For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
User Guide
User Guide
    • Home
      • Overview
      • Architecture Overview
      • Ecosystem
      • Release Notes
      • Prerequisites
      • Quickstart with Hermes
      • Inference Options
      • Use Local Inference
      • Switch Inference Providers
      • Manage Sandbox Lifecycle
      • Runtime Controls
      • Set Up Messaging Channels
      • Workspace Files
      • Backup and Restore
      • Install Hermes Plugins
      • Approve or Deny Network Requests
      • Customize the Network Policy
      • Integration Policy Examples
      • Monitor Sandbox Activity
      • Security Best Practices
      • Credential Storage
      • Architecture Details
      • Commands
      • Which CLI to Use
      • Network Policies
      • Troubleshooting
      • Agent Skills
      • Report Vulnerabilities
      • License
      • Discord
NVIDIANVIDIA
Developer-friendly docs for your API
Privacy Policy | Your Privacy Choices | Terms of Service | Accessibility | Corporate Policies | Product Security | Contact

Copyright © 2026, NVIDIA Corporation.

LogoLogoNemoClaw
On this page
  • What you can change at runtime
  • See also
Manage Sandboxes

Runtime Controls and Sandbox Mutability

||View as Markdown|
Previous

Manage Sandbox Lifecycle

Next

Messaging Channels

This page explains which parts of a running NemoClaw sandbox can change immediately and which changes require a rebuild or re-onboard.

What you can change at runtime

NemoClaw applies its security posture in three layers — what is baked into the sandbox image at onboard, what is hot-reloadable on the running sandbox, and what requires a rebuild or re-onboard. The table below maps each commonly changed item to the layer that owns it and the command that changes it.

ItemWhen the change takes effectHow to change it
Inference provider (cloud, NVIDIA Endpoints, local Ollama / vLLM, compatible-endpoint, …)Rebuild required (openclaw.json is locked at sandbox creation)nemoclaw <name> rebuild after picking a different provider via nemoclaw inference set
Inference model on the current providerRebuild required for OpenClaw; hot-reloadable for managed routersnemoclaw <name> rebuild (OpenClaw) or nemoclaw inference set (router-based)
Sub-agent (Hermes / OpenClaw / …)Re-onboard required (the sub-agent and its workspace are baked at onboard)nemoclaw onboard --recreate-sandbox
Network policy preset (slack, discord, telegram, brave, …)Runtime — applies on the next request; rebuild only required if the preset adds bind-mounted secretsnemoclaw <name> policy-add <preset> / policy-remove <preset>
Network allow-list (custom hosts)Runtime — picks up at next requestopenshell policy set or interactive approval prompt at the gateway
Channel tokens (Slack / Discord / Telegram bot credentials)Rebuild required (tokens are baked into the sandbox image at onboard so they never leave the host clear-text)nemoclaw <name> channels add <channel> then accept the rebuild prompt
Channel enable/disable (turn a configured channel off without removing the token)Rebuild required (openclaw.json is the source of truth at runtime, see #3453)nemoclaw <name> channels stop <channel> then rebuild
Dashboard forward portRuntime — port is re-resolved on next connectNEMOCLAW_DASHBOARD_PORT=<port> nemoclaw <name> connect
Dashboard bind address (loopback vs all interfaces)Runtime — applies on next connectNEMOCLAW_DASHBOARD_BIND=0.0.0.0 nemoclaw <name> connect (see #3259)
Web search backend (Brave, Tavily, etc.)Runtime via web.backend config flag; rebuild only if web.fetchEnabled flipsnemoclaw <name> config set --key web.backend --value tavily
Filesystem layout (Landlock zones, read-only mounts, container caps)Locked at creation — no runtime changeRe-onboard with nemoclaw onboard --recreate-sandbox
Sandbox nameLocked at creationRe-onboard with a different --name
GPU passthrough enable / device selectorLocked at creationRe-onboard with --gpu / --sandbox-gpu-device
Agents allow-list (agents.list in openclaw.json)Runtime — hot-reloaded by OpenClaw on config changePrefer agent or NemoClaw commands that keep host and sandbox state aligned
openclaw.json keys (general — model, agents.list, web.backend, channel config, etc.)Mixed. Individual keys still follow the rebuild rules in the rows above, such as provider switch requiring rebuild even after editing the JSON.Prefer NemoClaw host commands so the host registry and rebuilt image stay aligned

If a row above conflicts with what you observe, the runtime source of truth inside the sandbox is /opt/nemoclaw/openclaw.json; the host registry caches metadata but the image and OpenClaw read from the in-sandbox file.

See also

The mutability table above is a consolidated index of information that lives in more detail on per-topic pages:

  • Manage Sandbox Lifecycle — full rebuild / re-onboard / upgrade workflow.
  • Switch Inference Providers — the rebuild path for provider and model changes.
  • Customize Network Policy and Approve Network Requests — runtime policy editing and operator approval flow.
  • Security Best Practices — the per-attack-surface posture table that this page complements.
  • OpenClaw Security Controls — application-layer controls that operate independently of NemoClaw.
  • CLI Commands Reference — full flag surface for every nemoclaw command, including the env vars that affect runtime behavior.