NemoClaw 0.0.73 is out! #6231
cv
announced in
Announcements
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
NemoClaw v0.0.73 tightens the line between endpoint validation and runtime use. DNS-backed HTTPS endpoints now fail closed when peer pinning cannot survive the OpenShell boundary, while ordinary Linux GPU onboarding takes the native OpenShell route and retains a hardened compatibility fallback for WSL and Jetson.
Day-two workflows are more resilient. Pre-upgrade backup can explicitly skip unreachable sandboxes for validated restore, terminal runtimes reject unsupported messaging policies before disclosure, and LangChain Deep Agents Code keeps
inference.localon its managed proxy across interactive, login-shell, direct-exec, and connect-probe paths.The release also makes setup and shipping easier to audit. Documentation adds an agent-first installation prompt and practical recovery references, while maintainer workflow now requires docs-before-tag and an exact-SHA E2E evidence ledger before confirmation.
Endpoint and runtime security
GPU onboarding and upgrade recovery
NEMOCLAW_SKIP_UNREACHABLE_SANDBOX_BACKUP=1for running sandboxes whose in-sandbox SSH endpoint cannot answer. This lets installer-driven upgrades continue and recover from the latest validated backup instead of looping forever, while keeping the potentially lossy skip explicit.Deep Agents Code and agent boundaries
policy-addaligned with the existing agent-awarechannels addboundary.inference.localthrough OpenShell's managed proxy. Root-owned proxy inputs, normalized proxy variables, cleared inheritedALL_PROXYstate, stricter route probes, and expanded secret-pattern parity keep login-shell, direct-exec, and connect flows working without persisting credential-bearing proxy state. Existing Deep Agents Code sandboxes should be rebuilt to receive the corrected image scripts.Documentation and agent-first setup
Release confidence
Thank you
Thank you to external contributor @1PoPTRoN for the original DNS-rebinding analysis and implementation work in #4685, whose focused safety outcome was replayed in #6139 for this release.
Beta Was this translation helpful? Give feedback.
All reactions