docs: prepare 0.0.36 release docs

[miyoungc]

Summary

• Bump docs metadata to 0.0.36 and refresh generated NemoClaw user skills.
• Document Model Router onboarding, validation retries, Ollama tool checks, Hermes policy behavior, and deployment verification updates.
• Remove suppressed experimental command references from public docs per docs/.docs-skip.

Source summary

• feat(router): add model router integration with complexity-based routing #2202 -> docs/get-started/quickstart.md, docs/inference/inference-options.md, docs/reference/architecture.md: Document Model Router setup and routed inference architecture.
• fix(health): add verifyDeployment() and fix false 'Health Offline' on 401 #3128 -> docs/get-started/quickstart.md, docs/reference/commands.md: Document deployment verification and HTTP 401 health handling.
• fix(onboard): retry inference validation on transient upstream failures #3104 -> docs/inference/inference-options.md: Document retry behavior for transient provider validation failures.
• refactor: add agent-scoped model setup registry #3121 -> docs/reference/architecture.md: Document agent-scoped model/provider compatibility manifests.
• fix: support reasoning models in the OpenClaw harness #3046 -> docs/reference/architecture.md: Tie model-specific compatibility setup to known model/provider behavior.
• feat(onboard): warn on Ollama models without tools capability (#2667) #3097 -> docs/inference/use-local-inference.md: Document Ollama tool-calling capability validation.
• fix(cli): use NEMOCLAW_SANDBOX_NAME as interactive prompt default #3082 -> docs/reference/commands.md: Document NEMOCLAW_SANDBOX_NAME as the interactive sandbox-name default.
• f586cc5, 3442adf -> docs/get-started/quickstart-hermes.md, docs/reference/network-policies.md: Document Hermes agent-specific baseline policy endpoints.

Test plan

• python3 scripts/docs-to-skills.py docs/ .agents/skills/ --prefix nemoclaw-user
• make docs
• npm run build:cli
• rg skip-term scan for docs/ and generated user skills

Made with Cursor

Summary by CodeRabbit

• New Features

  • Model Router provider for complexity-based routed inference.
  • Ollama/local inference onboarding now validates tool-calling capability.
  • Added local-inference network policy preset.

• Documentation

  • New integration policy examples (Outlook, Telegram, Slack, Discord, GitHub, Jira, etc.).
  • Clarified config immutability workflow and sandbox writable paths.
  • Hermes baseline network policy documented.

• Improvements

  • Health checks treat device-auth responses as live; transient validation retries.
  • Installer performs pre-install reachability checks; CLI onboarding gained a --fresh option.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 7e215c78-cbf2-4320-a817-6e9326323795

📥 Commits

Reviewing files that changed from the base of the PR and between bb5aa44 and 5bbcbe8.

📒 Files selected for processing (2)

• .agents/skills/nemoclaw-user-get-started/SKILL.md
• docs/get-started/quickstart.md

✅ Files skipped from review due to trivial changes (1)

• .agents/skills/nemoclaw-user-get-started/SKILL.md

🚧 Files skipped from review as they are similar to previous changes (1)

• docs/get-started/quickstart.md

---

📝 Walkthrough

Walkthrough

Documentation updates for NemoClaw v0.0.36 introduce the "Model Router" inference provider option, replace the nemoclaw shields up command with an explicit config immutability workflow (root-owned/read-only), add Ollama tool-calling validation during onboarding, add comprehensive integration policy examples and a local-inference preset, update architecture/overview/quickstart content to include routed inference behavior, and bump docs versioning. All changes are documentation-only.

