docs: refresh v0.0.62 release docs

[miyoungc]

Summary

• Add v0.0.62 release notes from Discussion NemoClaw v0.0.62 is out! #5100 and link release highlights to the relevant docs pages.
• Document the release's GPU sandbox recreation, sandbox-side local inference verification, and Hermes dashboard port guard in the command and inference references.
• Refresh generated NemoClaw user skills for the release-prep docs set.

Source Summary

• fix(onboard): prefer CDI GPU mode over --gpus on CDI hosts #4956 -> docs/reference/commands.mdx: Document CDI-first Docker GPU recreation behavior for Linux Docker-driver sandboxes.
• fix(onboard): prove GPU sandbox local inference from the agent runtime (#4509) #5024 -> docs/inference/use-local-inference.mdx: Document sandbox-runtime verification of the inference.local local inference route.
• fix(onboard): grant Jetson Tegra device-node group so sandbox CUDA can init (#4231) #5018 -> docs/reference/commands.mdx: Document Jetson/Tegra device-node group propagation for sandbox CUDA initialization.
• fix(onboard): probe TCP ports without requiring nc #5012, fix(onboard): pre-approve gateway scope upgrades after onboard and recover #4763, fix(onboard): write fallback fingerprint when git source is unavailable (#4623) #4706, fix(onboard): suppress provider cleanup probe output #5030, fix(onboard): reject the reserved Hermes API port as the dashboard port #5015 -> docs/about/release-notes.mdx: Summarize onboarding and recovery reliability fixes, including the reserved Hermes API port guard.
• fix(sandbox): restore mutable OpenClaw config perms after raw in-sandbox doctor --fix (#4538) #5017 and feat(cli): add sandbox agents list passthrough #5043 -> docs/about/release-notes.mdx, docs/reference/commands.mdx: Summarize mutable OpenClaw config recovery and host-side agents list coverage.
• fix(hermes): surface upstream provider and clarify onboard menu #5010 and fix(whatsapp): force compact pairing QR at the real qrcode renderer (#4522) #5016 -> docs/about/release-notes.mdx: Summarize Hermes upstream metadata visibility and WhatsApp QR rendering reliability.
• docs: fix backup-all copyable example and add regression test (#4754) #5045 and prior source docs in the v0.0.62 range -> .agents/skills/: Refresh generated user-skill references from the current docs source.

Skipped

• fix(sandbox): grant /dev/pts so OpenClaw tmux-session flow can allocate a PTY (#4513) #5019 -> skipped for new prose because it touched openclaw-sandbox-permissive.yaml, which matches docs/.docs-skip. Existing source docs remain the source for generated skill synchronization.

Verification

• python3 scripts/docs-to-skills.py docs/ .agents/skills/ --prefix nemoclaw-user --doc-platform fern-mdx
• npm run docs (passes; Fern reports 0 errors and 1 hidden warning)
• Pre-commit hooks passed during commit, including docs-to-skills verification, markdown lint, gitleaks, and skills YAML tests.

Summary by CodeRabbit

• New Features

  • Added nemoclaw <name> agents list command.
  • v0.0.62 release notes added summarizing onboarding and recovery improvements.

• Bug Fixes

  • Improved GPU sandbox onboarding reliability (NVIDIA CDI path, Jetson/Tegra device handling).
  • Better local inference verification and recovery for Linux Docker-driver GPU sandboxes.
  • Quieter/earlier handling of onboarding drift and port collisions.

• Documentation

  • Expanded GPU passthrough, inference verification, writable paths (/dev/pts), port 8642 restriction, and command examples.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 78177e3e-62e7-4f43-b062-444b6558dbf3

📥 Commits

Reviewing files that changed from the base of the PR and between 6781d38 and 4ab0c04.

📒 Files selected for processing (1)

• docs/reference/commands.mdx

🚧 Files skipped from review as they are similar to previous changes (1)

• docs/reference/commands.mdx

---

📝 Walkthrough

Walkthrough

This PR adds and updates documentation across NemoClaw's agent skills and main documentation sites to describe v0.0.62 features: local inference endpoint verification on Linux Docker-driver GPU sandboxes, PTY filesystem (/dev/pts) requirements, GPU passthrough enhancements for NVIDIA CDI and Jetson/Tegra, Hermes dashboard port 8642 reservation, and a new agents list command.

