Description
Description
Two related gaps in the CLI Commands Reference page
(docs/reference/commands.md, rendered at
https://docs.nvidia.com/nemoclaw/latest/reference/commands.html):
(D4) The `openshell settings` subcommand family is never mentioned, but
it exists on OpenShell 0.0.39 and changes real sandbox behaviour.
The family is:
openshell settings get [|--global]
openshell settings set ... --key X --value Y
openshell settings delete ...
On a running sandbox it exposes three named settings:
agent_policy_proposals_enabled
ocsf_json_enabled
providers_v2_enabled
None of those keys, and none of `settings get/set/delete`, appear
anywhere in commands.md or cli-selection-guide.md. Because the page
does mention other `openshell` subcommands (term, forward, sandbox
list, policy get/update/set, sandbox exec/upload/download), this is
a real gap, not "intentional out of scope".
(D5) The sandbox runs with a non-obvious environment that NemoClaw
stamps in but doesn't disclose to the operator anywhere. From
inside the sandbox:
OPENSHELL_SANDBOX=1
HERMES_HOME=/sandbox/.hermes
HOME=/sandbox
USER=sandbox
http_proxy=http://10.200.0.1:3128
https_proxy=http://10.200.0.1:3128
grpc_proxy=http://10.200.0.1:3128
NO_PROXY=localhost,127.0.0.1,::1,10.200.0.1
NODE_USE_ENV_PROXY=1
SSL_CERT_FILE=/etc/openshell-tls/ca-bundle.pem
NODE_EXTRA_CA_CERTS=/etc/openshell-tls/openshell-ca.pem
CURL_CA_BUNDLE=/etc/openshell-tls/ca-bundle.pem
REQUESTS_CA_BUNDLE=/etc/openshell-tls/ca-bundle.pem
GIT_SSL_CAINFO=/etc/openshell-tls/ca-bundle.pem
PATH=/usr/local/bin:/opt/hermes/.venv/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
Two things matter for the reader of commands.md:
1. Every TLS-using binary inside the sandbox (curl, node, python
requests, git) is pinned to an OpenShell-managed CA bundle.
The user has no idea where that bundle comes from or how to
inspect it.
2. All HTTP/HTTPS/gRPC traffic from the sandbox is forced through
a host-side proxy at 10.200.0.1:3128. The sandbox cannot reach
the outside world directly; everything is gateway-mediated.
The architecture page hints at this but commands.md does not
mention the proxy or the IP at all.
A reader debugging "why does curl from inside the sandbox time out"
has no way to figure out from the docs that there is a fixed-IP
host proxy and a fixed CA pin.
Combined fix: commands.md gains
(a) a short subsection for `openshell settings get/set/delete` with
the 3 known setting keys, and
(b) a small "Sandbox runtime environment" callout (or a row in the
Environment Variables table at the bottom of the page) listing
the OPENSHELL_SANDBOX / HERMES_HOME / proxy / CA-bundle variables
that are stamped into the sandbox by NemoClaw.
Environment
Device: ipp2-1558 (10.176.178.100), x86_64 server, 32 vCPU / 125 GB RAM, NVIDIA A100 80GB PCIe
OS: Ubuntu 24.04.4 LTS (Linux 6.17.0-23-generic)
Architecture: x86_64
Node.js: v22.x
Docker: 29.5.0
OpenShell CLI: 0.0.39
NemoClaw: v0.0.44
OpenClaw: v2026.4.24
Steps to Reproduce
1. Open
https://docs.nvidia.com/nemoclaw/latest/reference/commands.html
and search the page for "settings".
curl -s https://docs.nvidia.com/nemoclaw/latest/reference/commands.html \
| grep -iE "openshell settings|settings get"
Zero hits.
2. Confirm the subcommand exists on the supported OpenShell:
openshell settings # lists get/set/delete subcommands
openshell settings get # prints the 3 settings keys
3. Read the sandbox env from a running sandbox:
openshell sandbox exec -n -- env
Confirm the OPENSHELL_SANDBOX / HERMES_HOME / http_proxy /
CA-bundle env vars listed above.
4. Search commands.md for any mention of `10.200.0.1`, `OPENSHELL_SANDBOX`,
or `HERMES_HOME`:
grep -E "10\.200\.0\.1|OPENSHELL_SANDBOX|HERMES_HOME" \
~/.nemoclaw/source/docs/reference/commands.md
Zero hits.
Expected Result
commands.md (and cli-selection-guide.md where appropriate) covers:
- openshell settings get/set/delete usage + the 3 known setting keys
- a small "Sandbox runtime environment" subsection describing the env
vars NemoClaw stamps into the sandbox (OPENSHELL_SANDBOX,
HERMES_HOME, the host proxy at 10.200.0.1:3128, and the pinned CA
bundle at /etc/openshell-tls/) so operators debugging in-sandbox
network or TLS failures have a starting point.
