NemoClaw v0.0.60 is out

[cv]

NemoClaw v0.0.60 is a broad stability release for always-on OpenClaw and Hermes sandboxes. It tightens the boundary between runtime guidance and user-visible chat, improves OpenClaw device-approval policy handling, keeps sandbox network and file guidance actionable, and adds more secret-scanning and secret-withholding coverage where messaging and managed tools cross host/sandbox boundaries.

This release also makes onboarding and day-two operations more predictable. Local inference setup is stronger across NVIDIA NIM, Ollama, vLLM, DGX Spark, DGX Station, Anthropic-compatible routes, and multimodal model selection; sandbox lifecycle paths preserve concurrent gateways, dashboard forwards, mutable OpenClaw config permissions, Docker-driver behavior, and GPU-patch rollback state more carefully.

Finally, v0.0.60 continues the move toward manifest-driven integrations and more deterministic maintainer operations. Messaging enrollment now runs through reusable manifest hooks, CLI status/list/tunnel commands align more closely with environment overrides, release and docs surfaces were refreshed, and nightly/CI guardrails received enough polish to make regressions easier to interpret before they reach users.

OpenClaw, Runtime Context, and Policy Controls

• #4037 routes NemoClaw runtime instructions through prependSystemContext instead of allowing <nemoclaw-runtime> blocks to leak into the visible chat transcript. This keeps policy and runtime guidance active without confusing users with internal control text.
• #4788 shares the OpenClaw device-approval allowlist and scope policy between startup auto-pairing and connect-time approval. The compatibility path remains fail-closed while existing sandboxes still receive the helper during connect.
• #4875 updates runtime context for sandbox network and file operations so agents try allowed endpoints and in-sandbox filesystem actions before reporting them unavailable. This makes policy-denied, DNS, timeout, TLS, and filesystem failures easier to distinguish in operator-facing explanations.
• #4768 adds safe common egress defaults, including read-only weather and public-reference presets, and wires Hermes managed-tool presets into Hermes open-policy selection. This gives operators useful default access without widening OpenClaw and Hermes policy surfaces interchangeably.
• #4328 keeps policy preset descriptions line-scoped when listing presets. WhatsApp and other YAML-backed presets no longer display network-policy body content as if it were prose.
• #3788 validates NEMOCLAW_POLICY_TIER before non-interactive onboarding performs preflight, gateway, or inference side effects. Bad scripted policy-tier values now fail at the point users can fix them most safely.
• #4864 narrows that early policy-tier validation to non-interactive onboarding. Interactive onboarding ignores an invalid environment value and continues to the normal prompt, preserving the user-guided flow.

Sandbox, Gateway, and Onboarding Reliability

• #4580 uses the OpenShell package-managed openshell-gateway user service when available and keeps the standalone gateway path as a compatibility fallback. Gateway lifecycle behavior now follows the platform-owned service on hosts that provide one.
• #4598 scopes gateway and dashboard cleanup by port and sandbox instance. A second onboarding run with a different gateway port no longer retires the first sandbox's gateway or dashboard forward.
• #4748 avoids writing the local gateway marker for OpenShell Docker-driver sandboxes. Docker-driver sandboxes are detected from OPENSHELL_DRIVERS, including mixed driver lists, so host-gateway assumptions stay accurate.
• #4777 hardens the Docker GPU patch path by waiting longer for supervisor reconnects, rolling back to the pre-patch container on reconnect failure, and letting non-root rc cleanup exit cleanly when root-owned files cannot be rewritten.
• #4610 preserves NemoClaw's group-writable OpenClaw config contract after openclaw doctor --fix. Gateway-side config writes stay possible even after OpenClaw tightens state-file permissions.
• #4454, #4457, #4458, and #4461 continue the onboarding state-machine migration with compatibility bridges, record-only step helpers, runtime mutation options, and a record-only FSM runner adapter. The result is safer groundwork for resumable onboarding without abruptly changing legacy step behavior.
• #4868 honors .dockerignore when staging custom onboard --from <Dockerfile> build contexts. Custom images copy less unnecessary data while still preserving NemoClaw's built-in secret and path exclusions.
• #4870 adds NEMOCLAW_MINIMAL_BOOTSTRAP to skip default workspace-template seeding for new pristine workspaces. This lets operators reduce project-context overhead without deleting files that already exist.