Changes

v0.0.62 Release Documentation

Layer / File(s)	Summary
Local inference verification on Linux Docker-driver GPU sandboxes .agents/skills/nemoclaw-user-configure-inference/SKILL.md, docs/inference/use-local-inference.mdx	Introduces documentation describing NemoClaw's in-sandbox verification of the local inference endpoint (https://inference.local/v1/models), requiring only 2xx HTTP responses for success, and onboarding failure reporting with recovery steps before the first agent prompt.
PTY filesystem requirements .agents/skills/nemoclaw-user-configure-security/references/best-practices.md, .agents/skills/nemoclaw-user-reference/references/network-policies.md	Adds /dev/pts to writable filesystem paths and explains its necessity for PTY-based tools (tmux, script, interactive shells) and the fork failed: Permission denied failure mode when unwritable.
Commands: Hermes port & agents list .agents/skills/nemoclaw-user-reference/references/commands.md, docs/reference/commands-nemohermes.mdx, docs/reference/commands.mdx	Documents that dashboard port 8642 is reserved for the Hermes OpenAI-compatible API and rejected as a dashboard port before sandbox creation; adds the new nemoclaw <name> agents list command documented as a pass-through to openclaw agents list executed via openshell sandbox exec with in-sandbox flags forwarded.
GPU passthrough enhancements (NVIDIA CDI, Jetson/Tegra) .agents/skills/nemoclaw-user-reference/references/commands.md, docs/reference/commands-nemohermes.mdx, docs/reference/commands.mdx	Documents NVIDIA CDI spec preference for Linux Docker-driver container recreation with fallback to Docker --gpus all/NVIDIA runtime; on Jetson/Tegra, documents injecting host group IDs owning /dev/nvmap and /dev/nvhost-* so the sandbox user can initialize CUDA.
Release notes and formatting .agents/skills/nemoclaw-user-overview/references/release-notes.md, docs/about/release-notes.mdx, .agents/skills/nemoclaw-user-manage-sandboxes/references/backup-restore.md	Adds v0.0.62 release-notes sections to both agent skill and main documentation sites summarizing onboarding, failure handling, recovery, Hermes/messaging, and validation updates; includes a minor backup example command formatting change.

Sequence Diagram(s)

sequenceDiagram
  participant Onboarder
  participant SandboxRuntime
  participant InferenceEndpoint
  Onboarder->>SandboxRuntime: start sandbox
  SandboxRuntime->>InferenceEndpoint: GET https://inference.local/v1/models (from inside sandbox)
  InferenceEndpoint-->>SandboxRuntime: HTTP 2xx (success) or non-2xx (failure)
  SandboxRuntime-->>Onboarder: report endpoint + recovery steps if non-2xx

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• NVIDIA/NemoClaw#4717: Both PRs update the managed vLLM/local-inference onboarding documentation with /v1/models readiness verification and related readiness behavior.

Suggested labels

documentation

Poem

🐰 A v0.0.62 hop through the docs so neat,
From GPU CDI tricks to /dev/pts sweet,
Inference checks and Hermes port guards,
Notes and commands filed in tidy cards,
Release blooms bright—docs all complete! 🌱

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the primary change: refreshing v0.0.62 release documentation across multiple files and skill definitions.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch docs/v0.0.62-release-docs

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

🌿 Preview your docs: https://nvidia-preview-pr-5157.docs.buildwithfern.com/nemoclaw

[github-actions]

E2E Advisor Recommendation

Required E2E: None
Optional E2E: None

Workflow run

Full advisor summary

E2E Recommendation Advisor

Base: origin/main
Head: HEAD
Confidence: high

Required E2E

• None. No E2E is recommended. This is a docs/agent-skill reference-only PR: it changes Markdown/MDX guidance and release notes, not runtime code, installer/onboarding logic, sandbox lifecycle implementation, credentials handling, policy assets, inference routing, deployment code, or existing E2E tests. Existing E2E jobs would not provide meaningful additional signal beyond documentation validation.

Optional E2E

• None.

New E2E recommendations

• None.

