NemoClaw Quickstart with Hermes
Create a sandboxed Hermes agent, then chat with it from the dashboard or terminal.
The nemohermes command is the NemoClaw CLI with Hermes pre-selected.
Set Up with the Starter Prompt on Your Coding Agent
Copy this starter prompt into Cursor, Claude Code, Codex, Copilot, or another local coding agent when you want it to guide the installation.
The prompt points the agent to Use NemoClaw Docs with Your Coding Agents, this quickstart, the Markdown docs, and the optional nemoclaw-user-guide skill.
It asks the agent to confirm Hermes before it runs commands that create a sandbox or receive credentials and to use the checked-in local credential helper and form only after you approve the exact command that receives credentials.
Install NemoClaw with your coding agent
# NemoClaw Instructions for a Non-Technical User
Help me install and run NVIDIA NemoClaw from this coding-agent UI.
I may use Cursor, Claude Code, Codex, Copilot, or another local coding agent.
I do not know how to use a terminal.
## Interaction Rules
* Ask exactly one question at a time.
* Use clickable choices when supported; otherwise show one short numbered list and wait.
* Detect the operating system and whether it is WSL using read-only checks.
* Ask which computer I am using only if the environment cannot be determined reliably.
* Next ask which agent I want: OpenClaw, Hermes, or LangChain Deep Agents Code.
* Never ask me to run commands myself, except the one workstation-side `ssh -N -L` command needed to open a remote credential form securely.
* Explain each command in plain language, ask permission, then run it for me.
* Pause before installs, system changes, administrator access, large downloads, credentials, sandbox creation, and long-running processes.
* Summarize command output instead of asking me to copy it into chat.
* Explain errors and unfamiliar terms such as Docker, container, model, API key, port, and SSH.
* Never ask me to paste passwords, API keys, tokens, or private credentials into chat.
* Use redacted placeholders such as `<PASTE_YOUR_API_KEY_HERE>` in examples.
* During long operations, give a short update at least once per minute.
* Do not start duplicate installers, downloads, or model servers.
* Verify results after important commands; do not rely only on exit codes.
## Goal
Install NemoClaw, collect onboarding choices before execution, include messaging in the first sandbox build when the selected agent supports it, launch the selected agent, and verify that it responds.
## Agent Selection
Ask: “Which NemoClaw agent would you like?”
Choices:
1. OpenClaw, the default.
2. Hermes.
3. LangChain Deep Agents Code.
Use `NEMOCLAW_AGENT=hermes` or `nemohermes onboard` for Hermes.
Use `NEMOCLAW_AGENT=langchain-deepagents-code` or `nemo-deepagents onboard` for Deep Agents.
## Hardware and Readiness
* On Linux, ask permission to run a read-only readiness check before provider selection.
* Check distribution, architecture, product and firmware identity, GPU and memory, NVIDIA driver, Container Toolkit, Docker, Node.js, disk space, existing NemoClaw, Ollama, vLLM, relevant ports, and administrator access.
* Classify the computer as DGX Spark, DGX Station, NVIDIA GB300, another NVIDIA computer, ordinary macOS/Linux, or unknown.
* Do not identify DGX Spark from the GPU name alone; combine product, firmware, architecture, and GPU evidence.
* Classify a system as DGX Station when its firmware identifies a Station GB300 platform, or when its exact OEM model is documented by NVIDIA or the manufacturer as based on DGX Station architecture.
* A confirmed NVIDIA GB300 can independently qualify for expanded local-runtime choices.
* If uncertain, explain that and let NemoClaw’s official preflight make the final platform decision.
## Administrator Access
* Check administrator availability without waiting for input, such as with a non-interactive sudo check.
* If passwordless sudo works, continue without prompt mode.
* If passwordless sudo is unavailable but the coding-agent UI provides a secure visible password prompt, explain why access is needed, ask permission, and set `NEMOCLAW_NON_INTERACTIVE_SUDO_MODE=prompt`.
* Let the real `sudo` program collect the password; never use chat or the API-key form for the computer password.
* If neither passwordless sudo nor a secure password prompt is available, stop before the affected install or system change.
* Never pipe a password, store it in a file, generate a password helper, or put it in command arguments.
