Platform Support and Launch Claims

This page is the canonical reference for what NemoClaw supports today. Any documentation, demo, blog post, sales conversation, or support reply that describes NemoClaw capability should agree with the entries below.

The tables on this page are generated from ci/platform-matrix.json. Update the JSON; the tables and the partial views on other pages stay in sync with scripts/generate-platform-docs.py.

Status vocabulary

Status	Meaning
Tested	Validated by CI or QA. Safe to claim and to demo.
Tested with limitations	Works on the listed setup with documented caveats. Caveats must be cited whenever this row is claimed.
Experimental	Available behind `NEMOCLAW_EXPERIMENTAL=1` or an equivalent opt-in flag. Do not claim in launch-facing material without the opt-in mentioned.
Deferred	Planned but not yet validated. Roadmap-only. Do not claim as supported.
Unsupported	Explicitly out of scope. Not validated and not planned. Documented to set expectations and prevent drift.
Hermes only	Available only when onboarding the Hermes agent.

Project status

For version highlights, see Release Notes.

Stage: alpha
Label: Early preview
Since: 2026-03-16
Notes: Maintainers review issues, discussions, and PRs on a best-effort basis without guaranteed response timelines.

Owners

Engineering owner: @NVIDIA/nemoclaw-maintainer (reviews through CODEOWNERS and signs off on launch-facing claim changes before they reach demos or sales material).

The engineering owner is the GitHub team auto-assigned to review changes to ci/platform-matrix.json through CODEOWNERS, and the same team signs off on launch-facing claim changes before they reach demos, blog posts, or sales material.

Review process

A change to a status or note opens a PR that touches ci/platform-matrix.json.
CODEOWNERS auto-requests review from the engineering owner team.
If the change is launch-facing (any status promotion, demotion, or new public claim), the engineering owner team explicitly acknowledges the launch impact in the PR review before approval.
The platform-matrix-sync pre-commit hook runs python3 scripts/generate-platform-docs.py and stages the regenerated tables on every commit that touches the matrix, the generator, or any rendered page, so commits cannot land with the tables out of sync. Run python3 scripts/generate-platform-docs.py --check locally or in CI to verify the rendered tables match the JSON without regenerating.
After merge, the next NemoClaw release picks up the updated matrix automatically through the docs build.

Agents

NemoClaw supports the agent runtimes listed below. Pick the matching onboarding entry point for each agent.

Agent	Status	Default	Notes
OpenClaw	Tested	Yes	Default agent runtime. Onboard with `$$nemoclaw onboard` (no `--agent` flag required).
Hermes	Tested with limitations	No	First-class agent with dedicated CLI (`$$nemohermes`), Dockerfile, manifest, docs, and nightly E2E job coverage (`hermes-e2e` job in `.github/workflows/nightly-e2e.yaml` plus the `hermes-*-vitest` jobs in `e2e-vitest-scenarios.yaml`). Onboard with `$$nemohermes onboard` or pass `--agent hermes` to `$$nemoclaw onboard`. Unlocks the Hermes Provider inference route. Known structural gaps: model-provider compatibility registry is empty (backfilled after failures, see `nemoclaw-blueprint/model-specific-setup/hermes/README.md`); no Hermes-specific unit tests in `nemoclaw/src/`; macOS and WSL CI suites do not differentiate agents. Suitable for evaluation and the documented onboarding paths; production parity with OpenClaw is not yet asserted.
LangChain Deep Agents Code	Experimental	No	Terminal-oriented coding harness (no in-sandbox gateway, no dashboard) built on the Deep Agents SDK; manifest at `agents/langchain-deepagents-code/manifest.yaml` with binary `dcode`. Onboard with `$$nemoclaw onboard --agent langchain-deepagents-code` and follow the quickstart. NemoClaw runs it as a managed harness: unmanaged sandbox/MCP/shell overrides are rejected and credential-bearing proxy URLs are dropped from persisted shell env. Inference routes through OpenShell’s `inference.local` endpoint via Deep Agents Code’s OpenAI-compatible provider. Live runtime acceptance, broader launch material, and terminal-agent diagnostics are tracked at open issue #4861.

Platforms

The table below lists every platform tracked by NemoClaw, including deferred entries that are on the roadmap but not yet validated. The CI column reports whether the platform has a dedicated GitHub Actions job. A “Tested with limitations” row that is not in CI carries a stronger caveat than one that is. For the onboarding-time supported set without deferred rows, see Prerequisites.

