v0.0.72

NemoClaw v0.0.72 improves installer recovery, sandbox diagnostics, inference setup, credential handling, and custom policy safety.

  • Installer and upgrade flows now recover eligible non-Ready sandboxes before generic onboarding. The installer runs backup-all when available, runs upgrade-sandboxes --auto, restores only validated latest backups with matching sandbox identity and managed-image provenance, and exits before onboarding if any eligible recovery is blocked or fails. For more information, refer to NemoClaw Quickstart with OpenClaw and Recover and Rebuild Sandboxes.
  • Day-two commands provide clearer diagnostics before work reaches a lower-level failure. channels status prints a compact summary for configured channels and non-secret rendered-config comparisons, credentials add registers provider credentials by provider name and type, status separates host inventory from per-sandbox health, exec rejects newline-containing arguments with recovery guidance, and connect shells point policy-denial failures at logs. For more information, refer to NemoClaw CLI Commands Reference and Troubleshooting.
  • Inference setup and model switching fail with safer context. NVIDIA Endpoints onboarding uses a public featured-model catalog with safe bundled fallback behavior, provider-not-found errors list registered providers and point back to onboarding, Hermes Provider endpoint URLs are validated before credentials are dispatched, and curl-based probes keep API keys out of process arguments. For more information, refer to Choose an Inference Provider, Switch Inference Providers, and Security Best Practices.
  • Custom policy and sandbox credential boundaries are tighter. User-supplied custom presets reject allowed_ips except the explicit host bridge, OpenClaw processes receive AWS_EC2_METADATA_DISABLED=true, Hermes runtime configuration output masks API key fields, and exec restores mutable OpenClaw config permissions after one-shot commands. For more information, refer to Customize the Network Policy, Security Best Practices, and NemoClaw CLI Commands Reference.
  • Runtime repair covers more sandbox-specific drift. OpenClaw gateway watchdog exits respawn the gateway instead of ending PID 1, Hermes upgrade checks compare agent versions in the Hermes runtime scheme, Tavily access is restored for managed Python workflows, and prompt-stdin EOF during onboarding is treated as cancellation. For more information, refer to Recover and Rebuild Sandboxes, Common NemoClaw Integration Policy Examples, and NemoClaw CLI Commands Reference.