Inference, Hermes, and Local Model Routes

• #4641 fixes Local NVIDIA NIM onboarding on Docker 29.x/containerd image-store hosts by pulling NIM images by platform digest, extending first-start waits, and routing validation through the served model id. DGX Spark NIM setup is now less likely to fail on multi-arch attestation fetches, slow model loads, or catalog/served-id mismatches.
• #4810 moves the DGX Spark vLLM profile from an upstream nightly image to the stable NGC vllm:26.05.post1 container. Managed vLLM on Spark now has a more reproducible runtime base.
• #4867 updates the DGX Station managed-vLLM recipe to serve DeepSeek V4 Flash with the NVIDIA vLLM 26.05.post1 container. DGX Station users get the newer managed model profile and the same stable container lineage.
• #4852 tightens Ollama bootstrap model fit checks, raises the adopted runtime-context floor, extends cold-load probing beyond Spark hosts, and exits repeated model-selection failures instead of looping indefinitely. Tight-VRAM dGPU hosts get a more realistic local Ollama path.
• #4847 synchronizes Anthropic runtime routes for Hermes and OpenClaw during inference set. NemoClaw now resolves API family before patching in-sandbox config, sets or clears Hermes model.api_mode appropriately, and preserves the Bedrock Runtime adapter exception.
• #4800 disables native tool search for Nemotron managed inference on the inference.local route where the model repeatedly produced invalid JavaScript for OpenClaw's native code-search tool. The route falls back to the structured tool-calling surface the model handles correctly.
• #4333 prompts during interactive onboarding when a discovered model name looks multimodal. Users can opt into text,image inputs without needing to know the NEMOCLAW_INFERENCE_INPUTS environment variable.
• #4086 strips empty segments when extending NO_PROXY in both CLI and plugin subprocess environments. Malformed proxy-bypass lists with doubled or trailing commas no longer propagate into child processes.
• #4811 exposes Hermes' built-in dashboard while preserving the OpenAI-compatible API on port 8642. Dashboard assets are prebuilt into the sandbox image so runtime dashboard startup does not need to run npm under /opt/hermes.
• #4854 preserves the OpenShell proxy rewrite API-key placeholder when switching Hermes inference routes. Dashboard and TUI sessions no longer fall back to no-key-required after nemohermes inference set rewrites config.
• #4855 points Hermes dashboard chat at the prebuilt /opt/hermes/ui-tui bundle. hermes dashboard --tui --skip-build and NemoClaw dashboard recovery avoid runtime rebuild attempts under root-owned install paths.

Messaging, CLI, and Day-Two Operations

• #4248 migrates messaging enrollment to manifest hooks for Telegram, Discord, Slack, WeChat, and WhatsApp. Token paste, configuration prompts, and shared channel helpers now live behind common integration plumbing instead of one-off setup flows.
• #4771 keeps Hermes remote secrets out of sandbox-visible surfaces while preserving the existing remote toolset surface for API and messaging platforms. Hermes startup now rejects raw secret-shaped values in sandbox env/config and uses OpenShell resolver placeholders for managed-tool gateway auth.
• #4320 adds the missing nemoclaw tunnel status command and tunnel namespace help. Operators can inspect tunnel state without inferring it from start/stop behavior.
• #4756 makes global nemoclaw status resolve the target sandbox the same way as start and stop, honoring SANDBOX_NAME, NEMOCLAW_SANDBOX, and NEMOCLAW_SANDBOX_NAME for service PID lookup.
• #4866 extends the same environment-aware default-sandbox resolution to nemoclaw list and inventory JSON. Status, start, stop, and list now agree on the selected sandbox.
• #4848 mirrors installed OpenClaw skills into the agent home directory as well as the OpenClaw state directory. Skills that appear in openclaw skills list now load at session start when $HOME differs from the state dir.

Security, CI, Docs, and Maintainer Confidence

• #4787 expands persistent-memory secret scanning to cover OpenAI project keys with hyphens/underscores and Slack app-level xapp-* tokens. More credential formats are caught before they persist in memory.
• #4862 withholds live Slack, Discord, and Telegram secrets from selective nightly E2E dispatches that target explicit refs. Live messaging credentials are now limited to trusted refs.
• #4863 replaces GUID-like Hermes secret-boundary fixtures with benign sentinels. Tests continue validating secret rejection without committing values that look like real scanner targets.
• #4791 adds a lightweight pull_request_target policy check requiring maintainer edits to be enabled on fork PRs. The repository policy becomes visible in CI without checking out or executing untrusted fork code.
• #4783 improves nightly E2E scorecard Slack rendering with clearer routing-secret names, mode/actor context, and GitHub Actions API-backed failed-job links and counts. Nightly failures are easier to triage, especially on re-runs.
• #4860 keeps OpenShell gateway-drift mocks isolated in tests when injected dependencies return null. Gateway drift coverage no longer accidentally probes local Docker state while modeling missing gateway containers.
• #4790 refreshes the v0.0.59 release notes, updates current local-inference and credential-storage docs, regenerates user skills, and tightens release-prep guidance for docs and generated skills.
• #4857 adds an agent-ready maintainer workflow policy package and updates issue templates plus the skill catalog to reference it. Maintainer agents now have a project-native policy reference for labels, project fields, and daily release workflow decisions.

Thank you

Thank you to external contributors @kagura-agent, @atulya-singh, @tiaz-hh, @deepujain, @yimoj, @glenn-agent, @fallintoplace, @Thabhelo, and @amata-human for contributions included in this release.