[github-actions]

E2E Scenario Advisor Recommendation

Required scenario E2E: None
Optional scenario E2E: None

Workflow run

Full scenario advisor summary

E2E Scenario Advisor

Base: origin/main
Head: HEAD
Confidence: high

Required scenario E2E

• None. Docs and agent skill reference changes only; no changes under test/e2e-scenario/, the Vitest scenario workflow, scenario registry/runtime support, fixtures, manifests, or other scenario E2E runtime surfaces.

Optional scenario E2E

• None.

Relevant changed files

• None.

[github-actions]

PR Review Advisor

Findings: 1 needs attention, 3 worth checking, 0 nice ideas
Since last review: 0 prior items resolved, 2 still apply, 0 new items found

Review findings

🛠️ Needs attention

• Local inference docs say only 2xx succeeds, but the verifier accepts any HTTP response (docs/inference/use-local-inference.mdx:216): The new sandbox-runtime inference verification prose says NemoClaw treats only a 2xx response as success because the route includes the proxy authentication rewrite. The current verifier and recovery probe instead treat any parsed HTTP status greater than 0, including 401, as a working route because reaching the auth wall proves DNS/proxy routing. This makes the documented validation contract stronger than the implementation and can lead operators to believe the probe proves authenticated model access when it may only prove the route/auth wall is reachable.
  • Recommendation: Either change the docs and generated inference skill to match the current contract, for example that any HTTP response proves the route/auth chain is reachable while 000 means DNS/proxy failure, or update the implementation and tests to enforce the documented 2xx-only semantics.
  • Evidence: Changed docs add: `It treats only a 2xx response as success`. `src/lib/verify-deployment.ts:214-225` returns working for `code > 0`; `src/lib/actions/sandbox/process-recovery.ts:249-260` returns `ok: true` for `status > 0`; `src/lib/actions/sandbox/process-recovery.test.ts:25-30` explicitly verifies 401 is routing-OK. The generated skill repeats the same wording in `.agents/skills/nemoclaw-user-configure-inference/SKILL.md`.

🔎 Worth checking

• Source-of-truth review needed: Local inference sandbox-runtime `inference.local` verification docs: The advisor marked localized patch analysis as needs_followup.
  • Recommendation: Identify the invalid state, source boundary, source-fix constraint, regression test, and removal condition before merging the localized behavior.
  • Evidence: `docs/inference/use-local-inference.mdx` and `.agents/skills/nemoclaw-user-configure-inference/SKILL.md` say only 2xx succeeds, while source accepts any status greater than 0 and tests explicitly mark 401 as OK.
• Source-of-truth review needed: Generated network-policy and security best-practices writable filesystem docs: The advisor marked localized patch analysis as needs_followup.
  • Recommendation: Identify the invalid state, source boundary, source-fix constraint, regression test, and removal condition before merging the localized behavior.
  • Evidence: OpenClaw policy includes `/dev/pts`; Hermes policy lists `/sandbox`, `/tmp`, `/dev/null`, and `/sandbox/.hermes` but not `/dev/pts`. Changed generated docs list `/dev/pts` without Hermes scoping.
• Generated policy docs still overstate Hermes writable filesystem grants (.agents/skills/nemoclaw-user-reference/references/network-policies.md:19): The generated network-policy skill lists `/dev/pts` in the baseline read-write filesystem table immediately after noting Hermes uses `agents/hermes/policy-additions.yaml`. The OpenClaw policy grants `/dev/pts`, but the Hermes policy currently does not. The generated security best-practices skill similarly says the agent has read-write access to `/dev/pts` without scoping that statement to OpenClaw. Because this is operator-facing sandbox-boundary documentation, Hermes users can misunderstand whether PTY write access exists or relax policy incorrectly while troubleshooting.
  • Recommendation: Scope the `/dev/pts` baseline wording/table explicitly to the OpenClaw baseline and add a Hermes-specific exception, or intentionally add `/dev/pts` to the Hermes policy if that is the desired runtime grant. Then regenerate the skills from the corrected source docs.
  • Evidence: Changed generated skill lists `| /sandbox, /tmp, /dev/null, /dev/pts | Read-write |`. `nemoclaw-blueprint/policies/openclaw-sandbox.yaml` includes `/dev/pts`; `agents/hermes/policy-additions.yaml` lists `/sandbox`, `/tmp`, `/dev/null`, and `/sandbox/.hermes` but not `/dev/pts`. `docs/reference/network-policies.mdx` and `docs/security/best-practices.mdx` also use unscoped `/dev/pts` wording.

