Description
Walking through the onboard guide for Hermes Agent and configuring Discord as the messaging gateway, I end up with invalid configuration being injected into the config.yaml file in the sandbox.
The config.yaml file generated includes:
platforms:
discord:
enabled: true
token: "openshell:resolve:env:DISCORD_BOT_TOKEN"
and the .env file includes
DISCORD_BOT_TOKEN=openshell:resolve:env:DISCORD_BOT_TOKEN
When, as per the docs on the discord config, it should resemble something closer to:
discord:
require_mention: true
free_response_channels: ''
allowed_channels: ''
auto_thread: true
reactions: true
channel_prompts: {}
server_actions: ''
Note: discord is a top level key in the config.yaml file
This would typically then be paired with config via the .env file, which should probably look like this:
DISCORD_BOT_TOKEN=openshell:resolve:env:DISCORD_BOT_TOKEN
DISCORD_REQUIRE_MENTION=openshell:resolve:env:DISCORD_REQUIRE_MENTION
DISCORD_ALLOWED_USERS=openshell:resolve:env:DISCORD_ALLOWED_USERS
I have not tested Slack or Telegram yet, but I wouldn't be surprised if they have similar misconfiguration issues. If needed, I'll create further tickets once I've had a chance to test those ones.
Reproduction Steps
./bin/nemoclaw.js onboard --agent hermes- configure inference preferences
- select Discord in Messaging Channels
- fill out Discord config as per prompts
./bin/nemoclaw.js hermes connectcat /sandbox/.hermes/config.yaml -> you can view the invalid config
Environment
OS: Arch Linux
Node: 24.13.1
Python: 3.12.12
Docker: 29.4.1
NemoClaw: main branch
Debug Output
Logs
~/n/NemoClaw (main)> ./bin/nemoclaw.js onboard --agent hermes
NemoClaw Onboarding
===================
[1/8] Preflight checks
──────────────────────────────────────────────────
✓ Docker is running
✓ Container DNS resolution works
✓ Container runtime: docker
✓ openshell CLI: openshell 0.0.36
Cleaning up previous NemoClaw session...
! No active forward found for port 18789
• Destroying gateway nemoclaw...
✓ Gateway nemoclaw destroyed.
✓ Previous session cleaned up
✓ Port 8080 available (OpenShell gateway)
ⓘ Local NIM unavailable — no GPU detected
✓ Memory OK: 32014 MB RAM + 126165 MB swap
[2/8] Starting OpenShell gateway
──────────────────────────────────────────────────
Using pinned OpenShell gateway image: ghcr.io/nvidia/openshell/cluster:0.0.36
Starting gateway cluster...
Still starting gateway cluster... (5s elapsed)
Still starting gateway cluster... (10s elapsed)
Still starting gateway cluster... (20s elapsed)
Still starting gateway cluster... (30s elapsed)
Still starting gateway cluster... (40s elapsed)
Installing OpenShell components...
Still installing OpenShell components... (50s elapsed)
Starting OpenShell gateway pod...
Still starting OpenShell gateway pod... (60s elapsed)
Waiting for gateway health...
Waiting for gateway health...
Gateway container is still running healthy; allowing up to 60s for first-time startup.
✓ Gateway is healthy
✓ Active gateway set to 'nemoclaw'
[3/8] Configuring inference (NIM)
──────────────────────────────────────────────────
Inference options:
1) NVIDIA Endpoints
2) OpenAI
3) Other OpenAI-compatible endpoint
4) Anthropic
5) Other Anthropic-compatible endpoint
6) Google Gemini
7) Install Ollama (Linux)
Choose [1]: 3
OpenAI-compatible base URL (e.g., https://openrouter.ai): https://inference-api.nousresearch.com/v1
Other OpenAI-compatible endpoint API key: ****************************************
COMPATIBLE_API_KEY staged. Onboarding will register it with the OpenShell gateway.
