoclaw debug --quick reports restricted kernel-log access as a skipped section instead of surfacing raw dmesg permission errors.
  • OpenClaw compatibility is more resilient across runtime changes. Kimi mixed tool calls are normalized more consistently, compatible OpenClaw JSON envelope changes are tolerated in tests, and OpenClaw patch drift is easier to classify during image builds.
  • Messaging channel removal is now a clean teardown. The sandbox registry and onboard session policy preset state stay in sync so removed presets do not return during later onboard --resume or rebuild flows; QR-paired channels also have their durable in-sandbox session directory wiped before the rebuild and removal aborts cleanly when that wipe cannot be confirmed; and ~/.nemoclaw/config.json is re-synced from the host across every rebuild resume path so the OpenClaw plugin no longer crashes on the Dockerfile placeholder.
  • Hermes sandboxes apply only the messaging channel policies the operator selects instead of pre-enabling every Hermes messaging provider, and dynamic preset application resolves Hermes-specific policy content so Discord on Hermes no longer falls back to generic Node allowlists.
  • nemoclaw <name> snapshot restore --to <existing-sandbox> now refuses to overwrite an existing destination unless you pass --force, which makes destructive clone restores an explicit opt-in.
  • Source-checkout installs bootstrap OpenShell when needed before running preflight, so git clone based installs can reach the same managed OpenShell setup path as packaged installs. The Linux installer, onboard preflight, and prerequisites docs also explain why NemoClaw needs Docker group membership and the privilege impact of granting it.
  • NVIDIA NIM preflight rejects WDDM placeholder GPU names on hosts without NVIDIA firmware, and Jetson onboarding refuses sandbox GPU passthrough instead of creating a configuration the sandbox cannot use.
  • CLI and E2E coverage cover more real user paths. Missing channels arguments now print the correct usage, scenario suites use supported sandbox subcommands, scenario tests build against the full repository CLI, and security-sensitive credential paths have broader coverage.
  • Release infrastructure now targets Node 24 in GitHub Actions. The E2E advisor also comments with clearer scenario guidance and waits for required PR checks before deciding.

v0.0.48

NemoClaw v0.0.48 improves onboarding, sandbox builds, local inference, messaging, and day-two sandbox operations:

  • Windows WSL onboarding detects Windows-host Ollama through both the HTTP endpoint and a Windows process probe, so the installer can offer start or restart actions even when the daemon is installed but not yet reachable from WSL.
  • Onboarding no longer prints a noisy No active forward found warning when it performs best-effort dashboard forward cleanup before rebuilding or recovering a sandbox.
  • nemoclaw <name> share mount verifies the requested remote path against the target sandbox name, so probes for non-default sandboxes no longer accidentally inspect the default sandbox.
  • The OpenClaw plugin tolerates an empty or malformed onboard config.json by falling back to default onboard status instead of failing during startup.
  • Hermes messaging policies are scoped to Hermes-supported channel behavior, keeping unsupported OpenClaw-specific messaging access out of Hermes sandboxes.
  • Onboard session snapshots persist machine-readable state for resume flows, which makes provider and policy decisions more durable across retries.
  • DGX Spark GPU sandbox recreation restores the startup path for Hermes by patching Docker GPU state and preserving the marker files the Hermes entrypoint needs.
  • Discord messaging routes REST and gateway traffic through the sandbox proxy path, including a loopback proxy for gateway traffic, so Discord channels work through the same policy-controlled egress model as other sandbox traffic.
  • Sandbox base images now include Homebrew and a python to python3 compatibility symlink, reducing first-run setup for package and script workflows inside the sandbox.
  • The NemoClaw sandbox image includes a Docker health check so container runtimes can report whether the in-sandbox gateway is responding.
  • Sandbox startup resolves workspace template files from the installed package when source-relative files are not available, which helps package installs seed a fresh workspace consistently.
  • Installer checksum verification prefers sha256sum and falls back when needed, improving compatibility on Linux hosts where shasum is not installed.
  • VM-driver snapshot health checks now use gateway metadata instead of stale local assumptions, so snapshot operations fail less often after gateway state changes.

v0.0.47

NemoClaw v0.0.47 focused on release hardening and validation coverage:

  • The scenario E2E framework gained baseline onboarding coverage for CLI setup, OpenShell gateway creation, sandbox state, inference routing, and smoke tests.
  • Messaging provider scenarios now validate provider attachment, placeholder configuration, secret-leak prevention, bridge reachability, Discord gateway routing, Slack provider state, Telegram injection safety, and token-rotation isolation.
  • CLI command registration was refactored so public display defaults stay consistent across sandbox channel, host, log, policy, skill, and snapshot commands.
  • PR review advisor automation was added for maintainers, with deterministic GitHub context gathering and structured review comments.
  • The release refreshed v0.0.46 documentation, generated user skills, navigation, and version metadata.