🌱 Nice ideas

• None.

Consider writing more tests for

• **Runtime validation** — Add or update a behavior test so `verifyDeployment` and `probeSandboxInferenceGatewayHealth` reject 401/403 if the documented 2xx-only local-inference route contract is intended.. The PR is docs/generated-skills only, but two docs claims describe runtime/security boundaries and currently disagree with source-of-truth code or policy YAML.
• **Runtime validation** — If any HTTP response remains the intended local-inference route contract, add a docs validation or fixture that prevents this probe from being documented as 2xx-only.. The PR is docs/generated-skills only, but two docs claims describe runtime/security boundaries and currently disagree with source-of-truth code or policy YAML.
• **Runtime validation** — Add a docs/source validation that compares documented writable filesystem paths for OpenClaw and Hermes against their policy YAML files, including `/dev/pts`.. The PR is docs/generated-skills only, but two docs claims describe runtime/security boundaries and currently disagree with source-of-truth code or policy YAML.
• **Acceptance clause:** Add v0.0.62 release notes from Discussion NemoClaw v0.0.62 is out! #5100 and link release highlights to the relevant docs pages. — add test evidence or identify existing coverage. `docs/about/release-notes.mdx` and `.agents/skills/nemoclaw-user-overview/references/release-notes.md` add a v0.0.62 section with links or generated skill references. Discussion NemoClaw v0.0.62 is out! #5100 contents were not present in deterministic context, so literal fidelity could not be verified.
• **Acceptance clause:** Document the release's GPU sandbox recreation, sandbox-side local inference verification, and Hermes dashboard port guard in the command and inference references. — add test evidence or identify existing coverage. GPU recreation and Hermes port guard are documented in `docs/reference/commands.mdx` and `docs/reference/commands-nemohermes.mdx`, with nearby source/test evidence for CDI preference, Jetson/Tegra group propagation, and Hermes port 8642 rejection. The local-inference verification prose is present, but its 2xx-only success statement conflicts with existing verifier behavior that treats any HTTP response as route success.
• **Acceptance clause:** Refresh generated NemoClaw user skills for the release-prep docs set. — add test evidence or identify existing coverage. Generated `.agents/skills/` files are updated alongside source docs, but generated network-policy/security skills still carry the unscoped Hermes `/dev/pts` filesystem-policy mismatch.
• **Acceptance clause:** fix(onboard): prove GPU sandbox local inference from the agent runtime (#4509) #5024 -> `docs/inference/use-local-inference.mdx`: Document sandbox-runtime verification of the `inference.local` local inference route. — add test evidence or identify existing coverage. `docs/inference/use-local-inference.mdx` and the generated inference skill document the sandbox-runtime route probe, but the documented 2xx-only success semantics do not match `verifyDeployment` / process-recovery source and tests.
• **Acceptance clause:** fix(onboard): probe TCP ports without requiring nc #5012, fix(onboard): pre-approve gateway scope upgrades after onboard and recover #4763, fix(onboard): write fallback fingerprint when git source is unavailable (#4623) #4706, fix(onboard): suppress provider cleanup probe output #5030, fix(onboard): reject the reserved Hermes API port as the dashboard port #5015 -> `docs/about/release-notes.mdx`: Summarize onboarding and recovery reliability fixes, including the reserved Hermes API port guard. — add test evidence or identify existing coverage. Release notes summarize onboarding/recovery reliability fixes and the reserved Hermes API port guard. `src/lib/onboard/hermes-dashboard.test.ts` backs the reserved-port guard, but individual historical issue contents were not available for literal mapping.