Other OpenAI-compatible endpoint model []: anthropic/claude-opus-4.7
Chat Completions API available — OpenClaw will use openai-completions.
Using Other OpenAI-compatible endpoint with model: anthropic/claude-opus-4.7
Sandbox name (lowercase, starts with letter, hyphens ok) [my-assistant]: hermes
──────────────────────────────────────────────────
Review configuration
──────────────────────────────────────────────────
Provider: compatible-endpoint
Model: anthropic/claude-opus-4.7
API key: COMPATIBLE_API_KEY (staged for OpenShell gateway registration)
Web search: disabled
Messaging: none
Sandbox name: hermes
Note: Sandbox build takes ~6 minutes on this host.
──────────────────────────────────────────────────
Web search and messaging channels will be prompted next.
Apply this configuration? [Y/n]: y
[4/8] Setting up inference provider
──────────────────────────────────────────────────
✓ Active gateway set to 'nemoclaw'
✓ Created provider compatible-endpoint
Gateway inference configured:
Route: inference.local
Provider: compatible-endpoint
Model: anthropic/claude-opus-4.7
Version: 1
Timeout: 180s
✓ Inference route set: compatible-endpoint / anthropic/claude-opus-4.7
Web search is not yet supported by Hermes Agent. Skipping.
[5/8] Messaging channels
──────────────────────────────────────────────────
Available messaging channels:
[1] ○ telegram — Telegram bot messaging
[2] ● discord — Discord bot messaging
[3] ○ slack — Slack bot messaging
Press 1-3 to toggle, Enter when done:
Discord Developer Portal → Applications → Bot → Reset/Copy Token.
Discord Bot Token: ************************************************************************
✓ discord token saved
Enable Developer Mode in Discord, then right-click your server and copy the Server ID.
Discord Server ID (for guild workspace access): REDACTED
✓ discord server ID saved
Choose whether the bot should reply only when @mentioned or to all messages in this server.
Reply only when @mentioned? [Y/n]: y
✓ discord reply mode saved: @mentions only
Optional: enable Developer Mode in Discord, then right-click your user/avatar and copy the User ID. Leave blank to allow any member of the configured server to message the bot.
Discord User ID (optional guild allowlist): REDACTED
✓ discord user ID saved
[6/8] Creating sandbox
──────────────────────────────────────────────────
Using Hermes Agent Dockerfile: /home/ben/nous/NemoClaw/agents/hermes/Dockerfile
✓ Created provider hermes-discord-bridge
Creating sandbox 'hermes' (this takes a few minutes on first run)...
Pinning base image to sha256:133cd39d4f1d...
Building sandbox image...
Building image openshell/sandbox-from:1777977375 from /tmp/nemoclaw-build-AN7toX/Dockerfile
Step 1/36 : ARG BASE_IMAGE=ghcr.io/nvidia/nemoclaw/hermes-sandbox-base@sha256:133cd39d4f1d85436b08d7512b746c970733c9c6891e7326261...
Step 2/36 : FROM ${BASE_IMAGE}
Step 3/36 : RUN set -eu; hermes_path="$(command -v hermes 2>/dev/null || true)"; if [ "$hermes_path" != "/usr/local/bin/h...
Step 4/36 : RUN (apt-get remove --purge -y gcc gcc-12 g++ g++-12 cpp cpp-12 make netcat-openbsd netcat-traditional ncat 2...
