Problem Statement
NemoClaw's normal policy presets should make common assistant tasks work out of the box through policy tier selection.
The gap: common tasks like weather and current-events lookup should work in normal balanced/open configurations, while still avoiding arbitrary world egress, direct news/article-site fetch, broad wildcard hosts, or generic binary access that increases prompt-injection and exfiltration risk.
This proposal is based on the current main agent defaults:
- OpenClaw
2026.5.22
- Hermes
v2026.5.16
Proposed Design
Do not add a new policy tier. Keep the existing normal tier model:
restricted: minimal baseline.balanced: safe common assistant defaults.open: the normal user-facing permissive posture.
Balanced: safe common defaults
Add a new built-in weather preset and include it in balanced and open.
Suggested endpoints:
api.open-meteo.comgeocoding-api.open-meteo.comapi.weather.gov
Rules and guardrails:
- Use explicit hosts only.
- Use
protocol: rest and enforcement: enforce.
- Allow GET/HEAD only.
- Do not use
access: full.
- Do not use
binaries: [{ path: "/**" }].
- Restrict binaries to the relevant agent/runtime paths.
News/current-events should remain search-first, not direct-site-first:
- OpenClaw: use the existing Brave Search path when web search is configured.
- Hermes: use the existing Nous managed
nous-web gateway path when Hermes/Nous OAuth tools are configured.
- Do not add NewsAPI, direct news outlets, Reddit/social domains, or arbitrary article fetch to balanced defaults.
Open: useful normal permissive posture
Expand the existing open tier as the OOTB-useful normal permissive posture.
For both agents, add curated public reference/data APIs that are useful for assistant work but are not arbitrary browsing:
- Wikimedia/Wikipedia API access.
- Wikidata API/data access.
- OpenStreetMap Nominatim geocoding/search access.
- REST Countries country metadata access.
- The new
weather preset from balanced.
Keep these guarded like normal presets:
- Explicit hosts.
- Prefer GET/HEAD only.
- No wildcard world egress.
- No
access: full unless a service absolutely requires it and the issue/PR documents why.
- No generic
"/**" binary access.
For Hermes open, include all Hermes Nous managed tool presets, because this is the Hermes-native way to make the agent useful while routing through managed gateways instead of opening arbitrary direct web egress:
nous-webnous-imagenous-audionous-browsernous-code
For OpenClaw open, keep capability through Brave/search plus curated direct public-data APIs. Do not add arbitrary browser/world egress as a normal default.
Credentialed/productivity/messaging services should remain explicit opt-ins through existing setup/channel selections rather than silently appearing in balanced:
- Slack, Discord, Telegram, WeChat, WhatsApp.
- Jira/Atlassian.
- Outlook/Microsoft Graph.
- Other authenticated SaaS providers.
Proposed PR Slice
I can follow this issue with a PR that does only the normal policy work:
- Add the
weather preset.
- Add curated public-data/reference presets as needed.
- Update
tiers.yaml so balanced gets weather and open gets the curated common-data defaults.
- Ensure Hermes
open includes all Hermes Nous managed tool presets.
- Add/adjust tests for tier resolution, policy validation, and agent-specific behavior.
The PR should only modify normal policy preset/tier behavior and its direct tests.
Alternatives Considered
- Add a new tier between
balanced and open: rejected. We should avoid growing the tier model for this; the existing tiers can express the desired defaults.
- Put news sites or NewsAPI in defaults: rejected. That creates new content-ingestion and prompt-injection surfaces. Search/managed-web is the better default.
- Open arbitrary web egress in
open: rejected. open should be useful, not world-open.
Acceptance Criteria
restricted remains minimal and does not gain common-data egress.balanced includes safe weather support.open includes weather, curated public reference/data APIs, and all Hermes Nous managed tool presets for Hermes.- News/current-events works through Brave/Nous web search paths, not direct news-site defaults.
- New normal presets do not use dangerous hosts,
access: full, wildcard egress, or "/**" binaries.
- Tests cover tier resolution, agent-specific Hermes/OpenClaw behavior, and config validation.
Category
enhancement: platform
Checklist
Problem Statement
NemoClaw's normal policy presets should make common assistant tasks work out of the box through policy tier selection.
The gap: common tasks like weather and current-events lookup should work in normal balanced/open configurations, while still avoiding arbitrary world egress, direct news/article-site fetch, broad wildcard hosts, or generic binary access that increases prompt-injection and exfiltration risk.
This proposal is based on the current
mainagent defaults:2026.5.22v2026.5.16Proposed Design
Do not add a new policy tier. Keep the existing normal tier model:
restricted: minimal baseline.balanced: safe common assistant defaults.open: the normal user-facing permissive posture.Balanced: safe common defaults
Add a new built-in
weatherpreset and include it inbalancedandopen.Suggested endpoints:
api.open-meteo.comgeocoding-api.open-meteo.comapi.weather.govRules and guardrails:
protocol: restandenforcement: enforce.access: full.binaries: [{ path: "/**" }].News/current-events should remain search-first, not direct-site-first:
nous-webgateway path when Hermes/Nous OAuth tools are configured.Open: useful normal permissive posture
Expand the existing
opentier as the OOTB-useful normal permissive posture.For both agents, add curated public reference/data APIs that are useful for assistant work but are not arbitrary browsing:
weatherpreset from balanced.Keep these guarded like normal presets:
access: fullunless a service absolutely requires it and the issue/PR documents why."/**"binary access.For Hermes
open, include all Hermes Nous managed tool presets, because this is the Hermes-native way to make the agent useful while routing through managed gateways instead of opening arbitrary direct web egress:nous-webnous-imagenous-audionous-browsernous-codeFor OpenClaw
open, keep capability through Brave/search plus curated direct public-data APIs. Do not add arbitrary browser/world egress as a normal default.Credentialed/productivity/messaging services should remain explicit opt-ins through existing setup/channel selections rather than silently appearing in balanced:
Proposed PR Slice
I can follow this issue with a PR that does only the normal policy work:
weatherpreset.tiers.yamlsobalancedgets weather andopengets the curated common-data defaults.openincludes all Hermes Nous managed tool presets.The PR should only modify normal policy preset/tier behavior and its direct tests.
Alternatives Considered
balancedandopen: rejected. We should avoid growing the tier model for this; the existing tiers can express the desired defaults.open: rejected.openshould be useful, not world-open.Acceptance Criteria
restrictedremains minimal and does not gain common-data egress.balancedincludes safe weather support.openincludes weather, curated public reference/data APIs, and all Hermes Nous managed tool presets for Hermes.access: full, wildcard egress, or"/**"binaries.Category
enhancement: platformChecklist