Changes

Model Router Feature & Config Immutability Workflow

Layer / File(s)	Summary
Feature Documentation .agents/skills/nemoclaw-user-configure-inference/references/inference-options.md, docs/inference/inference-options.md	Adds "Model Router" provider entry and new section: host-side router on port 4000, routed profile, nvidia-router registration with OpenShell, router pool config location, default NVIDIA Nemotron routing behavior, scripted NEMOCLAW_PROVIDER=routed setup, and transient upstream validation retries.
Onboarding Integration .agents/skills/nemoclaw-user-get-started/SKILL.md, docs/get-started/quickstart.md	Adds Model Router as an onboarding option with required NVIDIA_API_KEY, guidance on router behavior, non-interactive example, and pre-summary gateway/dashboard reachability checks.
Config Immutability .agents/skills/nemoclaw-user-configure-inference/references/set-up-sub-agent.md, docs/inference/set-up-sub-agent.md, .agents/skills/nemoclaw-user-configure-security/references/best-practices.md, docs/security/best-practices.md	Replaces shields up wording with explicit immutability workflow: .config-hash is a startup-enforced trust anchor only when openclaw.json is root-owned and read-only; documents DAC defaults, SHA256 integrity-hash enforcement modes, gateway token exposure, and recommendations for sensitive vs development workloads.
Local Inference Validation .agents/skills/nemoclaw-user-configure-inference/SKILL.md, docs/inference/use-local-inference.md	Adds onboarding guard that halts Ollama setup if selected Ollama model lacks tools capability (per ollama show <model>), instructing selection of a tool-calling-capable model.
Network Policy & Integration Examples .agents/skills/nemoclaw-user-manage-policy/SKILL.md, .agents/skills/nemoclaw-user-manage-policy/references/integration-policy-examples.md, docs/reference/network-policies.md	Adds local-inference preset for host gateway access to Ollama/vLLM; new comprehensive integration policy examples doc with presets and step-by-step commands for Outlook, Telegram, Slack, Discord, GitHub, Jira, Brave Search, package/model tooling, local inference, and policy inspection/replacement via OpenShell.
Architecture & Feature References .agents/skills/nemoclaw-user-reference/references/architecture.md, docs/reference/architecture.md, .agents/skills/nemoclaw-user-overview/references/how-it-works.md, docs/about/how-it-works.md, .agents/skills/nemoclaw-user-overview/references/overview.md, docs/about/overview.md	Updates diagrams and text to include Model Router in inference provider labels; documents that inference.local routes to a host-side router selecting from a configured NVIDIA model pool; expands "Routed inference" capability list.
Filesystem & Security Documentation .agents/skills/nemoclaw-user-deploy-remote/references/sandbox-hardening.md, docs/deployment/sandbox-hardening.md, .agents/skills/nemoclaw-user-overview/references/ecosystem.md, docs/about/ecosystem.md	Clarifies filesystem layout: /sandbox/.openclaw explicitly writable for agent config/state/workspace/plugins; removes prior "shields up" lockability mentions and points to the new immutability workflow.
CLI & Hermes Policy Documentation .agents/skills/nemoclaw-user-reference/references/commands.md, docs/reference/commands.md, .agents/skills/nemoclaw-user-reference/references/network-policies.md, .agents/skills/nemoclaw-user-get-started/references/quickstart-hermes.md, docs/get-started/quickstart-hermes.md	Adds --fresh flag to nemoclaw onboard; clarifies NEMOCLAW_SANDBOX_NAME behavior in interactive vs non-interactive modes; treats HTTP 401 (device-auth) as a live gateway/dashboard signal; documents Hermes agent-specific baseline policy location.
Troubleshooting & Messaging Updates .agents/skills/nemoclaw-user-reference/references/troubleshooting.md, docs/reference/troubleshooting.md, .agents/skills/nemoclaw-user-manage-sandboxes/references/messaging-channels.md	Enhances openclaw config set URL validation guidance: rejects loopback/private/reserved hosts, requires DNS resolution, pins HTTP URLs to validated IPs to mitigate DNS rebinding; changes credential-rotation guidance to use credential-management commands; messaging troubleshooting now points to matching policy presets or integration examples.
Version & Metadata docs/project.json, docs/versions1.json	Bumps docs package to 0.0.36 and inserts 0.0.36 entry (preferred) into docs/versions1.json.