OS	Container runtime	Status	PRD priority	CI	Notes
Linux	Docker	Tested	P0	Yes	Primary tested path. Ubuntu 24.04 is the validated distro in production source (`DEFAULT_COMPAT_IMAGE` in `src/lib/onboard/docker-driver-gateway-launch.ts:10` and the preflight tests pin 24.04 only); the installer’s package-manager probes assume apt-get. Other distros (Ubuntu 22.04, Fedora, Rocky, Alma, NixOS, Arch) may work but are not validated.
macOS (Apple Silicon)	Colima, Docker Desktop	Tested with limitations	P0	Yes	Start the container runtime (Colima or Docker Desktop) before running the installer. Xcode Command Line Tools (`xcode-select --install`) are typically required for Node native modules during install. NemoClaw recommends them but does not enforce them during preflight.
DGX Spark	Docker	Tested	P1	Yes	Use the standard installer and `$$nemoclaw onboard`. For an end-to-end walkthrough with local inference, see the NVIDIA Spark playbook.
Windows WSL2	Docker Desktop (WSL backend)	Tested with limitations	P1	No	Requires WSL2 with Docker Desktop backend.
DGX Station	Docker	Deferred	P1	No	The PRD marks this platform as P1. Workstation form-factor with NVIDIA GPUs and the same Docker + NVIDIA Container Toolkit + CDI requirements as DGX Spark. Onboard path not yet validated end-to-end on the hardware; vLLM has a placeholder default model defined for this host class (`Qwen/Qwen3.6-27B-FP8`) that will move out of `deferred` once the hardware run is signed off.
NVIDIA RTX (consumer and Pro workstation GPUs)	Docker	Deferred	P1	No	The PRD marks this platform as P1. Covers RTX consumer cards and RTX Pro workstation cards on Linux hosts that meet the generic-Linux-GPU requirements (NVIDIA Container Toolkit + CDI present). The provider menu emits managed vLLM behind `NEMOCLAW_EXPERIMENTAL=1` or `NEMOCLAW_PROVIDER=install-vllm` for this host class today; the end-to-end onboard path on this hardware is not yet validated in CI.

Inference providers

NemoClaw routes inference through the OpenShell gateway. Each row below is a provider the onboarding wizard can configure end-to-end.