v0.0.46

NemoClaw v0.0.46 improves Windows setup, messaging channels, Hermes sandboxes, inference routing, and command compatibility:

  • Windows users can start from the bootstrap PowerShell script, and WSL installs can accept express install to use the Windows-host Ollama path automatically.
  • Messaging channels add WhatsApp support. channels add whatsapp records the channel, rebuilds the sandbox, and then pairs through the agent-specific QR command inside the sandbox.
  • nemoclaw <name> exec runs non-interactive commands inside a running sandbox through OpenShell and exits with the remote command’s status.
  • Hermes sandboxes can use the managed tool gateway broker for supported tool routes, and Hermes startup recovers its readiness marker more reliably.
  • Compatible Anthropic endpoint setup auto-detects Amazon Bedrock Runtime endpoints and starts the local adapter needed for OpenShell routing.
  • Local Ollama setup on WSL native Docker now routes through NemoClaw’s authenticated proxy, and subprocesses inherit the proxy bypass settings used by onboarding.
  • Model Router setup probes supported host Python interpreters and falls back to the next usable one when virtual environment creation fails.
  • The NemoClaw OpenClaw plugin registers the /nemoclaw command again after package metadata changes, and sandbox extension backups restore compatibility with current snapshots.
  • Sandbox builds patch OpenClaw’s tool catalog to reduce startup latency for Nemotron-focused sandboxes.
  • nemoclaw uninstall docs now show how to pass flags through the hosted install script form.

v0.0.45

NemoClaw v0.0.45 improves onboarding recovery, local inference behavior, channel cleanup, sandbox sharing diagnostics, and uninstall cleanup:

  • nemoclaw onboard handles GPU setup failures more directly. It can replace a stale CPU-only gateway when doing so is safe, skips GPU advice when you explicitly pass --no-gpu, points working-driver hosts toward NVIDIA Container Toolkit setup, and enforces the 63-character sandbox name limit before names reach OpenShell.
  • Preflight checks catch more host setup issues before the sandbox build starts. Container DNS probing uses a fresh .invalid lookup so cached DNS answers do not hide blocked resolver egress, and restrictive checkout file modes no longer make model-specific setup manifests unreadable inside the image.
  • Local inference setup is more predictable. Managed vLLM accepts NEMOCLAW_VLLM_MODEL for supported registry slugs and checks Hugging Face tokens before pulling gated models. Ollama-backed sandboxes now enable streamed usage accounting so OpenClaw token counters update after each turn.
  • Messaging channel removal is a clean inverse of channel add. nemoclaw <name> channels remove <channel> detaches live bridge providers before deleting them and un-applies the matching built-in network policy preset when it was active.
  • nemoclaw <name> share mount fails earlier with clearer guidance when the sandbox path cannot be verified or the host mount target is on a read-only filesystem.
  • nemoclaw uninstall stops host openshell-gateway processes, and subprocesses add IPv6 loopback plus wildcard local bind addresses to NO_PROXY so local traffic stays off forwarded proxies.
  • Diagnostics and internal command output redact more credential-shaped values and use private temporary directories for generated SSH and config files.

v0.0.44

NemoClaw v0.0.44 improves onboarding reliability, GPU sandbox networking, local inference verification, messaging recovery, and remote dashboard access:

  • nemoclaw onboard handles DGX Spark and Jetson hosts more conservatively. Unified-memory GPU detection works for Spark, Jetson defaults to CPU-only sandbox passthrough unless you opt in, and local Ollama validation tolerates slow unified-memory model loads that still fit host memory.
  • Linux Docker-driver GPU sandboxes preserve host.openshell.internal during recreation and inject a reachable DNS resolver when the host uses a systemd-resolved loopback nameserver, which keeps local inference and external DNS working after GPU patching.
  • Onboarding and sandbox builds fail less often on first run. Preflight can guide missing NVIDIA Container Toolkit setup, Docker builds force BuildKit for Dockerfile bind mounts, npm installs retry transient registry resets, and compatible-endpoint onboarding runs a final inference smoke check before reporting success.
  • nemoclaw <name> connect repairs stale inference.local routes before opening the shell, reports local Ollama backend and auth-proxy diagnostics when repair fails, and --probe-only keeps dashboard and process recovery from failing just because inference repair needs follow-up.
  • nemoclaw <name> channels add <channel> applies the matching built-in network policy preset before rebuild, and rebuilds preserve paused channel state so stopped messaging channels stay disabled after destroy and recreate.
  • Remote hosts can opt into dashboard forwarding on all interfaces with NEMOCLAW_DASHBOARD_BIND=0.0.0.0, and gateway drift checks now stop backup, status, rebuild, recover, and upgrade flows before they trust stale OpenShell state.
  • Workspace restore uploads backed-up directories file by file, dashboard forwards retry while stopped ports are still releasing, and the in-sandbox OpenClaw gateway respawns after unexpected exits.

