NemoClawAdd, remove, or modify the endpoints that the sandbox is allowed to reach.
The sandbox policy is defined in a declarative YAML file in the NemoClaw repository and enforced at runtime by NVIDIA OpenShell. NemoClaw supports both static policy changes that persist across restarts and dynamic updates applied to a running sandbox through the OpenShell CLI.
If the sandbox needs to reach an HTTP service running on the host, expose the service on a host IP that the OpenShell gateway can reach.
Apply a custom NemoClaw preset with nemoclaw <sandbox> policy-add --from-file.
Do not rely on host.docker.internal as a general host-service path because it bypasses the OpenShell policy path and may not be reachable in every sandbox runtime.
See Agent cannot reach a host-side HTTP service.
PATH.[!IMPORTANT] Make static policy edits on the host, not inside the sandbox. The sandbox image includes a small set of operational tools such as
vi,jq, anddos2unix, but host-side policy files remain the durable source of truth. Changes made only inside the sandbox are also ephemeral and are lost when the sandbox is recreated.
Static changes modify the baseline policy file and take effect after the next sandbox creation.
Open nemoclaw-blueprint/policies/openclaw-sandbox.yaml and add or modify endpoint entries.
If you want a built-in preset to be part of the baseline policy, merge its network_policies entries into this file and re-run nemoclaw onboard.
If you only need to apply a preset to a running sandbox, use nemoclaw <name> policy-add under Dynamic Changes.
That updates the live policy and does not edit openclaw-sandbox.yaml.
Use a manual YAML edit when you need to allow custom hosts that are not covered by a preset, such as an internal API or a weather service.
Each entry in the network section defines an endpoint group with the following fields:
endpoints
: Host and port pairs that the sandbox can reach.
binaries
: Executables allowed to use this endpoint.
rules
: HTTP methods and paths that are permitted.
Apply the updated policy by re-running the onboard wizard:
The wizard picks up the modified policy file and applies it to the sandbox.
Check that the sandbox is running with the updated policy:
If you maintain a custom blueprint, you can add extra policy entries under components.policy.additions in nemoclaw-blueprint/blueprint.yaml.
NemoClaw validates those entries with the same policy schema used by preset files, fetches the live policy during sandbox creation, merges the additions into network_policies, and applies the merged policy through OpenShell.
The applied additions are recorded in the run metadata so you can audit which blueprint-level policy entries were active for that sandbox run.
Dynamic changes apply a policy update to a running sandbox without restarting it.
[!WARNING]
openshell policy setreplaces the sandbox’s live policy with the contents of the file you provide; it does not merge. A running sandbox’s live policy is the baseline policy plus every preset that was layered on during onboarding. Applying a file that contains only the baseline (or only a single preset) silently drops every other preset that was in effect.
policy-add (Recommended)This is the non-destructive path and the only flow NemoClaw supports out of the box for merging new entries into a running policy.
Create a preset-format YAML file under nemoclaw-blueprint/policies/presets/, for example nemoclaw-blueprint/policies/presets/influxdb.yaml:
Apply it to the running sandbox:
NemoClaw reads the live policy via openshell policy get --full, structurally merges your preset’s network_policies into it, and writes the merged result back.
Existing presets and the baseline remain in place.
The preset file under presets/ also persists across sandbox recreations.
Use this path only when you cannot add a file under the NemoClaw source tree. You must start from the live policy, not from a baseline policy file, so the presets layered on at onboarding are preserved in the file you apply.
Edit live-policy.yaml to add your entries under network_policies:, keeping the existing version field intact, then apply:
Dynamic changes apply only to the current session. When the sandbox stops, the running policy resets to the baseline policy plus the presets recorded for the sandbox.
To make a custom policy survive a sandbox recreation, ship the preset file in the repository (Option 1 above — the file under presets/ persists) or edit openclaw-sandbox.yaml and re-run nemoclaw onboard.
For one-off access, you can approve blocked requests in the OpenShell TUI instead of editing the baseline policy:
This is useful when you want to test a destination before deciding whether it belongs in a permanent preset or custom policy file.
NemoClaw ships preset policy files for common integrations in nemoclaw-blueprint/policies/presets/.
Apply a preset as-is or use it as a starting template for a custom policy.
For guided post-install examples, see Common Integration Policy Examples.
During onboarding, the policy tier you select determines which presets are enabled by default. You can add or remove individual presets in the interactive preset screen that follows tier selection.
Available presets:
To apply a preset to a running sandbox:
Preset selection is interactive when you omit a preset name.
Pass a preset name with --yes for scripted workflows.
For example, to interactively add PyPI access to a running sandbox:
To list which presets are applied to a sandbox:
To include a preset in the baseline, merge its entries into openclaw-sandbox.yaml and re-run nemoclaw onboard.
The openshell policy set --policy <file> <sandbox-name> command operates on raw policy files and does not
accept the preset: metadata block used in preset YAML files.
Use nemoclaw <name> policy-add for presets.
For scripted workflows, policy-add and policy-remove accept the preset name as a positional argument:
Set NEMOCLAW_NON_INTERACTIVE=1 instead of --yes to drive the same flow from an environment variable.
See Commands for the full flag reference.
nemoclaw <name> rebuild reapplies every policy preset to the recreated sandbox, so presets survive an agent-version upgrade without manual reapplication.
Apply a user-authored preset YAML to a running sandbox without editing the baseline or dropping to openshell policy set.
A custom preset follows the same shape as the built-in ones under nemoclaw-blueprint/policies/presets/:
The top-level preset.name must be a lowercase RFC 1123 label (letters, digits, hyphens) and must not collide with a built-in preset name such as slack or pypi.
Rename preset.name if NemoClaw refuses to apply the file because of a collision.
Preview the endpoints without applying with --dry-run, and skip the confirmation prompt with --yes or by exporting NEMOCLAW_NON_INTERACTIVE=1.
Files are processed in lexicographic order. Processing stops at the first failure; presets already applied are not rolled back. Fix the failing file and re-run the command to continue.
Custom preset hosts bypass NemoClaw’s review process and can widen sandbox egress to arbitrary destinations. Review every host in a custom preset before applying it, especially when the file originates outside your team.
Custom presets applied with --from-file or --from-dir are recorded in the NemoClaw sandbox registry alongside their full YAML content, so they can be removed by name — the original file does not need to be kept on disk:
policy-remove accepts both built-in and custom preset names. Run nemoclaw <name> policy-list to see every preset currently applied to the sandbox.