Provider	Status	Endpoint type	Notes
NVIDIA Endpoints	Tested	OpenAI-compatible	Hosted models on integrate.api.nvidia.com
OpenAI	Tested	Native OpenAI-compatible	Uses OpenAI model IDs
Other OpenAI-compatible endpoint	Tested with limitations	Custom OpenAI-compatible	Adapter path validated against OpenRouter as the `compatible-endpoint` provider with `openrouter/auto` (see `src/lib/inference/config.test.ts:119`); the onboarding prompt that surfaces OpenRouter as the worked example is at `src/lib/onboard.ts:3673`. Behavior on other OpenAI-compatible proxies, gateways, and self-hosted implementations may vary; this row claims the adapter, not the universe of compatible endpoints.
Anthropic	Tested	Native Anthropic	Uses anthropic-messages
Other Anthropic-compatible endpoint	Tested with limitations	Custom Anthropic-compatible	Adapter path validated with AWS Bedrock (`src/lib/onboard/bedrock-runtime.ts`). Behavior on other Anthropic-compatible proxies and gateways may vary; this row claims the adapter, not the universe of compatible endpoints.
Google Gemini	Tested	OpenAI-compatible	Uses Google’s OpenAI-compatible endpoint
Hermes Provider	Hermes only	OpenAI-compatible route	Available when onboarding Hermes Agent through `nemohermes`
Local Ollama	Tested with limitations	Local Ollama API	Available when Ollama is installed or running on the host. Validated default models: `qwen3.6:35b` (high VRAM), `nemotron-3-nano:30b` (medium VRAM), `qwen3.5:9b` (low VRAM fallback).
Local NVIDIA NIM	Experimental	Local OpenAI-compatible	Requires `NEMOCLAW_EXPERIMENTAL=1` and a NIM-capable NVIDIA GPU. Host must have the NVIDIA Container Toolkit installed and a CDI spec present (`onboard` asserts CDI presence with `assertCdiNvidiaGpuSpecPresent`, `src/lib/onboard.ts:1586`). NIM images pull from `nvcr.io` and require NGC registry login. NemoClaw gates this path behind the experimental flag because it does not auto-select a NIM image for the host today. You must explicitly pick from the validated image list. Managed vLLM has host-specific default models and is not gated on the same boxes. Validated images referenced in `src/lib/inference/config.ts` and `nemoclaw/src/index.ts`: `nvidia/nemotron-3-super-120b-a12b` (default cloud model), `nvidia/nemotron-3-nano-30b-a3b`, `nvidia/llama-3.3-nemotron-super-49b-v1.5`.
Local vLLM (already running)	Tested with limitations	Local OpenAI-compatible	Appears in the onboarding menu when NemoClaw detects a server already on `localhost:8000`. No flag required. Model is whatever the existing server serves.
Local vLLM (managed install/start)	Tested with limitations	Local OpenAI-compatible	Appears by default on DGX Spark and DGX Station. Generic Linux NVIDIA GPU hosts require `NEMOCLAW_EXPERIMENTAL=1` or `NEMOCLAW_PROVIDER=install-vllm`. Host must have the NVIDIA Container Toolkit installed and a CDI spec present (`onboard` asserts CDI presence). NemoClaw pulls or starts the stable NGC vLLM container for each host profile. See `src/lib/inference/vllm.ts:55,177` for the pins. DGX Spark and DGX Station use `nvcr.io/nvidia/vllm:26.05.post1-py3`; generic Linux NVIDIA GPU hosts use `nvcr.io/nvidia/vllm:26.03.post1-py3`. Validated defaults are listed in `src/lib/inference/vllm-models.ts`: DGX Spark uses `nvidia/Qwen3.6-35B-A3B-NVFP4`, DGX Station uses `Qwen/Qwen3.6-27B-FP8`, and Linux NVIDIA GPU uses `nvidia/NVIDIA-Nemotron-3-Nano-4B-FP8`. Image pulls require NGC registry login (`docker login nvcr.io`); onboard prompts for the NGC API key when authentication is missing.

Messaging integrations

NemoClaw configures messaging channels during onboarding. The OpenShell gateway runs each channel as a supervised process; NemoClaw supplies onboarding, credential delivery, and policy presets for the sandbox egress rules.

Channel	Status	Notes
Slack	Tested	Configured through an OpenShell-managed channel during onboarding. Sandbox egress allowed by the `slack` policy preset.
Discord	Tested	Configured through an OpenShell-managed channel during onboarding. Sandbox egress allowed by the `discord` policy preset.
Telegram	Tested	Configured through an OpenShell-managed channel during onboarding.
WeChat	Tested with limitations	Channel hook available. Verify regional account access before relying on this path.
WhatsApp	Tested with limitations	Supported by both OpenClaw and Hermes (see `messaging_platforms` in `agents/openclaw/manifest.yaml` and `agents/hermes/manifest.yaml`). Pairing happens in the sandbox through WhatsApp Web by scanning a QR code at first run; the Hermes flow exposes this as `hermes whatsapp` and persists session credentials under `~/.hermes/platforms/whatsapp/session` (`agents/hermes/manifest.yaml:69-71`). Sandbox egress goes through the `whatsapp` policy preset, which carries the WebSocket / Noise / h1-ALPN caveats documented in `nemoclaw-blueprint/policies/presets/whatsapp.yaml`. No Meta Business API integration today; that path is out of scope for this matrix.
Microsoft Teams	Experimental	Supported by both OpenClaw and Hermes through the manifest-first messaging channel contract. Requires Bot Framework app credentials, a tenant ID, and a public HTTPS endpoint that reaches the sandbox webhook path `/api/messages`. Sandbox egress goes through the `teams` policy preset, and only one active Teams sandbox can use a given local `MSTEAMS_PORT` forward.

Capabilities

Each row below is a launch-facing capability claim that NemoClaw makes in docs, blog posts, or demos. Use the status to decide whether the claim is safe to repeat verbatim or needs a caveat.