* Offer a user-local alternative only when official documentation supports it for that exact operation.
* Do not silently use user-local Ollama for a system Ollama upgrade when the old system service would remain active.
## Platform-Specific Instructions
After the readiness check, load exactly one matching instruction asset before provider selection:
* Confirmed DGX Spark: [DGX Spark Express instructions](https://raw.githubusercontent.com/NVIDIA/NemoClaw/f3682a5be7069e58303d3345e682424d5c2453b2/docs/resources/prompt-assets/dgx-spark.md).
* Confirmed DGX Station: [DGX Station installation instructions](https://raw.githubusercontent.com/NVIDIA/NemoClaw/f3682a5be7069e58303d3345e682424d5c2453b2/docs/resources/prompt-assets/dgx-station.md).
* Officially detected Windows WSL: [Windows WSL Express instructions](https://raw.githubusercontent.com/NVIDIA/NemoClaw/f3682a5be7069e58303d3345e682424d5c2453b2/docs/resources/prompt-assets/windows-wsl.md).
Read the matching raw Markdown file completely and follow it before continuing.
Do not load a platform asset for any other computer.
## Runtime and Provider Selection
If no platform asset applies, or its offered install path is declined, ask: “Which inference runtime or provider would you like?”
Choices:
1. Existing vLLM, only when a ready server is detected on `localhost:8000`.
2. Managed vLLM, optimized local inference with a large download.
3. Local Ollama, only when the selected agent and platform support it.
4. NVIDIA Endpoints, which requires an NVIDIA API key.
5. OpenRouter, which requires an OpenRouter API key.
6. OpenAI, which requires an OpenAI API key.
7. Anthropic, which requires an Anthropic API key.
8. Google Gemini, which requires a Gemini API key.
9. Model Router, which requires an NVIDIA API key.
10. Other OpenAI-compatible endpoint, which requires an endpoint, model, and usually a key.
11. Other Anthropic-compatible endpoint, which requires an endpoint, model, and usually a key.
12. Hermes Provider, only when Hermes is selected.
On ordinary supported macOS or Linux:
* Offer Local Ollama for OpenClaw or Hermes when it is installed, running, or officially installable.
* Do not offer Local Ollama for Deep Agents unless current official documentation adds support.
* Offer an existing ready vLLM server when detected.
* Also show all applicable hosted and compatible providers.
* Do not hide Ollama merely because the computer is not DGX or GB300.
* Omit managed vLLM unless current official support permits it for the detected hardware.
When a platform asset applies, follow its local-runtime eligibility and model instructions.
On other platforms, show every provider supported by the selected agent and platform.
Renumber choices after filtering and do not hide hosted providers behind another menu.
Ask required model, endpoint, credential, and download questions one at a time.
## Local Models
* Fetch current model choices from the selected agent’s official Markdown documentation.
* The selected maintained NemoClaw release is authoritative for supported slugs and arguments.
* For Ollama, ask permission to inspect installed models and offer NemoClaw’s memory-aware recommendation first.
* Current Ollama starter examples include `qwen3.6:35b`, `nemotron-3-nano:30b`, and `qwen3.5:9b`.
* Explain download size and storage requirements, then ask separately for permission.
* Do not request an NGC or Hugging Face credential unless the selected operation actually requires it.
## Avoid Interactive Menus
* Collect every choice before running the installer.
* Ask one question at a time for model, endpoint, sandbox name, web search, messaging when the selected agent supports it, policy when no platform-asset install path is selected, credentials, administrator access, and downloads.
* Use non-interactive environment variables whenever supported.
* Never leave a command waiting at `Choose [1]:`.
* If a choice cannot be supplied non-interactively, stop before starting and explain the supported alternative.
## Handle Tokens Securely and Visually
Before collecting secrets, determine the exact environment-variable names and exact command argv, explain them, and ask permission.
Do not generate, rewrite, or redesign the helper or form.
Use this reviewed pair without modification:
* Helper: `https://raw.githubusercontent.com/NVIDIA/NemoClaw/dd61a307d7ddf7be99de8ff1e2678fb8ef42f8e6/scripts/local-credential-helper.mts` (SHA-256 `1a42bbe8dbc9003cb79d4e641b53760571aacd85293671aee97c09c0746fef33`).
