NemoClawNemoClaw combines a host CLI, an in-sandbox integration layer, and a versioned YAML blueprint that defines the sandbox image, policies, and inference profiles applied through OpenShell.
NVIDIA OpenShell is a general-purpose agent runtime. It provides sandbox containers, a credential-storing gateway, inference proxying, and policy enforcement, but has no opinions about what runs inside. NemoClaw is an opinionated reference stack built on OpenShell that handles what goes in the sandbox, prepares agent-specific integration, and makes the setup accessible.
The logical diagram above shows how components relate. This section shows what actually runs where on the host. NemoClawās default Docker-driver topology does not place the sandbox in an embedded k3s cluster. On Linux and Apple Silicon macOS, NemoClaw starts the OpenShell Docker-driver gateway and creates the sandbox as a Docker container. The gateway normally runs as a host process; Linux hosts that need the gateway compatibility patch may run the same gateway binary inside a small container. In both Docker-driver modes, the sandbox is a Docker container, not a Kubernetes pod. Legacy non-Docker-driver installs still use the k3s-based gateway path; the diagram below shows the standard Docker-driver topology.
Layering from top to bottom:
NemoClaw never gives the sandbox a raw provider key.
At onboard time it registers credentials with OpenShellās provider/placeholder system, and the L7 proxy substitutes the real value into outbound requests at egress.
The CLI helper isInferenceRouteReady (in src/lib/onboard.ts) is a host-side readiness check used by the resume flow to decide whether the active route already covers the chosen provider and model.
It is not a runtime component.
For the DGX Spark-specific variant of this topology (cgroup v2, aarch64, unified memory), refer to the NVIDIA Spark playbook.
NemoClaw integrates with each supported agent through a runtime layer that adapts the agent to OpenShell-managed providers, policies, and sandbox state. The concrete files differ by agent because each runtime has its own plugin system, config format, state layout, and startup command.
The OpenClaw integration is a thin TypeScript plugin that runs in-process with the OpenClaw gateway inside the sandbox. Before an OpenClaw turn starts, the plugin prepends a short context block with the active sandbox name, sandbox phase, network policy summary, and filesystem policy summary. When the policy or phase changes during a session, the plugin sends a smaller update block instead of repeating the full context.
The Hermes integration follows the generic agent-manifest path instead of the OpenClaw plugin package path.
The manifest declares Hermesā binary, health probe, config directory, state directories, messaging support, and OpenAI-compatible API endpoint.
The build-time config generator turns NemoClaw onboarding choices into Hermes YAML and environment files, and the Hermes plugin manifest exposes NemoClaw tools and an on_session_start hook.
The blueprint is a versioned YAML package with its own release stream. The runner resolves, verifies, and applies the blueprint through the OpenShell CLI. The blueprint defines the sandbox shape, default policies, and inference profiles; the runner performs the OpenShell operations.
Hermes keeps its agent-owned image, plugin, config, entrypoint, and policy additions under agents/hermes/.
The default Hermes policy starts from agents/hermes/policy-additions.yaml, and the permissive variant used by shields down lives in agents/hermes/policy-permissive.yaml.
The current blueprint runner implementation lives in the nemoclaw/ TypeScript package:
blueprint.yaml.openshell CLI commands.Normal NemoClaw onboarding builds from the
ghcr.io/nvidia/nemoclaw/sandbox-base
base image and layers the NemoClaw runtime Dockerfile on top. The direct blueprint
runner still carries a pinned OpenShell Community OpenClaw image for legacy
openshell sandbox create --from compatibility. Inside the sandbox:
/sandbox and /tmp for read-write access, with system paths read-only.python to python3 symlink for tools that still invoke python.Inference requests from the agent never leave the sandbox directly. OpenShell intercepts them and routes to the configured provider:
When you select the Model Router provider, the OpenShell gateway routes to a host-side router process instead of a single upstream model. The router selects from the configured pool, then calls the upstream NVIDIA endpoint with the credential held outside the sandbox.
Some model and provider combinations need agent-specific compatibility setup.
NemoClaw keeps those declarations under nemoclaw-blueprint/model-specific-setup/<agent>/ so fixes for each supported agent can be tested and reviewed independently.
Refer to Inference Options for provider configuration details.
Provider credentials live in the OpenShell gateway store, not on the host filesystem. NemoClaw never writes them to host disk; the OpenShell L7 proxy injects values at egress. See Credential Storage for the inspection, rotation, and migration flow.
NemoClaw keeps non-secret operator-facing state on the host rather than inside the sandbox.
The following environment variables configure optional services and local access.
For normal setup and reconfiguration, prefer nemoclaw onboard over editing these files by hand.
Do not treat NEMOCLAW_DISABLE_DEVICE_AUTH as a runtime setting for an already-created sandbox.