Actual Result
Step 1 — zero hits. The doc never mentions openshell settings.
Step 2 — the subcommand and its 3 setting keys are real on 0.0.39.
Step 3 — the sandbox env is consistent with what is described above.
Step 4 — zero hits. The doc never mentions the host proxy IP or the
pinned CA bundle path.
Logs
$ openshell settings 2>&1 | head -10
Manage sandbox and gateway settings
USAGE
settings [COMMAND]
COMMANDS
get Show effective settings for a sandbox or gateway-global scope
set Set a single setting key
delete Delete a setting key (sandbox-scoped or gateway-global)
$ openshell settings get hermes-bug
Sandbox: hermes-bug
Config Rev: 18404290647751869709
Policy Source: sandbox
Policy Hash: a5910c98c139c3666fa820718e0629cceea1aecb700ad87d6c20a636d5aedeae
Settings:
agent_policy_proposals_enabled = (unset)
ocsf_json_enabled = true (sandbox)
providers_v2_enabled = (unset)
$ openshell sandbox exec -n hermes-bug -- env | sort | head -20
ALL_PROXY=http://10.200.0.1:3128
CURL_CA_BUNDLE=/etc/openshell-tls/ca-bundle.pem
GIT_SSL_CAINFO=/etc/openshell-tls/ca-bundle.pem
HERMES_HOME=/sandbox/.hermes
HOME=/sandbox
HTTP_PROXY=http://10.200.0.1:3128
HTTPS_PROXY=http://10.200.0.1:3128
NO_PROXY=localhost,127.0.0.1,::1,10.200.0.1
NODE_EXTRA_CA_CERTS=/etc/openshell-tls/openshell-ca.pem
NODE_USE_ENV_PROXY=1
OPENSHELL_SANDBOX=1
PATH=/usr/local/bin:/opt/hermes/.venv/bin:/usr/local/bin:/usr/bin:/bin:...
REQUESTS_CA_BUNDLE=/etc/openshell-tls/ca-bundle.pem
SSL_CERT_FILE=/etc/openshell-tls/ca-bundle.pem
SHELL=/bin/bash
TERM=dumb
USER=sandbox
grpc_proxy=http://10.200.0.1:3128
http_proxy=http://10.200.0.1:3128
https_proxy=http://10.200.0.1:3128
Suggested Fix
(a) Add a "### `openshell settings get/set/delete`" subsection to
commands.md inside or near the section that already references
`openshell` from NemoClaw context. List the 3 known setting keys
(agent_policy_proposals_enabled, ocsf_json_enabled,
providers_v2_enabled) with a 1-line description each.
(b) Add a "## Sandbox runtime environment" subsection (or extend the
Environment Variables section at the bottom) summarising the env
vars NemoClaw stamps into the sandbox:
- OPENSHELL_SANDBOX=1 set inside sandbox; useful in
scripts that need to detect "am I
in a sandbox".
- HERMES_HOME=/sandbox/.hermes Hermes config root (Hermes agent
sandboxes only).
- HOME=/sandbox, USER=sandbox sandbox process identity.
- http_proxy / https_proxy /
grpc_proxy / ALL_PROXY =
http://10.200.0.1:3128 Every outbound HTTP/HTTPS/gRPC call
goes through this host-side proxy.
- CA-bundle env vars
(CURL_CA_BUNDLE,
SSL_CERT_FILE,
REQUESTS_CA_BUNDLE,
NODE_EXTRA_CA_CERTS,
GIT_SSL_CAINFO) =
/etc/openshell-tls/*.pem Pins every TLS-using binary to the
OpenShell-managed CA bundle.
Operators debugging "my sandbox-side curl/git/python is timing out"
can then immediately see (i) the proxy hop and (ii) the CA pin.