Since last review details

Current findings:

• Source-of-truth review needed: Local inference sandbox-runtime `inference.local` verification docs: The advisor marked localized patch analysis as needs_followup.
  • Recommendation: Identify the invalid state, source boundary, source-fix constraint, regression test, and removal condition before merging the localized behavior.
  • Evidence: `docs/inference/use-local-inference.mdx` and `.agents/skills/nemoclaw-user-configure-inference/SKILL.md` say only 2xx succeeds, while source accepts any status greater than 0 and tests explicitly mark 401 as OK.
• Source-of-truth review needed: Generated network-policy and security best-practices writable filesystem docs: The advisor marked localized patch analysis as needs_followup.
  • Recommendation: Identify the invalid state, source boundary, source-fix constraint, regression test, and removal condition before merging the localized behavior.
  • Evidence: OpenClaw policy includes `/dev/pts`; Hermes policy lists `/sandbox`, `/tmp`, `/dev/null`, and `/sandbox/.hermes` but not `/dev/pts`. Changed generated docs list `/dev/pts` without Hermes scoping.
• Local inference docs say only 2xx succeeds, but the verifier accepts any HTTP response (docs/inference/use-local-inference.mdx:216): The new sandbox-runtime inference verification prose says NemoClaw treats only a 2xx response as success because the route includes the proxy authentication rewrite. The current verifier and recovery probe instead treat any parsed HTTP status greater than 0, including 401, as a working route because reaching the auth wall proves DNS/proxy routing. This makes the documented validation contract stronger than the implementation and can lead operators to believe the probe proves authenticated model access when it may only prove the route/auth wall is reachable.
  • Recommendation: Either change the docs and generated inference skill to match the current contract, for example that any HTTP response proves the route/auth chain is reachable while 000 means DNS/proxy failure, or update the implementation and tests to enforce the documented 2xx-only semantics.
  • Evidence: Changed docs add: `It treats only a 2xx response as success`. `src/lib/verify-deployment.ts:214-225` returns working for `code > 0`; `src/lib/actions/sandbox/process-recovery.ts:249-260` returns `ok: true` for `status > 0`; `src/lib/actions/sandbox/process-recovery.test.ts:25-30` explicitly verifies 401 is routing-OK. The generated skill repeats the same wording in `.agents/skills/nemoclaw-user-configure-inference/SKILL.md`.
• Generated policy docs still overstate Hermes writable filesystem grants (.agents/skills/nemoclaw-user-reference/references/network-policies.md:19): The generated network-policy skill lists `/dev/pts` in the baseline read-write filesystem table immediately after noting Hermes uses `agents/hermes/policy-additions.yaml`. The OpenClaw policy grants `/dev/pts`, but the Hermes policy currently does not. The generated security best-practices skill similarly says the agent has read-write access to `/dev/pts` without scoping that statement to OpenClaw. Because this is operator-facing sandbox-boundary documentation, Hermes users can misunderstand whether PTY write access exists or relax policy incorrectly while troubleshooting.
  • Recommendation: Scope the `/dev/pts` baseline wording/table explicitly to the OpenClaw baseline and add a Hermes-specific exception, or intentionally add `/dev/pts` to the Hermes policy if that is the desired runtime grant. Then regenerate the skills from the corrected source docs.
  • Evidence: Changed generated skill lists `| /sandbox, /tmp, /dev/null, /dev/pts | Read-write |`. `nemoclaw-blueprint/policies/openclaw-sandbox.yaml` includes `/dev/pts`; `agents/hermes/policy-additions.yaml` lists `/sandbox`, `/tmp`, `/dev/null`, and `/sandbox/.hermes` but not `/dev/pts`. `docs/reference/network-policies.mdx` and `docs/security/best-practices.mdx` also use unscoped `/dev/pts` wording.

Workflow run details

This is an automated advisory review. A human maintainer must make the final merge decision.

[coderabbitai]

Actionable comments posted: 3

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

.agents/skills/nemoclaw-user-reference/references/network-policies.md (1)

15-24: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Autogenerated skill file should not be edited directly.

Per coding guidelines, files matching .agents/skills/nemoclaw-user-*/*.md are autogenerated and must never be edited directly. These changes should originate from the source docs (e.g., docs/) and be regenerated via scripts/docs-to-skills.py.

Verify that the corresponding source documentation has been updated with the /dev/pts filesystem changes, then regenerate the skills rather than manually editing this file.

