Run OpenClaw more securely inside NVIDIA OpenShell with managed inference https://docs.nvidia.com/nemoclaw/latest/
Find a file Use this template
Carlos Villela ff5877b1ec
Some checks failed
Security / Code Scanning / CodeQL (javascript-typescript) (push) Waiting to run
Security / Code Scanning / CodeQL (python) (push) Waiting to run
Security / Code Scanning / ShellCheck SARIF (push) Waiting to run
Docs / Publish Staging / publish (push) Waiting to run
Docs / Publish Staging / delete-preview (push) Blocked by required conditions
e2e-branch-validation.yaml / fix(onboard): adopt compatible vllm served aliases (#7044) (push) Failing after 0s
Security / Installer Hash Check / check-hash (push) Waiting to run
E2E / macOS / macos-e2e (push) Waiting to run
CI / Main / static-checks (push) Waiting to run
CI / Main / build-typecheck (push) Waiting to run
CI / Main / installer-integration (push) Waiting to run
CI / Main / wechat-runtime-audit (push) Waiting to run
CI / Main / reviewed-npm-audit (push) Waiting to run
CI / Main / real-openclaw-dist-harness (push) Waiting to run
CI / Main / cli-test-shards (1) (push) Waiting to run
CI / Main / cli-test-shards (2) (push) Waiting to run
CI / Main / cli-test-shards (3) (push) Waiting to run
CI / Main / cli-test-shards (4) (push) Waiting to run
CI / Main / cli-test-shards (5) (push) Waiting to run
CI / Main / cli-test-shards (6) (push) Waiting to run
CI / Main / cli-test-shards (7) (push) Waiting to run
CI / Main / cli-test-shards (8) (push) Waiting to run
CI / Main / cli-tests (push) Blocked by required conditions
CI / Main / plugin-tests (push) Waiting to run
CI / Main / checks (push) Blocked by required conditions
CI / Main / sandbox-images-and-e2e (push) Blocked by required conditions
CI / Platform Vitest Main Watch / ubuntu-2604-contract (push) Waiting to run
CI / Platform Vitest Main Watch / macos-vitest (push) Waiting to run
CI / Platform Vitest Main Watch / wsl-vitest (push) Waiting to run
Automation / Request NVSkills CI / request (push) Waiting to run
sandbox-images-and-e2e.yaml / fix(onboard): adopt compatible vllm served aliases (#7044) (push) Failing after 0s
E2E / WSL / wsl-e2e (push) Waiting to run
fix(onboard): adopt compatible vllm served aliases (#7044)
<!-- markdownlint-disable MD041 -->
## Summary

DGX Station express onboarding currently rejects an already-running
compatible Ultra model when its custom vLLM served name differs from
NemoClaw's canonical route ID.
This change verifies the server-reported model root against the
managed-model registry, adopts the compatible served alias, and keeps
mismatched models and shared-gateway conflicts fail-closed.

## Related Issue

Fixes #7023

## Changes

- Match an existing vLLM served alias to the requested model only when
`/v1/models` reports a safe root that exactly identifies the registered
checkpoint.
- Keep newly managed vLLM installs on their exact served identity and
rerun shared-gateway route containment after adopting an existing-server
alias.
- Add unit coverage for compatible, incompatible, and shared-route cases
plus a non-interactive DGX Station express regression test for the
reported Ultra alias.
- Update the vLLM setup guide to describe existing-server selection and
the model-identity checks.

The focused matcher is required because vLLM's `--served-model-name` is
intentionally independent from the underlying checkpoint ID, so direct
string equality cannot distinguish a compatible alias from a different
model.
The unit and Station provider-selection tests protect that boundary.

## Type of Change

- [ ] Code change (feature, bug fix, or refactor)
- [x] Code change with doc updates
- [ ] Doc only (prose changes, no code sample modifications)
- [ ] Doc only (includes code sample changes)

## Quality Gates

- [x] Tests added or updated for changed behavior
- [ ] Existing tests cover changed behavior — justification:
- [ ] Tests not applicable — justification:
- [x] Docs updated for user-facing behavior changes
- [ ] Docs not applicable — justification:
- [x] Sensitive paths changed (security, policy, credentials, preflight,
onboarding, inference, runner, sandbox, or messaging)
- [x] Sensitive-path review completed or maintainer-approved waiver
recorded — reviewer/approval link/justification: Nine-category security
review completed against exact commit
`d1bbd90964` with no findings. The
reported root remains allowlisted and must exactly match the registered
checkpoint; exact managed identity and post-discovery shared-route
containment remain enforced.
- [ ] Non-success, skipped, or missing CI check accepted by maintainer —
check name, approval link, and follow-up issue:

## Verification

- [x] PR description includes a `Signed-off-by:` line and every commit
appears as `Verified` in GitHub
- [x] Normal `pre-commit`, `commit-msg`, and `pre-push` hooks passed, or
`npm run check:diff` passed when hooks were skipped or unavailable
- [x] Targeted behavior tests pass for the current change set, or tests
are marked not applicable above — `npx vitest run --project cli
--project integration src/lib/onboard/setup-nim-vllm.test.ts
test/onboard-selection-vllm.test.ts` passed 28 tests; `npm run
test:changed` passed 857 tests.
- [ ] Applicable broad gate passed — `npm test` for broad
runtime/test-harness changes; `npm run check` for repo-wide
validation/coverage changes — not run because this is a focused
onboarding selection change with direct unit and integration coverage.
- [x] Quality Gates section completed with required justifications or
waivers
- [x] No secrets, API keys, or credentials committed
- [ ] `npm run docs` builds without warnings (doc changes only) — passed
with 0 errors; Fern reported two pre-existing unprinted warnings.
- [x] Doc pages follow the [style
guide](https://github.com/NVIDIA/NemoClaw/blob/main/docs/CONTRIBUTING.md)
(doc changes only)
- [ ] New doc pages include SPDX header and frontmatter (new pages only)
— not applicable; no new page was added.