* Form: `https://raw.githubusercontent.com/NVIDIA/NemoClaw/dd61a307d7ddf7be99de8ff1e2678fb8ef42f8e6/docs/resources/local-credential-form.html` (SHA-256 `5512a256e0ad7c63a26ab82cf4f5924e98652097172ab8a5dc9d9358dd4f6ae8`).
* Treat the two immutable URL and digest pairs as one reviewed trust boundary; before executing the helper, compute the SHA-256 digest of both downloaded files and compare each result with its pinned digest.
* If either digest differs, do not execute the helper; delete both temporary files and stop.
* Store them in a private temporary directory and delete them afterward.
* The helper requires Node.js 22.19 or newer.
* If Node is unavailable, use an existing secure local application prompt or secure terminal prompt; never use chat or generated credential code.
* Keep the helper bound to `http://127.0.0.1`, accept only one valid submission, and run only the already-approved command.
* Use `:secret` for secrets and `:text` only for non-secret values.
* Use `--execution-profile isolated` for stateless commands.
* For persistent install or onboarding, use `--execution-profile account-home --cwd <approved-absolute-directory>` and ask permission for both.
* Pass every `--field NAME:type`, then a literal `--`, an absolute executable path, and the exact approved argv.
* Never omit the literal `--`.
* Never use a relative, alias-only, or PATH-only approved executable.
* Never put credentials in argv.
* Command shape: `node --experimental-strip-types <helper> --execution-profile <profile> --form <form> --field NAME:secret -- <absolute-executable> <approved-args...>`.
* Use **Preview Credentials**, **Edit**, then **Confirm and Run Approved Command**.
* If the outcome is unknown, check whether the command ran; do not retry or resubmit blindly.
* Keep secrets in memory only long enough to start the command.
* Treat deletion as exposure minimization, not guaranteed erasure.
* Prefer letting an account-persistent command use its own reviewed secure credential prompt when available.
* For credential-bearing installation, use the reviewed helper only with an already-downloaded and verified installer.
* Do not hand-assemble a `curl | bash` wrapper around credentials.
* Never print, log, commit, cache, or paste secrets.
Use this provider mapping for non-interactive setup:
* NVIDIA Endpoints: `NEMOCLAW_PROVIDER=build`, `NVIDIA_INFERENCE_API_KEY`.
* OpenRouter: `NEMOCLAW_PROVIDER=openrouter`, `OPENROUTER_API_KEY`.
* OpenAI: `NEMOCLAW_PROVIDER=openai`, `OPENAI_API_KEY`.
* Anthropic: `NEMOCLAW_PROVIDER=anthropic`, `ANTHROPIC_API_KEY`.
* Gemini: `NEMOCLAW_PROVIDER=gemini`, `GEMINI_API_KEY`.
* Hermes Provider: `NEMOCLAW_PROVIDER=hermes-provider`; Hermes only.
* Model Router: `NEMOCLAW_PROVIDER=routed`, `NVIDIA_INFERENCE_API_KEY`.
* OpenAI-compatible: `NEMOCLAW_PROVIDER=custom`, endpoint, model, `COMPATIBLE_API_KEY`.
* Anthropic-compatible: `NEMOCLAW_PROVIDER=anthropicCompatible`, endpoint, model, `COMPATIBLE_ANTHROPIC_API_KEY`.
* Ollama: `NEMOCLAW_PROVIDER=ollama`, optional `NEMOCLAW_MODEL`.
* Existing vLLM: `NEMOCLAW_PROVIDER=vllm`.
* Managed vLLM: `NEMOCLAW_PROVIDER=install-vllm`; use an approved optional model override only when the selected platform supports it.
Do not offer Hermes Provider for OpenClaw or Deep Agents.
## Credential Form and SSH
Ask whether I use SSH only after the helper starts and prints its complete one-time URL: “Are you connected to this computer through SSH?”
Choices:
1. No, I am using it directly.
2. Yes, this is a remote SSH computer.
3. I am not sure.
* Treat the helper’s complete URL as an opaque, sensitive, one-time capability.
* Preserve its scheme, host, port, `/local-credential-form.html` path, complete `field=` query string, and `#cap=` fragment exactly.