Step 5/36 : ENV HERMES_TELEGRAM_DISABLE_FALLBACK_IPS=1
Step 6/36 : COPY agents/hermes/plugin/ /opt/nemoclaw-hermes-plugin/
Step 7/36 : RUN chmod -R a+rX /opt/nemoclaw-hermes-plugin/
Step 8/36 : COPY agents/hermes/generate-config.ts /opt/nemoclaw-generate-config.ts
Step 9/36 : RUN chmod 444 /opt/nemoclaw-generate-config.ts
Step 10/36 : COPY agents/hermes/decode-proxy.py /usr/local/bin/nemoclaw-decode-proxy
Step 11/36 : RUN chmod 755 /usr/local/bin/nemoclaw-decode-proxy
Step 12/36 : COPY nemoclaw-blueprint/ /opt/nemoclaw-blueprint/
Step 13/36 : RUN chmod -R a+rX /opt/nemoclaw-blueprint/
Step 14/36 : COPY scripts/lib/sandbox-init.sh /usr/local/lib/nemoclaw/sandbox-init.sh
Step 15/36 : COPY agents/hermes/start.sh /usr/local/bin/nemoclaw-start
Step 16/36 : RUN chmod 755 /usr/local/bin/nemoclaw-start /usr/local/lib/nemoclaw/sandbox-init.sh
Step 17/36 : ARG NEMOCLAW_MODEL=anthropic/claude-opus-4.7
Step 18/36 : ARG NEMOCLAW_PROVIDER_KEY=inference
Step 19/36 : ARG NEMOCLAW_INFERENCE_BASE_URL=https://inference.local/v1
Step 20/36 : ARG CHAT_UI_URL=http://127.0.0.1:8642
Step 21/36 : ARG NEMOCLAW_MESSAGING_CHANNELS_B64=WyJkaXNjb3JkIl0=
Step 22/36 : ARG NEMOCLAW_MESSAGING_ALLOWED_IDS_B64=e30=
Step 23/36 : ARG NEMOCLAW_BUILD_ID=1777977375794
Step 24/36 : ENV NEMOCLAW_MODEL=${NEMOCLAW_MODEL} NEMOCLAW_PROVIDER_KEY=${NEMOCLAW_PROVIDER_KEY} NEMOCLAW_INFERENCE_BASE_...
Step 25/36 : WORKDIR /sandbox
Step 26/36 : USER sandbox
Step 27/36 : RUN mkdir -p /sandbox/.nemoclaw/blueprints/0.1.0 && cp -r /opt/nemoclaw-blueprint/* /sandbox/.nemoclaw/blueprint...
Step 28/36 : RUN node --experimental-strip-types /opt/nemoclaw-generate-config.ts
Step 29/36 : RUN mkdir -p /sandbox/.hermes/plugins/nemoclaw && cp -r /opt/nemoclaw-hermes-plugin/* /sandbox/.hermes/plugins/n...
Step 30/36 : RUN mkdir -p /sandbox/.hermes/memories && printf '%s\n' 'You are a helpful AI assistant running inside an NV...
Step 31/36 : USER root
Step 32/36 : RUN set -eu; config_dir=/sandbox/.hermes; data_dir=/sandbox/.hermes-data; mkdir -p "$config_dir"; if...
Step 33/36 : RUN mkdir -p /etc/nemoclaw && sha256sum /sandbox/.hermes/config.yaml /sandbox/.hermes/.env > /etc/nemoclaw/h...
Step 34/36 : RUN sha256sum /sandbox/.hermes/config.yaml /sandbox/.hermes/.env > /sandbox/.hermes/.config-hash && chmod 60...
Step 35/36 : ENTRYPOINT ["/usr/local/bin/nemoclaw-start"]
Step 36/36 : CMD ["/bin/bash"]
Built image openshell/sandbox-from:1777977375
Uploading image into OpenShell gateway...
