🚀 NemoClaw v0.0.61 is out!

[jyaunches]

Compare range: v0.0.60...v0.0.61 · target commit 16470fa0 · 59 PRs.

This release is a stability and boundary release. We tightened the sandbox edge — strict SSRF now defaults through the sandbox proxy, file-descriptor limits are capped at entrypoint, and a stale-PID lock that could trap sandboxes.json is now reclaimable. Three batches of code-scanning findings (P0/P1/P2) and a curl-probe extraction shrink the security surface without changing the operator contract.

Onboarding and resume recovery picked up six concrete fixes: ARM64 image-tar uploads now have a clear classification and workaround, the Hermes dashboard refuses port collisions, rebuilt resume snapshots no longer break on detach, the managed-inference hostname bypasses host proxies, and the DGX Station vLLM default is back to Qwen3.6 27B FP8. Slack denied @-mentions now notify the sender instead of silently dropping, and Hermes recovers without leaking env secrets across sandbox boundaries.

Underneath, we shipped a four-PR refactor that moves the onboarding FSM to ordered provider result sequences, plus a phase-4a migration of messaging conflict detection to manifest-plan architecture. The CI surface got 22 changes — a docs-only fast path, sharded CLI coverage gates, oversized-test guards, real-shell e2e assertions replacing the dry-run runner, and a long pass of CLI test splits and subprocess trims. The result: faster PR signal, less flake, and meaningful coverage where we previously had subprocess matrices.

Sandbox and Network Stability

• #4915 exposes active policy presets, allowed hosts, and approval paths in the agent context — agents can now reason about their own egress envelope instead of guessing.
• #4932 routes unconfigured strict-SSRF fetches through the sandbox proxy (closes #4687) — strict mode no longer silently bypasses the proxy.
• #4944 caps sandbox open file descriptors (nofile) at entrypoint — prevents one runaway agent from exhausting host limits.
• #4922 breaks stale sandboxes.json locks held by recycled PIDs — sandbox registry no longer wedges after a host crash.
• #4936 recovers late dashboard tool-scope approvals via doctor (closes #4616) — approvals delivered after sandbox start are no longer lost.
• #4912 fixes local gateway doctor and large-backup handling — both paths now stream instead of buffering.
• #4900 resets NPM_CONFIG_OFFLINE after build-time plugin install — runtime npm calls inside the sandbox no longer fail offline.
• #4970 stages patch-openclaw-slack-deny-feedback.mts in the build context — the Slack-deny-feedback patch now reliably ships.

Onboarding and Resume Recovery

• #4934 classifies the ARM64 image-tar upload 404 and applies an image-ref workaround (closes #3266) — Apple Silicon and ARM hosts get a deterministic onboarding path.
• #4943 detaches sandbox providers before rebuild deletes the sandbox — fixes a class of orphaned-provider failures during rebuild.
• #4938 repairs rebuilt resume snapshots — resume after rebuild no longer drops session state.
• #4897 bypasses host proxy for the managed inference hostname — operators behind corporate proxies can hit managed inference without policy edits.
• #4896 accepts messaging selector key sequences during onboarding — multi-keystroke selectors no longer dead-end the form.
• #4888 restores Qwen3.6 27B FP8 as the DGX Station vLLM default.

Messaging, Hermes, and Inference

• #4933 makes Slack notify the sender when an @-mention is denied instead of dropping silently — denied mentions are now visible feedback instead of a black hole.
• #4889 lets onboarding register operator-supplied extra placeholder keys — Hermes integrations can declare their own placeholder vocabulary without forking the form.
• #4959 enforces the env-secret boundary on Hermes sandbox recover — recovery no longer crosses the secret boundary.
• #4931 rejects the Hermes dashboard internal port when it collides with the dashboard port — surfaces the collision at config time instead of after start.
• #4904 restarts the vLLM container after host reboot (closes #4886) — inference comes back without manual intervention.

Security Hardening

• #4878, #4880, and #4884 close the P0, P1, and P2 code-scanning batches — three coordinated passes that reset the security debt baseline.
• #4885 extracts the curl-probe policy into a single seam — future probe changes touch one file instead of N.
• #4976 routes test temp paths through the secure helper — removes a class of TOCTOU and shared-tmp races in the test suite.
• #4980 keeps the tunnel service PID directory stable across restarts — tunnel reconciliation no longer chases moving paths.

Onboarding and Messaging Architecture

• #4471, #4472, #4473, and #4475 refactor the onboarding FSM to return ordered provider result sequences and run live sequences with record-only steps, with a sequence-runner adapter to bridge legacy callers — sets up deterministic replay and removes a long-standing source of onboarding nondeterminism.
• #4901 persists messagingPlan in session so resume picks it up cleanly.
• #4908 migrates messaging conflict detection to the manifest-plan architecture (phase 4a, #4392) — reduces ad-hoc conflict logic and centralizes the source of truth.

Skills, Docs, and Release Surface

• #4164 recommends backup-all for host backups and demotes the in-tree script to engineering-only — contributed by @glenn-agent.
• #4759 standardizes copyable command examples across the docs — contributed by @HanClinto.
• #4879 refreshes the v0.0.60 release notes for the docs site.
• #4935 refines the shared triage taxonomy across docs, project-management, and skills.
• #4939 and #4963 clarify the e2e single-runner scenario target and adopt Vitest fixtures as the scenario runner.

CI and Release Confidence

• #4380 replaces the dry-run e2e runner with real shell assertions and deletes --validate-only and the bash runner — the e2e suite now exercises actual sandbox state transitions.
• #4977 shards the PR CLI coverage gate so coverage signal arrives faster on every PR.
• #4887 adds a docs-only PR fast path and splits code checks — docs PRs no longer wait on the full code matrix.
• #4905 and #4906 guard against oversized test files and remove unused CodeQL declarations.
• #4655, #4656, #4928, #4964 — e2e drift guard, scenario summary clarity, runtime-override and Docker-auth stability, and an opt-in live scenario project.
• #4893 uploads CLI Vitest timing reports so test-time regressions show up in CI artifacts.
• #4903 stabilizes platform Vitest failures.
• CLI test acceleration pass: #4895, #4898, #4907, #4911, #4913, #4914, #4919, #4927, #4929 replace slow subprocess matrices with unit coverage and trim remaining subprocess waits — PR feedback is materially faster.
• #4910 and #4920 tighten policy test coverage by importing tier helpers by name and moving confirmation coverage to action tests.

Thank you

Thank you to external contributors @glenn-agent for #4164 and @HanClinto for #4759 — both shipped in this release.