v0.0.43

NemoClaw v0.0.43 improves GPU onboarding and uninstall cleanup on Linux Docker-driver hosts:

  • The standard installer can repair missing NVIDIA CDI device specs before onboarding by enabling the NVIDIA CDI refresh service, then falling back to direct nvidia-ctk spec generation when needed.
  • Linux Docker-driver GPU onboarding handles the Docker flags and sandbox policy needed for NVIDIA GPU proof writes to /proc/<pid>/task/<tid>/comm, which fixes DGX Spark installs that previously failed with a permission error during direct GPU proof.
  • nemoclaw uninstall removes the Linux gateway state directory under ~/.local/state/nemoclaw, including gateway PID, SQLite, audit log, and VM-driver state left by Docker-driver gateways.

v0.0.42

NemoClaw v0.0.42 improves onboarding, status diagnostics, local inference checks, and messaging setup:

  • nemoclaw onboard uses the Docker-driver OpenShell gateway path on macOS and no longer requires VM driver helper assets for standard macOS onboarding.
  • Dashboard port selection probes occupied ports more thoroughly, including root-owned listeners on macOS, and rolls back a newly-created sandbox if the dashboard forward cannot start after the image build.
  • nemoclaw status shows Inference and Connected fields for each listed sandbox, and cloudflared service output now distinguishes stopped, invalid PID file, and stale PID states with a nemoclaw tunnel start recovery hint.
  • Local Ollama status and doctor checks now probe the authenticated proxy in addition to the backend, so a broken proxy is reported separately from a healthy 127.0.0.1:11434 backend.
  • Compatible OpenAI endpoint validation retries reasoning-only smoke responses with a larger output budget before classifying the setup as a model output budget problem instead of a route failure.
  • channels add and channels remove normalize channel names before saving or rebuilding, and channels add hints when a matching built-in policy preset exists but is not applied yet.
  • GPU recovery and uninstall output now use registry-aware recovery commands and clearer gateway removal wording.
  • Onboarding applies selected built-in policy presets in a single policy update when possible, while preserving the final live policy and registry state.
  • The installer handles unchanged user-local CLI shims idempotently, avoiding duplicate shim-creation messages during install-plus-verify flows.

v0.0.41

NemoClaw v0.0.41 improves Docker-driver onboarding and release compatibility:

  • nemoclaw onboard can pin fresh OpenShell installs to a published release that fits the blueprint’s tested version range, while retaining the installer fallback when release metadata is unavailable.
  • Docker-driver gateway startup verifies that sandbox containers can reach host.openshell.internal before reporting the gateway healthy, and Linux firewall failures include a targeted ufw remediation.
  • Local Ollama setup probes sandbox-to-proxy reachability before it commits the inference route, so blocked 11435 traffic stops onboarding with a rerun-safe fix instead of leaving a broken route.
  • Linux Docker-driver GPU onboarding can recreate the OpenShell-managed sandbox container with NVIDIA GPU access and leaves diagnostics plus cleanup guidance when GPU readiness fails.
  • nemoclaw uninstall removes all installer-managed OpenShell helper binaries unless you pass --keep-openshell.

v0.0.40

NemoClaw v0.0.40 improves onboarding reliability, local inference setup, and sandbox recovery:

  • nemoclaw onboard uses the Docker-driver OpenShell gateway path on macOS with OpenShell 0.0.37, repairs incomplete Docker-driver installs before startup, and installs the platform-specific gateway asset it needs.
  • The Docker-driver gateway startup check waits for the gateway port to accept TCP connections before it reports the gateway as healthy, and startup failures now include child process exit details.
  • Local Ollama setup requires the authenticated reverse proxy token on every native Ollama API route, including GET /api/tags.
  • The Linux Ollama install path preflights zstd before running the official installer and explains why each sudo-backed setup step needs elevated privileges.
  • The onboarding provider menu offers an already-running local vLLM server directly when localhost:8000 responds. Managed vLLM install and start options now appear by default on DGX Spark and DGX Station, while generic Linux NVIDIA GPU hosts remain behind the experimental opt-in.
  • Policy tier defaults are filtered by active agent support, so presets such as Brave Search are not reapplied to agents that do not support that integration.
  • nemoclaw <name> connect checks dashboard forward reachability with a TCP probe before it reports a forward as stale.
  • Sandbox startup captures a known-good OpenClaw config baseline and restores it on restart if /sandbox/.openclaw/openclaw.json becomes empty.
  • The NemoClaw OpenClaw plugin package declares compatibility metadata for OpenClaw package tooling.