Based on coding guidelines: "Autogenerated user skills under .agents/skills/nemoclaw-user-*/*.md must never be edited directly"

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.agents/skills/nemoclaw-user-reference/references/network-policies.md around
lines 15 - 24, This autogenerated markdown under the nemoclaw-user skill was
edited directly; instead, update the canonical source docs that feed the skill
generator (e.g., the docs/ entry that documents the filesystem table and the
/dev/pts change), then run the regeneration script scripts/docs-to-skills.py so
the change appears in the generated .agents/skills/nemoclaw-user-*/*.md files;
do not commit manual edits to the generated file itself.

Source: Coding guidelines

.agents/skills/nemoclaw-user-reference/references/commands.md (1)

1-1: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Add the required SPDX license header at the top of this Markdown file.

This file is missing the required SPDX copyright and license header.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.agents/skills/nemoclaw-user-reference/references/commands.md at line 1, Add
the required SPDX header at the very top of this Markdown file above the "#
NemoClaw CLI Commands Reference" title by inserting an SPDX header line
containing the copyright holder and the license identifier (e.g., include an
SPDX-FileCopyrightText entry and an SPDX-License-Identifier line) so the file
complies with the project's licensing headers.

Source: Coding guidelines

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In
@.agents/skills/nemoclaw-user-configure-security/references/best-practices.md:
- Around line 237-244: The change modifies an autogenerated skill file
(.agents/skills/nemoclaw-user-configure-security/references/best-practices.md)
which must not be edited directly; instead, update the canonical docs under
docs/ to include the /dev/pts content (or revert your manual edit), then
regenerate the skill YAML/MD using scripts/docs-to-skills.py so the change is
produced automatically; finally replace the manual edit with the regenerated
output and commit that—do not keep direct edits to files matching
.agents/skills/nemoclaw-user-*/*.md.

In `@docs/about/release-notes.mdx`:
- Around line 20-24: The release-notes bullets in docs/about/release-notes.mdx
each contain two sentences on one line; split each bullet so the leading summary
sentence (e.g., the line starting "GPU sandbox creation and local inference
checks now match the runtime paths agents use.", "Onboarding and recovery fail
earlier and stay quieter on common host drift.", "Sandbox state and OpenClaw
operations recover better after direct in-sandbox changes.", "Hermes and
messaging setup expose clearer operator state.", and "Release validation and
maintainability improved with typed E2E scenario fixtures, registry-driven
scenario fan-out, post-reboot recovery guards, latency retry handling, and
aligned CI/test sharding.") is on its own line, and move the explanatory
sentence that follows each summary onto the next line so each bullet uses one
sentence per line for improved diff readability.

In `@docs/inference/use-local-inference.mdx`:
- Around line 214-216: Update the paragraph describing the runtime verification
to state it is conditional: clarify that the onboard runtime probe of
https://inference.local/v1/models is performed when the sandbox runtime has
probe tooling (e.g., curl) available, but onboarding will soft-skip the probe
and continue for minimal images that lack curl (reported as
probe-tool-unavailable) rather than failing; keep the note that only a 2xx
response is treated as success and that, if the probe runs and fails, onboarding
will report the endpoint and recovery steps before the first agent prompt.

---

Outside diff comments:
In @.agents/skills/nemoclaw-user-reference/references/commands.md:
- Line 1: Add the required SPDX header at the very top of this Markdown file
above the "# NemoClaw CLI Commands Reference" title by inserting an SPDX header
line containing the copyright holder and the license identifier (e.g., include
an SPDX-FileCopyrightText entry and an SPDX-License-Identifier line) so the file
complies with the project's licensing headers.

In @.agents/skills/nemoclaw-user-reference/references/network-policies.md:
- Around line 15-24: This autogenerated markdown under the nemoclaw-user skill
was edited directly; instead, update the canonical source docs that feed the
skill generator (e.g., the docs/ entry that documents the filesystem table and
the /dev/pts change), then run the regeneration script scripts/docs-to-skills.py
so the change appears in the generated .agents/skills/nemoclaw-user-*/*.md
files; do not commit manual edits to the generated file itself.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: c48935b9-24ec-4e32-8770-b9b94043f944

📥 Commits

Reviewing files that changed from the base of the PR and between 5f60ed6 and a74305e.