Sequence Diagram(s)

sequenceDiagram
    participant Sandbox as Sandbox (in-sandbox)
    participant OpenShell as OpenShell Gateway
    participant Router as Host Model Router
    participant NVIDIA as NVIDIA Endpoint

    Sandbox->>OpenShell: HTTPS POST https://inference.local/v1 (inference request)
    OpenShell->>Router: Forward routed request (if provider = Model Router)
    Router->>NVIDIA: Select model from pool -> call NVIDIA endpoint (uses host-held creds)
    NVIDIA-->>Router: Inference response
    Router-->>OpenShell: Response proxied back
    OpenShell-->>Sandbox: Return inference result

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• NVIDIA/NemoClaw#3003: Prior documentation-only updates touching onboarding/inference skill files and version manifests; strongly related to these onboarding/inference/router docs changes.

Poem

🐰 A router hops through the meadow of models,
Choosing the finest with stateful care,
Configs locked when root-owned, reads held tight,
Gateway guards whisper secrets with care,
Docs bloom, versioned — 0.0.36 takes flight!

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'docs: prepare 0.0.36 release docs' clearly and concisely summarizes the main objective of the changeset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch docs/release-prep-0.0.36

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (2)

docs/inference/set-up-sub-agent.md (1)

79-79: ⚡ Quick win

Consider splitting this sentence for readability.

Line 79 combines two independent clauses with a semicolon, making it harder to parse. Breaking it into two sentences would improve clarity and align with the one-sentence-per-line guideline that makes diffs more readable.

Suggested revision:

-In the default mutable state, this keeps the local hash consistent but does not make it tamper-proof; lock the config root-owned and read-only afterward if the sandbox should enforce config integrity at startup.
+In the default mutable state, this keeps the local hash consistent but does not make it tamper-proof.
+Lock the config root-owned and read-only afterward if the sandbox should enforce config integrity at startup.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/inference/set-up-sub-agent.md` at line 79, The sentence beginning "In
the default mutable state, this keeps the local hash consistent but does not
make it tamper-proof; lock the config root-owned and read-only afterward if the
sandbox should enforce config integrity at startup." should be split into two
clearer sentences: end the first after "tamper‑proof." and start a second
instructing to "lock the config root-owned and read-only afterward if the
sandbox should enforce config integrity at startup." Update the document text
accordingly to improve readability and align with the one-sentence-per-line
guideline.

docs/reference/commands.md (1)

237-237: 💤 Low value

Consider US spelling: "honored" instead of "honoured".

Line 237 uses British spelling "honoured." Technical documentation typically uses US English spelling for consistency.

-When prompting is impossible (no TTY or `--non-interactive`), the env var is also honoured so existing CI scripts keep working.
+When prompting is impossible (no TTY or `--non-interactive`), the env var is also honored so existing CI scripts keep working.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/reference/commands.md` at line 237, Change the British spelling
"honoured" to US spelling "honored" in the sentence "When prompting is
impossible (no TTY or `--non-interactive`), the env var is also honoured so
existing CI scripts keep working." so it reads "…the env var is also honored…".

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docs/about/ecosystem.md`:
- Line 89: The table cell under "Filesystem policy" contains three sentences on
one line; split them so each sentence is on its own source line to follow "one
sentence per line" guideline—edit the table row containing "Filesystem policy"
(the cell mentioning "The community sandbox bundles a policy for OpenClaw.
NemoClaw defines a targeted read-only and read-write layout. System paths...")
and break the sentences into separate lines (either by inserting <br/> tags
where appropriate or reformatting the cell so each sentence is a separate line)
while preserving the same content and meaning.

In `@docs/get-started/quickstart.md`:
- Around line 209-234: The Model Router dropdown block has mismatched MyST
directive fences: it opens with four-colon fences (::::) but closes with three
(:::); update the closing fence to match the opening (use ::::: or change the
opening to :::) so the Option 8 "Model Router" dropdown block uses consistent
fence markers (refer to the "Option 8: Model Router" dropdown and the
surrounding opening '::::' and closing ':::' markers) to restore proper MyST
parsing/rendering.