v0.0.39

NemoClaw v0.0.39 improves several day-two workflows:

  • The installer checks Docker earlier on Linux, can install and start Docker when needed, and stops with newgrp docker guidance when the current shell has not picked up the docker group yet.
  • DGX Spark and DGX Station users can accept an express install prompt that preselects the local inference path and suggested policy defaults.
  • NemoClaw now creates GPU-capable OpenShell Docker sandboxes by default when an NVIDIA GPU is available, with explicit --sandbox-gpu, --no-sandbox-gpu, and --sandbox-gpu-device controls.
  • nemohermes supports Hermes Provider onboarding and runtime model switches through nemohermes inference set.
  • nemoclaw <name> hosts-add, hosts-list, and hosts-remove manage sandbox host aliases for LAN-only services.
  • nemoclaw update checks and runs the maintained installer flow, while nemoclaw upgrade-sandboxes remains responsible for rebuilding existing sandboxes.
  • nemoclaw <name> destroy preserves the shared gateway by default unless --cleanup-gateway is selected.
  • nemoclaw <name> connect repairs stale inference.local DNS proxy routes before opening the session.
  • Windows-host Ollama onboarding relaunches the daemon with the reachable binding after install or restart.
  • Local NVIDIA NIM onboarding passes NGC_API_KEY or NVIDIA_API_KEY into the managed container without putting the secret in process arguments, detects early container exits during health checks, and prints a per-GPU preflight breakdown on mixed-model hosts.
  • The sandbox startup path strips additional Linux capabilities before and during privilege step-down.
  • OpenClaw workspace template files are seeded when bootstrap is skipped and the workspace is still empty.
  • Kimi K2.6 and related NVIDIA-hosted chat-completions paths include model-specific compatibility handling for reasoning output.

v0.0.38

NemoClaw v0.0.38 improves several day-two workflows:

  • nemoclaw <name> status shows the gateway’s active policy version in the displayed policy YAML when OpenShell reports one.
  • nemoclaw uninstall stops matching Local Ollama auth proxy processes before it removes ~/.nemoclaw, which prevents stale listeners from blocking a later reinstall.
  • Local Ollama onboarding validates structured chat-completions tool calls and rejects models that leak tool-call payloads as plain text.
  • Blueprint policy additions under components.policy.additions are validated, merged into the live policy, applied through OpenShell, and recorded in run metadata.
  • Rebuild backups tolerate partial archive output when usable data was produced, then report only the manifest-defined paths that could not be archived.
  • NemoHermes uninstall output uses NemoHermes-specific help, progress, and completion text.

v0.0.34

Starting with NemoClaw v0.0.34, the curl -fsSL https://www.nvidia.com/nemoclaw.sh | bash installer pipeline no longer auto-accepts the third-party software notice when stdin is piped and /dev/tty is unavailable (for example, deeply detached SSH sessions or some container shells). In environments without a TTY, accept upfront in the pipe:

$curl -fsSL https://www.nvidia.com/nemoclaw.sh | NEMOCLAW_ACCEPT_THIRD_PARTY_SOFTWARE=1 bash

Or pass the flag through to the installer:

$curl -fsSL https://www.nvidia.com/nemoclaw.sh | bash -s -- --yes-i-accept-third-party-software

Or re-run from a terminal with a controlling TTY:

$bash <(curl -fsSL https://www.nvidia.com/nemoclaw.sh)

The installer error message in v0.0.35+ surfaces all three invocations directly so users can copy-paste a recovery without leaving the terminal.

Component Version Policy

NemoClaw pins the OpenClaw version inside the sandbox at build time via OPENCLAW_VERSION in the NemoClaw Dockerfiles. The min_openclaw_version field in nemoclaw-blueprint/blueprint.yaml is the compatibility floor for direct blueprint consumers and may be lower than the NemoClaw runtime target. Existing sandboxes do not auto-upgrade. Run nemoclaw <name> status to see the OpenClaw version currently running in a sandbox, and nemoclaw <name> rebuild to pick up a newer pin from a NemoClaw upgrade. See Checking the OpenClaw version for the full policy.