Pushing image openshell/sandbox-from:1777977375 into gateway "nemoclaw"
[progress] Exported 100 MiB
[progress] Exported 200 MiB
[progress] Exported 300 MiB
[progress] Exported 400 MiB
[progress] Exported 500 MiB
[progress] Exported 600 MiB
[progress] Exported 700 MiB
[progress] Exported 800 MiB
[progress] Exported 900 MiB
[progress] Exported 1000 MiB
[progress] Exported 1100 MiB
[progress] Exported 1200 MiB
[progress] Exported 1300 MiB
[progress] Exported 1400 MiB
[progress] Exported 1500 MiB
[progress] Exported 1600 MiB
[progress] Exported 1700 MiB
[progress] Exported 1800 MiB
[progress] Exported 1900 MiB
[progress] Exported 2000 MiB
[progress] Exported 2100 MiB
[progress] Exported 2139 MiB
[progress] Uploaded to gateway
Still uploading image into OpenShell gateway... (45s elapsed)
Image openshell/sandbox-from:1777977375 is available in the gateway.
Waiting for sandbox to become ready...
Sandbox reported Ready before create stream exited; continuing.
Waiting for sandbox to become ready...
Waiting for NemoClaw dashboard to become ready...
Dashboard taking longer than expected to start. Continuing...
! No active forward found for port 8642
Setting up sandbox DNS proxy...
Setting up DNS proxy in pod 'hermes' (10.200.0.1:53 -> 10.42.0.4)...
[PASS] DNS forwarder running (pid=374): dns-proxy: 10.200.0.1:53 -> 10.42.0.4:53 pid=374
[PASS] resolv.conf -> nameserver 10.200.0.1
[PASS] iptables: UDP 10.200.0.1:53 ACCEPT rule present
[PASS] getent hosts github.com -> 4.237.22.38 github.com
DNS verification: 4 passed, 0 failed
✓ Sandbox 'hermes' created
[7/8] Setting up Hermes Agent inside sandbox
──────────────────────────────────────────────────
Waiting for Hermes Agent gateway (up to 90s)...
⚠ Hermes Agent gateway did not respond within 90s.
The gateway may still be starting. Check: nemoclaw hermes logs
[8/8] Policy presets
──────────────────────────────────────────────────
Policy tier — controls which network presets are enabled:
[ ] Restricted
[ ] Balanced
> [✓] Open
↑/↓ j/k move Space select Enter confirm
Presets (Open defaults):
> [✓] [rw] npm
[✓] [rw] pypi
[✓] [rw] huggingface
[✓] [rw] brew
[✓] [rw] brave
[✓] [rw] slack
[✓] [rw] discord
[✓] [rw] telegram
[✓] [rw] jira
[✓] [rw] outlook
[ ] github
[ ] local-inference
↑/↓ j/k move Space include r toggle rw Enter confirm
Widening sandbox egress — adding: registry.npmjs.org, registry.yarnpkg.com
✓ Policy version 2 submitted (hash: ed99a736bdb7)
✓ Policy version 2 loaded (active version: 2)
Applied preset: npm
Widening sandbox egress — adding: pypi.org, files.pythonhosted.org
✓ Policy version 3 submitted (hash: 606dd7acb6a1)
✓ Policy version 3 loaded (active version: 3)
Applied preset: pypi
Widening sandbox egress — adding: huggingface.co, cdn-lfs.huggingface.co, router.huggingface.co
✓ Policy version 4 submitted (hash: 40ad367aeb96)
✓ Policy version 4 loaded (active version: 4)
Applied preset: huggingface
Widening sandbox egress — adding: formulae.brew.sh, github.com, ghcr.io, pkg-containers.githubusercontent.com, objects.githubusercontent.com, raw.githubusercontent.com
✓ Policy version 5 submitted (hash: cc7d4191facc)
✓ Policy version 5 loaded (active version: 5)
Applied preset: brew
Widening sandbox egress — adding: api.search.brave.com
✓ Policy version 6 submitted (hash: 300b3082edc3)
✓ Policy version 6 loaded (active version: 6)
Applied preset: brave
Widening sandbox egress — adding: slack.com, api.slack.com, hooks.slack.com, wss-primary.slack.com, wss-backup.slack.com
✓ Policy version 7 submitted (hash: d47692b1dc86)