Bug Details
| Field |
Value |
| Priority |
Unprioritized |
| Action |
Dev - Open - To fix |
| Disposition |
Open issue |
| Module |
Machine Learning - NemoClaw |
| Keyword |
NemoClaw, NemoClaw_Docs, NEMOCLAW_GH_SYNC_APPROVAL |
[NVB#6186955]
Description
Description
Two related gaps in the CLI Commands Reference page (docs/reference/commands.md, rendered at https://docs.nvidia.com/nemoclaw/latest/reference/commands.html): (D4) The `openshell settings` subcommand family is never mentioned, but it exists on OpenShell 0.0.39 and changes real sandbox behaviour. The family is: openshell settings get [|--global] openshell settings set ... --key X --value Y openshell settings delete ... On a running sandbox it exposes three named settings: agent_policy_proposals_enabled ocsf_json_enabled providers_v2_enabled None of those keys, and none of `settings get/set/delete`, appear anywhere in commands.md or cli-selection-guide.md. Because the page does mention other `openshell` subcommands (term, forward, sandbox list, policy get/update/set, sandbox exec/upload/download), this is a real gap, not "intentional out of scope". (D5) The sandbox runs with a non-obvious environment that NemoClaw stamps in but doesn't disclose to the operator anywhere. From inside the sandbox: OPENSHELL_SANDBOX=1 HERMES_HOME=/sandbox/.hermes HOME=/sandbox USER=sandbox http_proxy=http://10.200.0.1:3128 https_proxy=http://10.200.0.1:3128 grpc_proxy=http://10.200.0.1:3128 NO_PROXY=localhost,127.0.0.1,::1,10.200.0.1 NODE_USE_ENV_PROXY=1 SSL_CERT_FILE=/etc/openshell-tls/ca-bundle.pem NODE_EXTRA_CA_CERTS=/etc/openshell-tls/openshell-ca.pem CURL_CA_BUNDLE=/etc/openshell-tls/ca-bundle.pem REQUESTS_CA_BUNDLE=/etc/openshell-tls/ca-bundle.pem GIT_SSL_CAINFO=/etc/openshell-tls/ca-bundle.pem PATH=/usr/local/bin:/opt/hermes/.venv/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games Two things matter for the reader of commands.md: 1. Every TLS-using binary inside the sandbox (curl, node, python requests, git) is pinned to an OpenShell-managed CA bundle. The user has no idea where that bundle comes from or how to inspect it. 2. All HTTP/HTTPS/gRPC traffic from the sandbox is forced through a host-side proxy at 10.200.0.1:3128. The sandbox cannot reach the outside world directly; everything is gateway-mediated. The architecture page hints at this but commands.md does not mention the proxy or the IP at all. A reader debugging "why does curl from inside the sandbox time out" has no way to figure out from the docs that there is a fixed-IP host proxy and a fixed CA pin. Combined fix: commands.md gains (a) a short subsection for `openshell settings get/set/delete` with the 3 known setting keys, and (b) a small "Sandbox runtime environment" callout (or a row in the Environment Variables table at the bottom of the page) listing the OPENSHELL_SANDBOX / HERMES_HOME / proxy / CA-bundle variables that are stamped into the sandbox by NemoClaw.Environment Steps to Reproduce1. Open https://docs.nvidia.com/nemoclaw/latest/reference/commands.html and search the page for "settings". curl -s https://docs.nvidia.com/nemoclaw/latest/reference/commands.html \ | grep -iE "openshell settings|settings get" Zero hits. 2. Confirm the subcommand exists on the supported OpenShell: openshell settings # lists get/set/delete subcommands openshell settings get # prints the 3 settings keys 3. Read the sandbox env from a running sandbox: openshell sandbox exec -n -- env Confirm the OPENSHELL_SANDBOX / HERMES_HOME / http_proxy / CA-bundle env vars listed above. 4. Search commands.md for any mention of `10.200.0.1`, `OPENSHELL_SANDBOX`, or `HERMES_HOME`: grep -E "10\.200\.0\.1|OPENSHELL_SANDBOX|HERMES_HOME" \ ~/.nemoclaw/source/docs/reference/commands.md Zero hits.Expected Resultcommands.md (and cli-selection-guide.md where appropriate) covers: - openshell settings get/set/delete usage + the 3 known setting keys - a small "Sandbox runtime environment" subsection describing the env vars NemoClaw stamps into the sandbox (OPENSHELL_SANDBOX, HERMES_HOME, the host proxy at 10.200.0.1:3128, and the pinned CA bundle at /etc/openshell-tls/) so operators debugging in-sandbox network or TLS failures have a starting point.Actual Result Logs Suggested Fix(a) Add a "### `openshell settings get/set/delete`" subsection to commands.md inside or near the section that already references `openshell` from NemoClaw context. List the 3 known setting keys (agent_policy_proposals_enabled, ocsf_json_enabled, providers_v2_enabled) with a 1-line description each. (b) Add a "## Sandbox runtime environment" subsection (or extend the Environment Variables section at the bottom) summarising the env vars NemoClaw stamps into the sandbox: - OPENSHELL_SANDBOX=1 set inside sandbox; useful in scripts that need to detect "am I in a sandbox". - HERMES_HOME=/sandbox/.hermes Hermes config root (Hermes agent sandboxes only). - HOME=/sandbox, USER=sandbox sandbox process identity. - http_proxy / https_proxy / grpc_proxy / ALL_PROXY = http://10.200.0.1:3128 Every outbound HTTP/HTTPS/gRPC call goes through this host-side proxy. - CA-bundle env vars (CURL_CA_BUNDLE, SSL_CERT_FILE, REQUESTS_CA_BUNDLE, NODE_EXTRA_CA_CERTS, GIT_SSL_CAINFO) = /etc/openshell-tls/*.pem Pins every TLS-using binary to the OpenShell-managed CA bundle. Operators debugging "my sandbox-side curl/git/python is timing out" can then immediately see (i) the proxy hop and (ii) the CA pin.Bug Details
[NVB#6186955]