Capability	Status	Notes
Guided onboarding	Tested	Single-command interactive wizard (`$$nemoclaw onboard`) that walks the user through inference provider selection, credential setup, sandbox creation, and dashboard launch. Non-interactive mode is supported with `--non-interactive` + `NEMOCLAW_*` environment variables for CI and scripted installs.
Sandboxed execution	Tested with limitations	Landlock, seccomp, network namespace isolation, no-new-privileges, privilege dropping, and process limits (ulimit -u 512 at `scripts/lib/sandbox-init.sh:237`) are tested and on by default. The `DANGEROUS_CAPS` list at `scripts/lib/sandbox-init.sh:288-299` drops cap_sys_admin, cap_sys_ptrace, cap_net_raw, cap_dac_override, cap_sys_chroot, cap_fsetid, cap_setfcap, cap_mknod, cap_audit_write, cap_net_bind_service with `capsh --drop` when CAP_SETPCAP is present. Limitation (active issue #3280): the fail-closed bounding-set gate is opt-in via `NEMOCLAW_REQUIRE_CAP_DROP=1`; the default is warn-and-continue so hosts without CAP_SETPCAP still boot, which means dangerous caps can remain in the bounding set on some hosts even though the effective set is empty.
Routed inference	Tested	Provider-routed model calls through the OpenShell gateway, transparent to the agent. The agent uses `inference.local` inside the sandbox; provider credentials stay on the host. Supports every entry in the Providers table.
Declarative network policy	Tested	YAML-defined egress with policy presets. Presets include `slack`, `discord`, `telegram`, `weather`, `openclaw-pricing`, `huggingface`, `npm`, `pypi`, `brew`, and others. Hot-reloadable at runtime with `$$nemoclaw <name> policy-add`.
Snapshot and restore	Tested	Create, list, and restore named snapshots of sandbox state with the `$$nemoclaw <name> snapshot` subcommands (`create`, `list`, `restore`). Credential stripping is enforced on capture. Unsafe symlinks are rejected on restore.
Agent skills	Tested	Packaged agent skills are discoverable by Cursor, Claude Code, and other coding assistants under `.agents/skills/`. Skills also install into the sandbox with `$$nemoclaw <name> skill install`.
State migration	Tested	Sandbox state migrates across rebuilds with credentials intentionally excluded. Hermes excludes `auth.json` and restores its SQLite session DB through the backup API. OpenClaw config merge prevents stale state from overwriting fresh values.
Blueprint versioning	Tested	Versioned, digest-verified, and reproducible blueprint lifecycle. Drives `$$nemoclaw <name> rebuild` and the migration safeguards above.
Web search backend	Tested with limitations	Runtime-configurable web-search backend plumbed through the OpenShell gateway. Brave is the currently-implemented backend. See `src/lib/onboard/brave-provider-profile.ts` and `src/lib/onboard/web-search-flow.ts`. Users supply backend credentials during an onboard prompt. NemoClaw does not bundle a key.

Deployment paths

How NemoClaw can be brought up on a given host. Pick the row that matches the target environment.

Path	Status	Notes
Local CLI onboard	Tested	Run `$$nemoclaw onboard` on a tested platform with Docker available locally. Primary path.
Remote GPU with Brev CLI	Tested with limitations	Legacy compatibility wrapper provisions a Brev VM, installs Docker + NVIDIA Container Toolkit, and runs `$$nemoclaw onboard` on that host. Defaults to GCP; override with `NEMOCLAW_BREV_PROVIDER`. The preferred path is the standard installer followed by `$$nemoclaw onboard` after the VM is reachable.
Brev web UI	Tested	Browser-driven launcher provisions a Brev-managed Linux VM with Docker, the OpenShell runtime, a NemoClaw sandbox running OpenClaw, inference routing, and the OpenClaw dashboard.

Out of scope and not supported

The items below come up in conversations but are explicitly out of scope. They are listed here so launch material, sales conversations, and support triage have a clear “we do not claim to do this” reference.

