No description
Find a file
Apurv Kumaria adfcc90126
Some checks are pending
Security / Code Scanning / CodeQL (javascript-typescript) (push) Waiting to run
Security / Code Scanning / CodeQL (python) (push) Waiting to run
Security / Code Scanning / ShellCheck SARIF (push) Waiting to run
Security / Installer Hash Check / check-hash (push) Waiting to run
E2E / macOS / macos-e2e (push) Waiting to run
CI / Main / build-typecheck (push) Waiting to run
CI / Main / installer-integration (push) Waiting to run
CI / Main / cli-test-shards (1) (push) Waiting to run
CI / Main / static-checks (push) Waiting to run
CI / Main / cli-test-shards (2) (push) Waiting to run
CI / Main / cli-test-shards (3) (push) Waiting to run
CI / Main / cli-test-shards (4) (push) Waiting to run
CI / Main / cli-test-shards (5) (push) Waiting to run
CI / Main / cli-tests (push) Blocked by required conditions
CI / Main / plugin-tests (push) Waiting to run
CI / Main / test-e2e-ollama-proxy (push) Waiting to run
CI / Main / checks (push) Blocked by required conditions
CI / Main / sandbox-images-and-e2e (push) Blocked by required conditions
CI / Platform Vitest Main Watch / macos-vitest (push) Waiting to run
CI / Platform Vitest Main Watch / wsl-vitest (push) Waiting to run
Automation / Request NVSkills CI / request (push) Waiting to run
E2E / WSL / wsl-e2e (push) Waiting to run
fix(policy): restore Tavily egress for managed Python (#6134)
<!-- markdownlint-disable MD041 -->
## Summary

Restore the managed Deep Agents Code Python interpreter to the Tavily
policy and provider-profile allowlists. PR #5969 removed Python while
tightening the Tavily boundary, which left `policy-add tavily`
successful but Python-originated Tavily requests blocked by OpenShell
with HTTP 403.

## Changes

- Add `/opt/venv/bin/python3*` to
`nemoclaw-blueprint/policies/presets/tavily.yaml`.
- Add the same managed interpreter path to
`nemoclaw-blueprint/provider-profiles/tavily.yaml` so both enforcement
layers agree.
- Document why the interpreter is required for OpenShell process
attribution.
- Update the exact preset and provider-profile allowlist contracts.
- Keep system Python paths excluded so the restored access remains
limited to the managed Deep Agents environment.

## Type of Change

- [x] Code change (feature, bug fix, or refactor)
- [ ] Code change with doc updates
- [ ] Doc only (prose changes, no code sample modifications)
- [ ] Doc only (includes code sample changes)

## Quality Gates
<!-- Check all that apply. For any "covered by existing tests", "not
applicable", or waiver entry, add a brief justification on the same line
or in the Changes section. -->
- [x] Tests added or updated for changed behavior
- [ ] Existing tests cover changed behavior — justification:
- [ ] Tests not applicable — justification:
- [ ] Docs updated for user-facing behavior changes
- [x] Docs not applicable — justification: existing Deep Agents
documentation already states that OpenShell attributes Tavily calls to
the managed Python interpreter; this restores the documented behavior.
- [x] Sensitive paths changed (security, policy, credentials, preflight,
onboarding, inference, runner, sandbox, or messaging)
- [ ] Sensitive-path review completed or maintainer-approved waiver
recorded — reviewer/approval link/justification: pending maintainer
review; the change restores only `/opt/venv/bin/python3*`, not system
Python paths.
- [ ] Non-success, skipped, or missing CI check accepted by maintainer —
check name, approval link, and follow-up issue:

## Verification
<!-- Check each item you ran and confirmed. Leave unchecked items you
skipped. Doc-only changes do not require npm test unless you ran it. -->
- [x] PR description includes the DCO sign-off declaration and every
commit appears as `Verified` in GitHub
- [ ] Git hooks passed during commit and push, or `npx prek run
--from-ref main --to-ref HEAD` passes — the diff-scoped fallback passed
formatting, schema, repository, and secret-scan hooks; its broad
integration lane requires Linux utilities/semantics unavailable on this
macOS host, so CI remains authoritative.
- [x] Targeted tests pass for changed behavior
- [ ] Full `npm test` passes (broad runtime changes only)
- [x] Quality Gates section completed with required justifications or
waivers
- [x] No secrets, API keys, or credentials committed
- [ ] `npm run docs` builds without warnings (doc changes only)
- [ ] Doc pages follow the [style
guide](https://github.com/NVIDIA/NemoClaw/blob/main/docs/CONTRIBUTING.md)
(doc changes only)
- [ ] New doc pages include SPDX header and frontmatter (new pages only)

---
<!-- DCO sign-off is required in this PR description, and every commit
must appear as Verified in GitHub. Run: git config user.name && git
config user.email -->
Signed-off-by: Apurv Kumaria
<36614+apurvvkumaria@users.noreply.github.com>