📒 Files selected for processing (10)

• .agents/skills/nemoclaw-user-configure-inference/SKILL.md
• .agents/skills/nemoclaw-user-configure-security/references/best-practices.md
• .agents/skills/nemoclaw-user-manage-sandboxes/references/backup-restore.md
• .agents/skills/nemoclaw-user-overview/references/release-notes.md
• .agents/skills/nemoclaw-user-reference/references/commands.md
• .agents/skills/nemoclaw-user-reference/references/network-policies.md
• docs/about/release-notes.mdx
• docs/inference/use-local-inference.mdx
• docs/reference/commands-nemohermes.mdx
• docs/reference/commands.mdx

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Autogenerated skill file should not be edited directly.

Per coding guidelines, files matching .agents/skills/nemoclaw-user-*/*.md are autogenerated and must never be edited directly. The PR objectives mention "Refresh generated NemoClaw user skills from the current docs source" — these changes should originate from the source docs (e.g., docs/) and be regenerated via scripts/docs-to-skills.py, not manually applied to the skill file.

If the source docs have been updated with the /dev/pts content, regenerate the skills. If not, update the source docs first, then regenerate.

Based on coding guidelines: "Autogenerated user skills under .agents/skills/nemoclaw-user-*/*.md must never be edited directly"

🧰 Tools

🪛 LanguageTool

[style] ~243-~243: Try using a synonym here to strengthen your writing.
Context: ...rite to log directories. Adding /home gives access to other user directories. | | R...

(GIVE_PROVIDE)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.agents/skills/nemoclaw-user-configure-security/references/best-practices.md
around lines 237 - 244, The change modifies an autogenerated skill file
(.agents/skills/nemoclaw-user-configure-security/references/best-practices.md)
which must not be edited directly; instead, update the canonical docs under
docs/ to include the /dev/pts content (or revert your manual edit), then
regenerate the skill YAML/MD using scripts/docs-to-skills.py so the change is
produced automatically; finally replace the manual edit with the regenerated
output and commit that—do not keep direct edits to files matching
.agents/skills/nemoclaw-user-*/*.md.

Source: Coding guidelines

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Clarify that the runtime probe can be skipped when curl is unavailable.

The text currently reads as unconditional verification, but onboarding can soft-skip this check for minimal images that lack curl (probe-tool-unavailable) and continue. Please make this conditional so operator expectations match behavior.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/inference/use-local-inference.mdx` around lines 214 - 216, Update the
paragraph describing the runtime verification to state it is conditional:
clarify that the onboard runtime probe of https://inference.local/v1/models is
performed when the sandbox runtime has probe tooling (e.g., curl) available, but
onboarding will soft-skip the probe and continue for minimal images that lack
curl (reported as probe-tool-unavailable) rather than failing; keep the note
that only a 2xx response is treated as success and that, if the probe runs and
fails, onboarding will report the endpoint and recovery steps before the first
agent prompt.

[prekshivyas]

Reviewed (docs accuracy + docs↔skills consistency). Refreshes the v0.0.62 release notes and documents the shipped features across the reference pages: GPU CDI + Jetson/Tegra container recreation, inference.local runtime verification, the nemoclaw <name> agents list passthrough, the Hermes port-8642 dashboard reservation, and /dev/pts becoming writable for PTY tools.

✅ Approve. Verified the load-bearing claims against the code rather than eyeballing:

• nemoclaw <name> agents list passthrough is real (public-display-agents.ts → sandbox:agents:list; the registry test names the add/delete/list trio).
• Port 8642 is the Hermes API port (gateway/forward port, regression #2078).
• /dev/pts is in the read-write baseline (agents/openclaw/policy-permissive.yaml, comment cites the tmux flow).
• Ran scripts/docs-to-skills.py locally — all five touched .agents/skills/** files match the generated output byte-for-byte, so the docs↔skills mirror is consistent. ($$nemoclaw is the expected Fern escape, stripped to nemoclaw in the skills output — correct.)

One note, not blocking: static-checks is skipping on this PR, which is the job that runs the "Verify docs-to-skills output" hook — so that consistency check isn't running in CI here. I reproduced it locally and it's clean, and docs-only-checks passed (Fern build valid), so I'm comfortable. Nice, accurate refresh.