Run AI coding agents like OpenClaw and Hermes securely inside NVIDIA OpenShell sandboxes with a hardened blueprint, routed inference, and lifecycle management through a single CLI.
NemoClaw is NVIDIA’s open-source reference stack for deploying always-on AI agents more safely inside OpenShell sandboxes. It wraps the full operational surface of sandboxed agent deployment — onboarding, blueprint application, inference routing, network policy enforcement, and sandbox lifecycle management — into a single CLI that makes it practical to run capable AI coding agents without sacrificing host security.
At its core, NemoClaw ships a hardened blueprint that pins the sandbox OCI image to a specific digest, applies capability drops and resource profiles, and enforces baseline network egress policies. Operators can choose from preset policy profiles for common scenarios, customize egress rules for private networks, and approve or reject agent-requested policy changes through a structured approval flow — all without modifying the agent itself.
Inference routing is handled through a virtual gateway endpoint that transparently forwards agent traffic to whichever provider is configured: NVIDIA NIM cloud, local NIM instances, vLLM, Ollama, AWS Bedrock, or any OpenAI-compatible endpoint. Switching providers requires only a profile flag change, not agent reconfiguration. This decoupling lets teams run the same agent configuration in airgapped environments or against cloud APIs without changing agent code.
NemoClaw is an alpha project backed by NVIDIA and supports two primary AI agents: OpenClaw (default) and Hermes. It targets developer teams and platform engineers who want to benefit from agentic AI coding workflows while maintaining meaningful isolation between the agent process and the host system.
Architecture NemoClaw follows a layered CLI architecture with clean separation between public command grammar, oclif-based command dispatch, action orchestration, and provider adapters. A front controller translates a natural sandbox-name-first product grammar into oclif’s internal routing, decoupling the user-facing API from the implementation. Actions in the core library compose domain modules — sandbox lifecycle, inference routing, policy management, network controls — without coupling them to each other. The dependency graph flows strictly one direction through CLI, actions, domain services, and adapters to state, ensuring each layer can be tested and replaced independently. Blueprint definitions express sandbox configuration declaratively with operator-controlled resource profiles and pinned image references that the runtime reads at execution time rather than baking into command logic.
Tech Stack NemoClaw is built in TypeScript in strict mode targeting Node.js 22+ and distributed as an npm package using oclif for command discovery, parsing, and help rendering. The blueprint system uses YAML for declaring sandbox configurations with pinned OCI image digests for supply-chain integrity. Inference routing spans multiple providers — NVIDIA NIM, AWS Bedrock via the official AWS SDK, vLLM, Ollama, and OpenAI-compatible endpoints — unified behind a virtual inference gateway endpoint that routes to the selected backend at runtime. The build pipeline uses Biome for formatting and linting, Vitest as the test runner, and Sphinx with Fern for documentation generation. Pre-commit hooks via prek enforce code quality gates, and GitHub Actions runs CI with conventional commit enforcement.
Code Quality The codebase demonstrates comprehensive test coverage with over 750 test files across unit, integration, and live E2E scenarios, all using Vitest with typed describe/it/expect patterns and explicit timeout budgets. Error handling is deliberate — credential redaction uses symlink-safe file open flags and pattern-based secret scrubbing to prevent credential leakage in logs and backups. TypeScript strict mode is enforced project-wide, Biome handles consistent formatting and linting, and commitlint with conventional commit configuration maintains a structured changelog history. CI pipelines gate on type checking, lint, format verification, and test execution before merges.
What Makes It Unique NemoClaw’s most distinctive technical contribution is the virtual inference gateway — a unified local endpoint that transparently routes AI agent traffic to any supported inference backend without agent reconfiguration, enabling seamless switching between cloud and local providers. Paired with digest-pinned blueprint containers, NemoClaw goes further than typical agent sandboxing by explicitly guarding against registry-level supply-chain attacks: the blueprint enforces that the resolved image digest matches the declared value at the configuration level, not just at pull time. This supply-chain-aware design combined with structured operator approval flows for network policy changes represents a meaningful step beyond what most open-source agent deployment frameworks currently offer.
NemoClaw is released under the Apache License 2.0, which is a permissive open-source license with no copyleft requirements. You can use it commercially, modify it freely, and distribute it in proprietary products as long as you retain the copyright notice and license text. There are no restrictions on what models you run, which inference providers you connect to, or how you deploy the resulting system. The Apache 2.0 license also includes an explicit patent license from all contributors, which is a meaningful protection when building on software from a large technology vendor.
Running NemoClaw yourself requires a host environment where NVIDIA OpenShell is supported — the blueprint pins specific OpenShell and OpenClaw version ranges, so you will need to track those dependencies as they evolve. The sandbox image is a pinned OCI digest pulled from GitHub Container Registry, so outbound access to ghcr.io is required unless you mirror the image internally. Inference providers add their own infrastructure requirements: cloud providers need API keys and internet access, while local options like vLLM or local NIM instances require substantial GPU resources to run the backing model. You are responsible for sandbox updates, network policy maintenance, host OS patching, and credential rotation — NemoClaw provides the tooling but not the managed operations layer.
As an alpha project, NemoClaw does not offer guaranteed response timelines from maintainers, no SLAs, and no dedicated enterprise support channels beyond public GitHub Discussions and Discord. There is no commercial cloud-hosted version of NemoClaw to compare against — it is purely a self-hosted reference stack. The trade-off is full control over data, inference backend, and security posture versus accepting that production readiness, HA configurations, and long-term maintenance are entirely the operator’s responsibility.
No Code Platforms · AI Development · Developer Tools
Visual LLM workflow platform with RAG pipelines, agent capabilities, and model management for building production AI applications.
AI Code Assistants · AI Development
Orchestrate an army of AI coding agents—Claude Code, Codex, Gemini CLI, and more—running simultaneously in isolated git worktrees from a single Electron desktop app.
AI Code Assistants · AI Development
The self-hosted developer control center for running AI coding agents — locally, in Docker, on VMs, or across cloud backends — with automation workflows for GitHub, Slack, and more.