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Bug Fixes**
* Updated Tavily-related runtime permissions to allow the managed Python
interpreter, which should reduce permission-related failures when
running Python-based tasks.
* Kept existing allowed binaries unchanged while extending support for
the additional Python runtime path.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Signed-off-by: Apurv Kumaria <36614+apurvvkumaria@users.noreply.github.com>
Co-authored-by: Apurv Kumaria <36614+apurvvkumaria@users.noreply.github.com>
2026-07-01 18:42:45 +00:00
.agents/skills test(e2e): retire legacy shell lanes (#5756) 2026-06-29 22:32:24 -05:00
.claude docs(skills): make copy of docs-as-skills for Claude (#837) 2026-03-24 15:08:13 -07:00
.github refactor(ci): centralize E2E artifact uploads (#6121) 2026-07-01 09:20:40 -07:00
agents fix(sandbox): add host-mediated gateway restart (#5874) 2026-06-30 14:46:13 -04:00
bin feat(cli): add Deep Agents aliases (#5881) 2026-06-26 14:19:19 -07:00
ci fix(scripts): restore .openclaw perms after nemoclaw exec command (#6060) 2026-07-01 11:40:56 -07:00
docs fix(scripts): restore .openclaw perms after nemoclaw exec command (#6060) 2026-07-01 11:40:56 -07:00
fern docs: refresh v0.0.70 release docs (#6067) 2026-06-30 16:59:40 -04:00
ISSUE_TEMPLATE Create bug_report.yml (#371) 2026-03-18 17:50:58 -07:00
nemoclaw test: make test titles behavior-oriented (#5918) 2026-06-27 19:34:28 -07:00
nemoclaw-blueprint fix(policy): restore Tavily egress for managed Python (#6134) 2026-07-01 18:42:45 +00:00
schemas fix(plugin): activate nemoclaw slash command at startup (#4450) 2026-05-28 17:10:32 -07:00
scripts fix(scripts): restore .openclaw perms after nemoclaw exec command (#6060) 2026-07-01 11:40:56 -07:00
skills chore: retire docs-to-skills and make single compact user skill (#5699) 2026-06-23 18:44:50 -07:00
src fix(scripts): restore .openclaw perms after nemoclaw exec command (#6060) 2026-07-01 11:40:56 -07:00
test fix(policy): restore Tavily egress for managed Python (#6134) 2026-07-01 18:42:45 +00:00
tools refactor(ci): centralize E2E artifact uploads (#6121) 2026-07-01 09:20:40 -07:00
.coderabbit.yaml test(e2e): retire legacy shell lanes (#5756) 2026-06-29 22:32:24 -05:00
.dockerignore fix(security): add missing sensitive file patterns to .dockerignore (#1994) 2026-04-16 18:18:36 -07:00
.editorconfig Add linting, formatting, and code quality hardening 2026-03-14 10:21:53 -07:00
.gitattributes feat(skills): add signed catalog export (#4284) 2026-05-27 07:48:34 -07:00
.gitignore docs: hide generated variant pages (#4724) 2026-06-03 21:28:32 +00:00
.gitmodules feat(router): add model router integration with complexity-based routing (#2202) 2026-05-06 15:09:30 -07:00
.markdownlint-cli2.yaml docs(skills): add messaging channel onboarding guide (#5501) 2026-06-18 15:05:25 -07:00
.pre-commit-config.yaml test: run CLI tests against source (#5904) 2026-06-27 13:23:32 -07:00
.prettierignore chore: add Prettier formatting for root-level JS files (#1200) 2026-03-31 13:27:52 -07:00
.shellcheckrc fix(install): prevent nvm/login shell from resetting PATH in subshells (#651) 2026-03-23 09:10:07 -07:00
AGENTS.md test(e2e): retire legacy shell lanes (#5756) 2026-06-29 22:32:24 -05:00
biome.json refactor(onboard): finish oclif flag migration (#5916) 2026-06-27 18:25:54 -07:00
CLAUDE.md docs(skills): reorganize skills with audience-based prefixes (#1603) 2026-04-08 10:00:57 -07:00
CODE_OF_CONDUCT.md chore: fix all markdownlint violations and enable remaining rules (#730) 2026-03-23 14:14:39 -07:00
commitlint.config.js chore(tooling): switch linting to biome (#2862) 2026-05-01 16:16:37 -07:00
CONTRIBUTING.md test: make test titles behavior-oriented (#5918) 2026-06-27 19:34:28 -07:00
Dockerfile fix(scripts): restore .openclaw perms after nemoclaw exec command (#6060) 2026-07-01 11:40:56 -07:00
Dockerfile.base fix(sandbox): add host-mediated gateway restart (#5874) 2026-06-30 14:46:13 -04:00
install.sh fix(installer): clarify install tag pinning (#4678) 2026-06-02 14:02:29 -07:00
jsconfig.json ci: add ESLint and tsc type checking for JavaScript files (#771) 2026-03-24 19:07:01 -07:00
LICENSE Add license and DCO guide 2026-03-15 10:54:32 -07:00
Makefile docs: fix remaining issues to use NV Fern theme and styles and artifacts (#3823) 2026-05-19 14:33:07 -07:00
package-lock.json feat(cli): add Deep Agents aliases (#5881) 2026-06-26 14:19:19 -07:00
package.json test(e2e): retire legacy shell lanes (#5756) 2026-06-29 22:32:24 -05:00
pyproject.toml docs: update inference docs (#1460) 2026-04-03 16:56:11 -07:00
README.md feat(agents): add Deep Agents Code harness (#5197) 2026-06-22 17:42:28 -07:00
SECURITY.md docs: improve vulnerability reporting guide (#1128) 2026-03-30 18:22:04 -07:00
spark-install.md docs: reorganize Get Started and add Deployment Topology diagram (#2445) 2026-04-24 16:06:45 -07:00
tsconfig.cli.json fix(onboard): register discord plugin entry when Discord channel is configured (#4246) (#4277) 2026-05-31 01:33:15 -07:00
tsconfig.runtime-preloads.json refactor(messaging): finish manifest channel migration (#5338) 2026-06-15 08:28:48 -07:00
tsconfig.src.json refactor(cli): extract pure functions from onboard.js to typed TypeScript modules (#1240) 2026-04-01 12:45:36 -07:00
uninstall.sh fix(uninstall): add --destroy-user-data flag to purge preserved data (#5784) 2026-06-30 14:15:59 -04:00
uv.lock docs: update inference docs (#1460) 2026-04-03 16:56:11 -07:00
vitest.config.ts test(e2e): retire legacy shell lanes (#5756) 2026-06-29 22:32:24 -05:00

NVIDIA NemoClaw: Reference Stack for Sandboxed AI Agents in OpenShell

License Security Policy Discord

NVIDIA NemoClaw is an open source reference stack for running always-on AI agents more safely inside NVIDIA OpenShell sandboxes. It provides guided onboarding, a hardened blueprint, routed inference, network policy, and lifecycle management through a single CLI.