In `@docs/reference/troubleshooting.md`:
- Line 673: The paragraph starting with "Host-side `config set` validates any
HTTP or HTTPS URLs..." in docs/reference/troubleshooting.md contains multiple
sentences on one line; split that single line into four separate lines so each
sentence is on its own line: 1) "Host-side `config set` validates any HTTP or
HTTPS URLs in the new value, including URLs nested inside JSON objects or
arrays." 2) "NemoClaw rejects loopback, private, reserved, and internal hosts;
DNS names must resolve successfully and must not resolve to private/internal
addresses." 3) "HTTP URLs are written with the validated IP address pinned to
reduce DNS-rebinding risk." 4) "Avoid putting credentials in config values;
rotate provider credentials with the credential-management commands instead."
Ensure the surrounding paragraph structure is preserved.

---

Nitpick comments:
In `@docs/inference/set-up-sub-agent.md`:
- Line 79: The sentence beginning "In the default mutable state, this keeps the
local hash consistent but does not make it tamper-proof; lock the config
root-owned and read-only afterward if the sandbox should enforce config
integrity at startup." should be split into two clearer sentences: end the first
after "tamper‑proof." and start a second instructing to "lock the config
root-owned and read-only afterward if the sandbox should enforce config
integrity at startup." Update the document text accordingly to improve
readability and align with the one-sentence-per-line guideline.

In `@docs/reference/commands.md`:
- Line 237: Change the British spelling "honoured" to US spelling "honored" in
the sentence "When prompting is impossible (no TTY or `--non-interactive`), the
env var is also honoured so existing CI scripts keep working." so it reads "…the
env var is also honored…".

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 1dfc8914-2e6a-4a28-b794-12d4fd26e691

📥 Commits

Reviewing files that changed from the base of the PR and between a851df8 and bb5aa44.

📒 Files selected for processing (33)

• .agents/skills/nemoclaw-user-configure-inference/SKILL.md
• .agents/skills/nemoclaw-user-configure-inference/references/inference-options.md
• .agents/skills/nemoclaw-user-configure-inference/references/set-up-sub-agent.md
• .agents/skills/nemoclaw-user-configure-security/references/best-practices.md
• .agents/skills/nemoclaw-user-deploy-remote/references/sandbox-hardening.md
• .agents/skills/nemoclaw-user-get-started/SKILL.md
• .agents/skills/nemoclaw-user-get-started/references/quickstart-hermes.md
• .agents/skills/nemoclaw-user-manage-policy/SKILL.md
• .agents/skills/nemoclaw-user-manage-policy/references/integration-policy-examples.md
• .agents/skills/nemoclaw-user-manage-sandboxes/references/messaging-channels.md
• .agents/skills/nemoclaw-user-overview/references/ecosystem.md
• .agents/skills/nemoclaw-user-overview/references/how-it-works.md
• .agents/skills/nemoclaw-user-overview/references/overview.md
• .agents/skills/nemoclaw-user-reference/references/architecture.md
• .agents/skills/nemoclaw-user-reference/references/commands.md
• .agents/skills/nemoclaw-user-reference/references/network-policies.md
• .agents/skills/nemoclaw-user-reference/references/troubleshooting.md
• docs/about/ecosystem.md
• docs/about/how-it-works.md
• docs/about/overview.md
• docs/deployment/sandbox-hardening.md
• docs/get-started/quickstart-hermes.md
• docs/get-started/quickstart.md
• docs/inference/inference-options.md
• docs/inference/set-up-sub-agent.md
• docs/inference/use-local-inference.md
• docs/project.json
• docs/reference/architecture.md
• docs/reference/commands.md
• docs/reference/network-policies.md
• docs/reference/troubleshooting.md
• docs/security/best-practices.md
• docs/versions1.json