* Never replace it with a reconstructed bare `http://127.0.0.1:<port>` URL.
* If local, give me the complete original URL unchanged.
* If remote, read its port and ask me to run: `ssh -N -L <port>:127.0.0.1:<port> <username>@<host>`.
* Fill in the actual port, username, and host when known.
* Explain that it runs on my workstation, normally prints nothing, and must remain open until credential entry finishes.
* After the tunnel starts, give me the helper’s original complete URL unchanged.
* Require the same port on both sides; do not remap the helper to another local port.
* If that local port is occupied, stop the unused helper safely, resolve the conflict or start a fresh helper session, and use only the new complete URL.
* Never reuse an old URL or expose the form through `0.0.0.0`, LAN, public URL, shared tunnel, or unauthenticated proxy.
* Tell me when it is safe to stop the forwarding command.
## Messaging During Initial Onboarding
For OpenClaw or Hermes, ask before the first sandbox build: “Do you want to configure a messaging channel during onboarding?”
Choices: No, Telegram, Discord, Slack, WhatsApp, WeChat (experimental).
Skip messaging for Deep Agents.
Configure one channel at a time, then ask whether to add another.
Collect messaging before policy selection so the first image includes channel configuration and matching network presets.
* Telegram requires `TELEGRAM_BOT_TOKEN`; optional settings include allowed IDs, mention mode, and OpenClaw group policy.
* Discord requires `DISCORD_BOT_TOKEN`; optional settings include server ID, user ID, and mention mode.
* Slack requires `SLACK_BOT_TOKEN` and `SLACK_APP_TOKEN`; optional settings include allowed users and channels.
* WhatsApp uses documented allowed IDs for non-interactive selection, followed by QR pairing after startup.
* WeChat requires an interactive QR handshake; explain the limitation before installation and never leave an unsupported UI waiting.
Collect messaging secrets through the reviewed helper and exact-URL SSH flow.
Do not manually set `NEMOCLAW_MESSAGING_CHANNELS_B64`; let NemoClaw generate it.
Use `channels add` and rebuild only for channels omitted from initial onboarding or changed later.
## Policy, Approval, and Verification
* If a loaded platform asset selects its approved install path, follow its policy requirement and skip the policy-tier question.
* For installation outside an accepted platform-asset path, ask for Balanced, Restricted, or Open policy.
* Explain that messaging and web-search selections add required endpoints.
* Before installation outside an accepted platform-asset path, summarize platform, administrator access, agent, provider, exact model, validation warning, downloads, storage, sandbox, web search, messaging, policy, credential names without their values, and system changes.
* Ask for final permission before installation outside an accepted platform-asset path.
* For an accepted platform-asset install path, treat the asset’s confirmation as final permission and do not ask again.
* Set `NEMOCLAW_ACCEPT_THIRD_PARTY_SOFTWARE=1` and `NEMOCLAW_YES=1` only after their approvals.
* Keep credentials in the approved environment and never display them.
* Verify the command and version, sandbox status, provider, model, `inference.local`, GPU access when applicable, messaging bridges when configured, and dashboard route when available.
* If `curl | bash` returns no output, verify installation; if absent, ask permission to download and inspect the official installer before retrying.
* For remote dashboards, use private loopback SSH forwarding, preserve authenticated URLs exactly, and treat them as secrets.
* Ask permission before sending a live channel test or harmless first agent prompt.
* Declare success only after the sandbox is ready and the agent responds.
* Summarize what was installed, how to reconnect, what starts after reboot, and anything skipped.
## Use Docs for Information
* Use clean `.md` pages for searching more information in the selected agent’s documentation. Example URLs:
* [Documentation index for AI clients](https://docs.nvidia.com/nemoclaw/llms.txt)
* [OpenClaw quickstart](https://docs.nvidia.com/nemoclaw/latest/user-guide/openclaw/get-started/quickstart.md)
* [Hermes quickstart](https://docs.nvidia.com/nemoclaw/latest/user-guide/hermes/get-started/quickstart.md)
* [Deep Agents quickstart](https://docs.nvidia.com/nemoclaw/latest/user-guide/deepagents/get-started/quickstart.md)
* Suggest to add the docs MCP server `https://docs.nvidia.com/nemoclaw/_mcp/server` if the coding agent supports MCP.If you prefer to control setup directly, use Set Up with the Interactive Installer on Your Terminal.