---
Signed-off-by: Carlos Villela <cvillela@nvidia.com>


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Reuse already-running vLLM servers instead of starting duplicates,
including when port `8000` is already in use.
* If a vLLM “served” alias can be verified as compatible, NemoClaw can
adopt it for the selected model.
* **Bug Fixes**
* Tightened model-identity and route-compatibility validation to prevent
mismatched or unverifiable server/alias selections, with clearer early
error guidance.
* **Documentation**
  * Updated vLLM “existing server” onboarding guidance.
* **Tests**
* Expanded coverage for served-alias adoption, missing root metadata,
compatibility conflicts, and resume behavior.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Signed-off-by: Carlos Villela <cvillela@nvidia.com>
Signed-off-by: Apurv Kumaria <akumaria@nvidia.com>
Co-authored-by: Apurv Kumaria <akumaria@nvidia.com>
Co-authored-by: cjagwani <cjagwani@nvidia.com>
2026-07-17 03:20:01 +00:00
.agents/skills fix(ci): reopen completed PR E2E checks (#7054) 2026-07-16 18:51:36 -07:00
.claude docs(skills): make copy of docs-as-skills for Claude (#837) 2026-03-24 15:08:13 -07:00
.github fix(e2e): align gateway upgrade evidence matrix (#7055) 2026-07-17 03:14:48 +00:00
agents fix(shields): attest private mutable Hermes topology (#7049) 2026-07-16 15:48:14 -07:00
bin fix(inference): contain shared gateway route conflicts (#6338) 2026-07-07 13:31:08 -07:00
ci fix(skills): use latest check-run attempts (#7024) 2026-07-16 17:39:27 -07:00
docs fix(onboard): adopt compatible vllm served aliases (#7044) 2026-07-17 03:20:01 +00:00
fern docs: migrate release notes to Fern changelog (#6900) 2026-07-15 05:08:19 +00:00
ISSUE_TEMPLATE Create bug_report.yml (#371) 2026-03-18 17:50:58 -07:00
nemoclaw chore(deps): align Node and advisor SDK requirements (#6729) 2026-07-12 17:47:01 -07:00
nemoclaw-blueprint fix(inference): strip unsupported top-level thinking for Ultra on Build route (#6913) (#7001) 2026-07-16 08:22:07 -07:00
schemas test(e2e): enforce phase-aware onboard budgets (#6732) 2026-07-13 16:26:48 -07:00
scripts chore(openshell): trust v0.0.85 release manifests (#7069) 2026-07-16 20:14:07 -07:00
skills fix(pr-advisor): simplify E2E output and review guidance (#6832) 2026-07-14 02:24:09 -07:00
src fix(onboard): adopt compatible vllm served aliases (#7044) 2026-07-17 03:20:01 +00:00
test fix(onboard): adopt compatible vllm served aliases (#7044) 2026-07-17 03:20:01 +00:00
tools fix(e2e): align gateway upgrade evidence matrix (#7055) 2026-07-17 03:14:48 +00:00
.coderabbit.yaml refactor(scripts): migrate documentation and configuration tools to .mts (#6936) 2026-07-15 09:18:50 -07:00
.dockerignore fix(security): add missing sensitive file patterns to .dockerignore (#1994) 2026-04-16 18:18:36 -07:00
.editorconfig chore(tooling): remove redundant Makefile (#6262) 2026-07-03 19:47:58 -07:00
.gitattributes feat(skills): add signed catalog export (#4284) 2026-05-27 07:48:34 -07:00
.gitignore docs: hide generated variant pages (#4724) 2026-06-03 21:28:32 +00:00
.gitmodules feat(router): add model router integration with complexity-based routing (#2202) 2026-05-06 15:09:30 -07:00
.markdownlint-cli2.yaml docs(skills): add messaging channel onboarding guide (#5501) 2026-06-18 15:05:25 -07:00
.pre-commit-config.yaml chore(scripts): migrate source and test analysis tools to .mts (#6935) 2026-07-15 14:16:50 -07:00
.prettierignore chore: add Prettier formatting for root-level JS files (#1200) 2026-03-31 13:27:52 -07:00
.shellcheckrc fix(install): prevent nvm/login shell from resetting PATH in subshells (#651) 2026-03-23 09:10:07 -07:00
AGENTS.md docs: migrate release notes to Fern changelog (#6900) 2026-07-15 05:08:19 +00:00
biome.json chore(docs): remove pre-Fern assets (#6654) 2026-07-10 13:51:54 -07:00
CLAUDE.md docs(skills): reorganize skills with audience-based prefixes (#1603) 2026-04-08 10:00:57 -07:00
CODE_OF_CONDUCT.md chore: fix all markdownlint violations and enable remaining rules (#730) 2026-03-23 14:14:39 -07:00
commitlint.config.js chore(tooling): switch linting to biome (#2862) 2026-05-01 16:16:37 -07:00
CONTRIBUTING.md fix(pr-advisor): simplify E2E output and review guidance (#6832) 2026-07-14 02:24:09 -07:00
Dockerfile refactor(scripts): migrate the OpenClaw diagnostics patch tool to .mts (#6931) (#6942) 2026-07-16 08:22:46 -07:00
Dockerfile.base ci(deps): audit reviewed npm archive graph (#6741) 2026-07-13 13:47:38 -07:00
install.sh feat(installer): prepare DGX Station host prerequisites (#6991) 2026-07-16 15:29:53 -07:00
jsconfig.json ci: add ESLint and tsc type checking for JavaScript files (#771) 2026-03-24 19:07:01 -07:00
LICENSE Add license and DCO guide 2026-03-15 10:54:32 -07:00
package-lock.json chore(deps): align Node and advisor SDK requirements (#6729) 2026-07-12 17:47:01 -07:00
package.json refactor(scripts): migrate E2E scorecard modules to .mts (#6950) 2026-07-16 01:12:07 -07:00
README.md docs(manage-sandboxes): refactor sandbox management guides (#6789) 2026-07-13 23:11:41 -07:00
SECURITY.md fix(dcode): stop persisting LangSmith variables (#6219) 2026-07-02 20:29:32 -07:00
spark-install.md docs: clarify last-known-good installer guidance (#6148) 2026-07-01 22:33:24 +00:00
tsconfig.cli.json ci(advisors): consolidate PR and E2E guidance (#6745) 2026-07-13 13:57:22 -07:00
tsconfig.runtime-preloads.json test: backfill mockable coverage for live-only behavior + guard against it (#6086) 2026-07-06 16:49:22 -04:00
tsconfig.src.json refactor(cli): extract pure functions from onboard.js to typed TypeScript modules (#1240) 2026-04-01 12:45:36 -07:00
uninstall.sh fix(uninstall): add --destroy-user-data flag to purge preserved data (#5784) 2026-06-30 14:15:59 -04:00
vitest.config.ts feat(installer): prepare DGX Station host prerequisites (#6991) 2026-07-16 15:29:53 -07:00

NVIDIA NemoClaw: Reference Stack for Sandboxed AI Agents in OpenShell

License Security Policy Discord

NVIDIA NemoClaw is an open source reference stack for running always-on AI agents more safely inside NVIDIA OpenShell sandboxes. It provides guided onboarding, a hardened blueprint, routed inference, network policy, and lifecycle management through a single CLI.

Supported agents:

For capabilities, architecture, security controls, and the full feature list, see the NemoClaw documentation.

Get Started

Start with Your Coding Agent

Use the starter prompt when you want Cursor, Claude Code, Codex, Copilot, or another local coding agent to install NemoClaw with you.

Copy the NemoClaw starter prompt.