✓ Policy version 7 loaded (active version: 7)
Applied preset: slack
Widening sandbox egress — adding: discord.com, gateway.discord.gg, cdn.discordapp.com, media.discordapp.net
✓ Policy version 8 submitted (hash: 521e73c9a9fe)
✓ Policy version 8 loaded (active version: 8)
Applied preset: discord
Widening sandbox egress — adding: api.telegram.org
✓ Policy version 9 submitted (hash: 453952a8dd3c)
✓ Policy version 9 loaded (active version: 9)
Applied preset: telegram
Widening sandbox egress — adding: *.atlassian.net, auth.atlassian.com, api.atlassian.com
✓ Policy version 10 submitted (hash: 06e6acc281af)
✓ Policy version 10 loaded (active version: 10)
Applied preset: jira
Widening sandbox egress — adding: graph.microsoft.com, login.microsoftonline.com, outlook.office365.com, outlook.office.com
✓ Policy version 11 submitted (hash: 80aa7c1d5c05)
✓ Policy version 11 loaded (active version: 11)
Applied preset: outlook
──────────────────────────────────────────────────
Sandbox hermes (Landlock + seccomp + netns)
Model anthropic/claude-opus-4.7 (Other OpenAI-compatible endpoint)
──────────────────────────────────────────────────
Run: nemoclaw hermes connect
Status: nemoclaw hermes status
Logs: nemoclaw hermes logs --follow
Hermes Agent OpenAI-compatible API
Port 8642 must be forwarded before connecting.
http://127.0.0.1:8642/v1
──────────────────────────────────────────────────
To change settings later:
Model: openshell inference set -g nemoclaw --model <model> --provider <provider>
Policies: nemoclaw hermes policy-add
Credentials: nemoclaw credentials reset <KEY> then nemoclaw onboard
ben@nyarlathotep ~/n/NemoClaw (main)> ./bin/nemoclaw.js hermes connect
✓ Connecting to sandbox 'hermes'
Inside the sandbox, run `hermes` to start chatting with the agent.
Type `/exit` to leave the chat, then `exit` to return to the host shell.
sandbox@hermes:~$ cat /sandbox/.hermes/config.yaml
_config_version: 12
model:
default: anthropic/claude-opus-4.7
provider: custom
base_url: "https://inference.local/v1"
terminal:
backend: local
timeout: 180
agent:
max_turns: 60
reasoning_effort: medium
memory:
memory_enabled: true
user_profile_enabled: true
skills:
creation_nudge_interval: 15
display:
compact: false
tool_progress: all
platforms:
discord:
enabled: true
token: "openshell:resolve:env:DISCORD_BOT_TOKEN"
api_server:
enabled: true
extra:
port: 18642
host: 127.0.0.1
sandbox@hermes:~$ cat /sandbox/.hermes/.env
API_SERVER_PORT=18642
API_SERVER_HOST=127.0.0.1
DISCORD_BOT_TOKEN=openshell:resolve:env:DISCORD_BOT_TOKENChecklist
Description
Walking through the onboard guide for Hermes Agent and configuring Discord as the messaging gateway, I end up with invalid configuration being injected into the config.yaml file in the sandbox.
The config.yaml file generated includes:
and the .env file includes
When, as per the docs on the discord config, it should resemble something closer to:
Note: discord is a top level key in the config.yaml file
This would typically then be paired with config via the .env file, which should probably look like this:
I have not tested Slack or Telegram yet, but I wouldn't be surprised if they have similar misconfiguration issues. If needed, I'll create further tickets once I've had a chance to test those ones.
Reproduction Steps
./bin/nemoclaw.js onboard --agent hermes./bin/nemoclaw.js hermes connectcat /sandbox/.hermes/config.yaml-> you can view the invalid configEnvironment
OS: Arch Linux
Node: 24.13.1
Python: 3.12.12
Docker: 29.4.1
NemoClaw: main branch
Debug Output
Logs
Checklist