Item	Status	Why
Podman / other container runtimes	Unsupported	Onboard surfaces an explicit unsupported-runtime error for Podman (`src/lib/onboard.ts:1611` prints the rejection; `src/lib/onboard/preflight.ts:586` flags the unsupported runtime upstream). Only Docker Engine, Docker Desktop, and Colima are supported. See issue #420 (closed).
Intel Mac (macOS x86_64)	Unsupported	OpenShell does not publish macOS x86_64 standalone gateway assets. Install hard-fails on x86_64 macOS (`scripts/install-openshell.sh:315`). See issue #954 (closed).
Non-Ubuntu/Debian Linux distros	Unsupported	Installer assumes `apt-get`. Fedora/Rocky/Alma/Arch/NixOS are not validated and the installer’s package-manager probes do not cover them. See open issue #899 (Fedora hang).
Native Kubernetes or OpenShift deployments	Unsupported	NemoClaw runs the sandbox as a Docker container, not a Kubernetes pod. The default Docker-driver topology does not embed k3s. Operator-managed K8s/OpenShift deployments are out of scope; see issue #407 (community OpenShift through agent-sandbox CRD).
Air-gapped / offline installs	Unsupported	Onboard assumes network reachability for package fetches, container pulls, and provider validation. See open issues #4872 and #2218 (production-deployment epic covering air-gapped support, China network guidance, multi-host topology).
Windows-on-ARM GPU passthrough	Unsupported	Windows-on-ARM CPU paths run under WSL2 ‘tested with limitations’, but GPU passthrough on WOA is denylisted (`src/lib/onboard/wsl-docker-desktop-gpu.ts:188`, `src/lib/inference/gpu-trust.test.ts:70`). See closed issue #4565.
Non-NVIDIA GPUs (AMD/ROCm, Intel Arc, Apple Metal)	Unsupported	Local vLLM and NIM paths assert NVIDIA CDI presence with `assertCdiNvidiaGpuSpecPresent` (`src/lib/onboard.ts:1586`, called at `:1651`). NemoClaw does not install non-NVIDIA accelerator drivers.
Other LangChain, AutoGen, CrewAI, or non-listed agent harnesses	Unsupported	LangChain Deep Agents Code is the only integrated LangChain-family harness (see the Agents section above; status `Experimental`). Other LangChain harnesses, AutoGen, CrewAI, and any agent runtime not listed in the Agents table are not integrated. Bringing more harnesses is tracked as a research epic (see open issue #4861) but is not on the current roadmap.
Multi-user host sharing	Unsupported	Sandboxes are scoped to a single host user. NemoClaw treats multi-user hosts as a risk and warns at onboard; see `docs/security/openclaw-controls.mdx` Multi-user detection.
Hosted SaaS / managed NemoClaw	Unsupported	There is no managed offering. Supported deployment paths are Local CLI onboard, Remote GPU with Brev CLI, and Brev web UI.
Native provider integrations not in the Providers table	Unsupported	Vertex AI, Azure OpenAI, SageMaker, Together.ai, Replicate, and HuggingFace Inference Endpoints are not first-class onboarding entries. AWS Bedrock works through the `compatible-anthropic-endpoint` adapter (`src/lib/onboard/bedrock-runtime.ts`).
Production SLA or guaranteed response times	Unsupported	NemoClaw is an early-preview alpha project. Maintainers respond on a best-effort basis. No SLA is offered.

Known caveats and active blockers

Sandbox bounding-set capability drop on hosts without CAP_SETPCAP is partially fixed. The agent process tree drops dangerous caps with NEMOCLAW_REQUIRE_CAP_DROP=1 (see #4707). The nemoclaw <name> connect shell still inherits the container’s create-time bounding set on Colossus, Docker Desktop, and WSL hosts where CAP_SETPCAP is absent. The remaining fix is upstream in NVIDIA/OpenShell#1452. See tracking #3280.

Using this matrix

Docs and READMEs that reference any row above should link to this page instead of restating status. Partial tables, such as the prerequisites page, generate from the same JSON and stay in sync with scripts/generate-platform-docs.py.
Demos and launch material should cite the status verbatim. A “Tested with limitations” row is not a “Tested” row.
Customer support can use the matrix to triage incoming reports. A failure on a Tested row is a bug. A failure on a Deferred row is an unsupported configuration request. A failure on an Unsupported row is a feature request that needs separate triage.
Roadmap changes land in the JSON first, then propagate to this page on the next generator run.

Updating the matrix

Edit ci/platform-matrix.json.
Run python3 scripts/generate-platform-docs.py to regenerate this page and the partial tables on prerequisites and inference-options.
Open a PR. The engineering owner team is auto-assigned through CODEOWNERS and explicitly acknowledges launch impact in the PR review for any launch-facing claim change.
The platform-matrix-sync pre-commit hook regenerates and stages the rendered tables before the commit lands; run python3 scripts/generate-platform-docs.py --check to verify drift without regenerating.