Approve network requests
NemoClaw runs with a strict-by-default network policy. When the agent attempts to reach a host that is not listed in the sandbox policy, OpenShell intercepts the connection and surfaces it in the terminal UI (TUI) for operator review. You decide whether to allow or block the request.Prerequisites
- A running NemoClaw sandbox.
- The OpenShell CLI on your
PATH. tmuxif you plan to run the guided walkthrough.
Open the TUI
Start the OpenShell terminal UI from the host machine:- Sandbox state and inference provider
- A live feed of network activity from inside the sandbox
- Blocked egress requests that are awaiting your decision
How a blocked request appears
When the agent tries to reach an unlisted host, OpenShell blocks the connection immediately and logs the attempt. The TUI shows the blocked request with the following details:- Host and port of the destination (for example,
registry.pypi.org:443) - Binary that initiated the request (for example,
/usr/bin/python3) - HTTP method and path, if available
Approve or deny the request
The TUI presents an approval prompt for each blocked request:- Select Approve to allow the connection. The endpoint is added to the running policy for the current session.
- Select Deny to keep the endpoint blocked. The request fails and the agent receives a connection error.
Approved endpoints remain in the running policy until the sandbox stops. They are not written back to the baseline policy file. To make an approval permanent, add the endpoint to
nemoclaw-blueprint/policies/openclaw-sandbox.yaml and re-run nemoclaw onboard.Session vs persistent approvals
| Approval type | How to apply | Persists after restart? |
|---|---|---|
| Session | Approve in the TUI | No — resets when sandbox stops |
| Dynamic | openshell policy set <policy-file> | No — resets when sandbox stops |
| Persistent | Edit openclaw-sandbox.yaml, re-run nemoclaw onboard | Yes |
Run the guided walkthrough
To observe the full approval flow in a controlled session, run the walkthrough script:tmux session with the TUI on the left and the agent on the right. The walkthrough triggers a blocked request, then waits for you to approve it in the TUI.
The walkthrough requires
tmux and the NVIDIA_API_KEY environment variable to be set.Baseline policy
The following endpoint groups are allowed by default and will not trigger approval prompts:| Policy | Endpoints | Allowed binaries |
|---|---|---|
claude_code | api.anthropic.com, statsig.anthropic.com, sentry.io | /usr/local/bin/claude |
nvidia | integrate.api.nvidia.com, inference-api.nvidia.com | claude, openclaw |
github | github.com, api.github.com | gh, git |
clawhub | clawhub.com | openclaw |
openclaw_api | openclaw.ai | openclaw |
openclaw_docs | docs.openclaw.ai | openclaw |
npm_registry | registry.npmjs.org | openclaw, npm |
telegram | api.telegram.org | Any binary |
Related topics
Customize the network policy
Add endpoints permanently to the baseline policy file.
Network policies reference
Full baseline policy reference including filesystem rules and the operator approval flow.
Monitor sandbox activity
Use the TUI and log commands to trace agent behavior.