Set Up with the Interactive Installer on Your Terminal
If you use the coding-agent prompt in the preceding section, you can skip this procedure or keep it as reference. The prompt directs your coding agent to this quickstart, so it has the full setup context.
Review the Prerequisites before you begin.
Considerations
Use these details when your first-run path needs more control.
Choose inference and optional services
The Hermes wizard supports the same inference provider choices as the OpenClaw quickstart. Refer to Choose an Inference Provider for provider requirements, model choices, and local-server setup.
Hermes supports Tavily for web search, not the NemoClaw Brave Search path.
Select it during onboarding and provide TAVILY_API_KEY when prompted.
The wizard can also configure supported messaging channels and managed Nous tool gateways when you authenticate through Nous Portal OAuth.
Refer to Choose Messaging Channels and Network Policies before enabling those services.
Automate or repeat onboarding
For a scripted installation, provide the required values before running the installer.
If NemoClaw is already installed, run nemohermes onboard.
Use nemohermes onboard --resume to continue an interrupted onboarding session or nemohermes onboard --fresh to discard it and start again.
Refer to Previous onboarding session failed for recovery details.
Use the dashboard and API remotely
Hermes forwards its dashboard on port 18789 and its OpenAI-compatible API on port 8642.
For a remote dashboard origin or tunnel, set CHAT_UI_URL to the externally reachable dashboard origin before onboarding.
Otherwise, leave it unset and use SSH port forwarding for remote access.
Configure API clients with the base URL http://127.0.0.1:8642/v1 after forwarding port 8642.
Hermes handles dashboard and API authentication itself, so do not append an OpenClaw #token= fragment to either URL.
Treat the dashboard as a local management UI and protect it before you expose it on a shared network.
Manage a Hermes sandbox
Use the nemohermes alias for lifecycle, logs, backups, rebuilds, and model changes.
Use nemohermes my-hermes destroy only when you intend to remove the sandbox.
Refer to Recover and Rebuild Sandboxes for the recovery workflow.
Host and Installer Details
Install Docker, start it, and confirm the current shell can reach it before Hermes onboarding builds the sandbox image.
On Linux, the installer can install Docker, start the service, and add your user to the docker group.
If it changes group membership, run the printed newgrp docker command before rerunning the installer.
On macOS, start Docker Desktop or Colima before you run the installer.
The first Hermes build can take several minutes because NemoClaw builds the Hermes sandbox base image when it is not already cached.
The hosted installer follows the maintained last-known-good (lkg) release tag by default.
To expose the Hermes dashboard from a headless host through a remote URL or tunnel, set CHAT_UI_URL before onboarding to the externally reachable origin for dashboard port 18789.
NemoClaw derives the forwarded dashboard port from this value, binds the forward for remote access when the origin is non-loopback, and prints the final dashboard URL in the ready summary.
The OpenAI-compatible API remains available separately on port 8642.
Leave CHAT_UI_URL unset when you use SSH local port forwarding to 127.0.0.1:18789.
Hermes API clients authenticate with the bearer token from the generated Hermes environment, not an OpenClaw dashboard URL token.
Onboarding and Integration Details
The wizard asks for an inference provider, model, required credential, and sandbox name before it prints the review summary.
After confirmation, NemoClaw registers inference, prompts for optional Tavily Search and supported messaging channels, builds and starts the sandbox, sets up Hermes, and applies the selected network policy tier and presets.
At any prompt, press Enter to accept the default shown in [brackets], type back to return to the previous prompt, or type exit to quit.
The default Hermes sandbox name is hermes.
Use a distinct name, such as my-hermes, when you run Hermes and OpenClaw sandboxes side by side.
NemoClaw prevents same-name reuse when an existing sandbox uses a different agent.
The provider options and credential variables match the standard NemoClaw quickstart.
Refer to Choose an Inference Provider for provider-specific prompts.
Hermes offers Tavily Search and does not support the NemoClaw Brave Search path.
When you enable Tavily Search, provide TAVILY_API_KEY.
NemoClaw validates the key, stores it in a sandbox-scoped OpenShell provider, writes web.backend: tavily into the Hermes configuration, and writes only an OpenShell resolver placeholder into the generated environment.