The prompt tells your agent to use NemoClaw docs and skills, ask one question at a time, run commands only with your approval, and keep secrets out of chat.

Install Using the Interactive Installer in Your Terminal

Review Prerequisites before installing. For Hermes, set NEMOCLAW_AGENT=hermes before running the installer, or use the nemohermes alias after install. When connecting to a Hermes sandbox from a light terminal, NemoClaw may install a managed nemoclaw-light Hermes skin for readable assistant text; it removes that managed skin state again when the terminal no longer needs it and preserves any user-selected Hermes skin.

Agent Guide
OpenClaw (default) Quickstart with OpenClaw
Hermes Quickstart with Hermes
LangChain Deep Agents Code Quickstart with LangChain Deep Agents Code

Documentation

Refer to the following pages on the official documentation website for more information on NemoClaw.

Page Description
Overview What NemoClaw does and how it fits together.
Architecture Overview High-level overview of Plugin, blueprint, sandbox lifecycle, and protection layers.
Ecosystem How OpenClaw, OpenShell, and NemoClaw form a stack and when to use NemoClaw versus OpenShell alone.
Architecture Details Detailed description of Plugin structure, blueprint lifecycle, sandbox environment, and host-side state.
Prerequisites Hardware, software, and supported platforms, with any platform-specific pre-setup.
Choose an Inference Provider Supported providers, validation, and routed inference configuration.
Network Policies Baseline rules, operator approval flow, and egress control.
Customize Network Policy Static and dynamic policy changes, presets.
Security Best Practices Controls reference, risk framework, and posture profiles for sandbox security.
Sandbox Hardening Container security measures, capability drops, process limits.
CLI Commands Full NemoClaw CLI command reference.
Troubleshooting Common issues and resolution steps.

Community

Join the NemoClaw community to ask questions, share feedback, and report issues. NemoClaw is an alpha project, so maintainers review issues, discussions, and pull requests on a best effort basis without guaranteed response timelines.

Need Channel
Setup or usage questions GitHub Discussions or Discord
Reproducible bugs GitHub Issues
Feature proposals Start with GitHub Discussions, then open an issue when the scope is clear
Current priorities Current Priorities
Contribution help CONTRIBUTING.md
Security vulnerabilities Use the private channels in SECURITY.md; do not open public issues

Contributing

We welcome contributions. See CONTRIBUTING.md for development setup, coding standards, and the PR process.

Prepare a source checkout without creating a runtime sandbox:

./scripts/dev-setup.sh

Or ask a compatible coding agent to use the repository's contributor-onboarding skill:

Set up this machine as a NemoClaw contributor and prepare it for a first PR.

The contributor path is separate from the end-user installer above. The default and --repair modes change only repository-local dependencies, builds, and hooks. Use ./scripts/dev-setup.sh --expose-cli only when you explicitly want a host-visible development CLI. Use ./scripts/dev-setup.sh --with-runtime only when your change needs sandbox validation; that approved flow also opts into CLI exposure.

Security

NVIDIA takes security seriously. If you discover a vulnerability in NemoClaw, DO NOT open a public issue. Use one of the private reporting channels described in SECURITY.md:

For security bulletins and PSIRT policies, visit the NVIDIA Product Security portal.

Current Priorities

NemoClaw's current priorities are maintained here as a public orientation point for contributors and community members. This list is not a delivery commitment, support promise, or fixed roadmap; priorities can change as maintainers respond to security, quality, platform readiness, and community feedback.

  • Improve install and onboarding reliability across tested platforms.
  • Strengthen sandbox hardening, credential handling, and network-policy defaults.
  • Validate local and routed inference behavior for supported provider paths.
  • Keep documentation, troubleshooting guidance, and agent skills aligned with supported workflows.

For specific scoped work, use GitHub Issues and start broader proposals in GitHub Discussions. Security vulnerabilities must use the private reporting channels in SECURITY.md, not public issues.

Notice and Disclaimer

This software automatically retrieves, accesses or interacts with external materials. Those retrieved materials are not distributed with this software and are governed solely by separate terms, conditions and licenses. You are solely responsible for finding, reviewing and complying with all applicable terms, conditions, and licenses, and for verifying the security, integrity and suitability of any retrieved materials for your specific use case. This software is provided "AS IS", without warranty of any kind. The author makes no representations or warranties regarding any retrieved materials, and assumes no liability for any losses, damages, liabilities or legal consequences from your use or inability to use this software or any retrieved materials. Use this software and the retrieved materials at your own risk.

License

Apache 2.0. See LICENSE.