Supported agents:

For capabilities, architecture, security controls, and the full feature list, see the NemoClaw documentation.

Get Started

Review Prerequisites before installing. For Hermes, set NEMOCLAW_AGENT=hermes before running the installer, or use the nemohermes alias after install.

Agent Guide
OpenClaw (default) Quickstart with OpenClaw
Hermes Quickstart with Hermes
LangChain Deep Agents Code Quickstart with LangChain Deep Agents Code

Documentation

Refer to the following pages on the official documentation website for more information on NemoClaw.

Page Description
Overview What NemoClaw does and how it fits together.
Architecture Overview High-level overview of Plugin, blueprint, sandbox lifecycle, and protection layers.
Ecosystem How OpenClaw, OpenShell, and NemoClaw form a stack and when to use NemoClaw versus OpenShell alone.
Architecture Details Detailed description of Plugin structure, blueprint lifecycle, sandbox environment, and host-side state.
Prerequisites Hardware, software, and supported platforms, with any platform-specific pre-setup.
Inference Options Supported providers, validation, and routed inference configuration.
Network Policies Baseline rules, operator approval flow, and egress control.
Customize Network Policy Static and dynamic policy changes, presets.
Security Best Practices Controls reference, risk framework, and posture profiles for sandbox security.
Sandbox Hardening Container security measures, capability drops, process limits.
CLI Commands Full NemoClaw CLI command reference.
Troubleshooting Common issues and resolution steps.

Community

Join the NemoClaw community to ask questions, share feedback, and report issues. NemoClaw is an alpha project, so maintainers review issues, discussions, and pull requests on a best effort basis without guaranteed response timelines.

Need Channel
Setup or usage questions GitHub Discussions or Discord
Reproducible bugs GitHub Issues
Feature proposals Start with GitHub Discussions, then open an issue when the scope is clear
Current priorities Current Priorities
Contribution help CONTRIBUTING.md
Security vulnerabilities Use the private channels in SECURITY.md; do not open public issues

Contributing

We welcome contributions. See CONTRIBUTING.md for development setup, coding standards, and the PR process.

Security

NVIDIA takes security seriously. If you discover a vulnerability in NemoClaw, DO NOT open a public issue. Use one of the private reporting channels described in SECURITY.md:

For security bulletins and PSIRT policies, visit the NVIDIA Product Security portal.

Current Priorities

NemoClaw's current priorities are maintained here as a public orientation point for contributors and community members. This list is not a delivery commitment, support promise, or fixed roadmap; priorities can change as maintainers respond to security, quality, platform readiness, and community feedback.

  • Improve install and onboarding reliability across tested platforms.
  • Strengthen sandbox hardening, credential handling, and network-policy defaults.
  • Validate local and routed inference behavior for supported provider paths.
  • Keep documentation, troubleshooting guidance, and agent skills aligned with supported workflows.

For specific scoped work, use GitHub Issues and start broader proposals in GitHub Discussions. Security vulnerabilities must use the private reporting channels in SECURITY.md, not public issues.

Notice and Disclaimer

This software automatically retrieves, accesses or interacts with external materials. Those retrieved materials are not distributed with this software and are governed solely by separate terms, conditions and licenses. You are solely responsible for finding, reviewing and complying with all applicable terms, conditions, and licenses, and for verifying the security, integrity and suitability of any retrieved materials for your specific use case. This software is provided "AS IS", without warranty of any kind. The author makes no representations or warranties regarding any retrieved materials, and assumes no liability for any losses, damages, liabilities or legal consequences from your use or inability to use this software or any retrieved materials. Use this software and the retrieved materials at your own risk.

License

Apache 2.0. See LICENSE.