When you authenticate through Nous Portal OAuth, the wizard can also prompt for managed Nous tool gateways such as web search, image generation, audio, browser automation, and managed code execution.
Those choices add matching Hermes policy presets to the sandbox.
If you select Tavily Search and the managed Nous web gateway, Tavily becomes the Hermes web search and extract backend.
NemoClaw removes nous-web from the effective managed-tool selection while preserving selected Nous image, audio, browser, and code tools.
API-key mode is inference-only and does not enable managed tool gateways.
After you select a provider and model, review the summary and confirm the build.
NemoClaw writes Hermes configuration into /sandbox/.hermes, routes model traffic through inference.local, and starts the Hermes gateway inside the sandbox.
The Hermes image includes runtime dependencies for supported NemoClaw messaging integrations, the API service, and its health endpoint.
The base image does not include unsupported Hermes integrations.
Hermes uses an agent-specific baseline policy that allows the Hermes binary and Python runtime to reach required Nous Research service endpoints, PyPI, NVIDIA inference endpoints, and selected messaging APIs.
Noninteractive Setup Details
For CI or scripted installs, provide every required variable before you run the installer.
This NVIDIA Endpoints example creates my-hermes with Tavily Search.
Use the provider variables from Choose an Inference Provider when you choose another provider.
Set NEMOCLAW_WEB_SEARCH_PROVIDER=none to disable web search explicitly.
When the selector is unset, Hermes enables Tavily automatically when TAVILY_API_KEY is available and ignores BRAVE_API_KEY.
Changing or disabling Tavily requires sandbox recreation because the backend, credential attachment, and policy selection are build-time inputs.
Rerun onboarding with the new selection and accept recreation, or pass --recreate-sandbox.
Dashboard and API Details
The ready summary prints the sandbox name, model, lifecycle commands, Hermes dashboard URL, and OpenAI-compatible API URL.
When Tavily is enabled, onboarding reads the generated Hermes configuration to confirm web.backend: tavily and sends a real search request through OpenShell’s request-body credential rewrite path.
This verification reports a warning instead of aborting onboarding when the configuration or egress path needs attention.
Hermes exposes its browser dashboard on port 18789 and forwards its OpenAI-compatible API on port 8642 for local clients.
The dashboard assets are built into the sandbox image, so the dashboard starts without running npm as the sandbox user under /opt/hermes.
Dashboard chat uses the prebuilt /opt/hermes/ui-tui bundle.
To recover the dashboard manually, use hermes dashboard --tui --skip-build so recovery does not try to rebuild assets under root-owned installation paths.
Set NEMOCLAW_HERMES_DASHBOARD_TUI=1 before onboarding only when you want Hermes’ optional in-browser TUI tab.
The onboard flow starts both port forwards automatically.
The Hermes dashboard URL does not include an OpenClaw #token= fragment.
nemohermes my-hermes dashboard-url --quiet returns http://127.0.0.1:18789/ when the default local forward is active.
Check the API health endpoint from the host.
If that command cannot connect after a reboot or terminal restart, restart the forward.
Configure OpenAI-compatible clients with http://127.0.0.1:8642/v1.
Hermes uses API header authentication for client requests.
Do not append an OpenClaw #token= fragment to the endpoint.
Lifecycle and Model Details
The nemohermes alias keeps help text and recovery messages aligned with Hermes while targeting the same registered sandbox.
nemoclaw list shows the agent type for each sandbox so you can distinguish Hermes and OpenClaw entries.
nemohermes inference set changes the active model or provider without rebuilding the sandbox.
It updates the OpenShell inference route and patches /sandbox/.hermes/config.yaml without restarting Hermes.
Troubleshooting
If the installer changes your Linux Docker group membership, run the printed newgrp docker command before you rerun it.
If nemohermes is unavailable after installing, reload your shell profile or follow the Hermes troubleshooting steps.
Next Steps
- Choose an Inference Provider explains how to choose or change a model and provider.
- Commands explains the
nemohermesalias and its options. - Create and Restore Snapshots explains how to preserve sandbox state.
- Monitor Sandbox Activity explains how to inspect OpenShell events and sandbox logs.