NemoClaw v0.0.62 is out!

[cv]

NemoClaw v0.0.62 is a reliability release for the parts of onboarding that have to make hard promises on real machines: GPU sandbox recreation, local inference reachability, gateway pairing, and mutable sandbox state. The release prefers Docker CDI GPU injection when CDI is available, improves Jetson device permissions, proves local GPU inference from the agent runtime instead of a misleading host-side namespace, and tightens several recovery paths that previously looked healthy until the agent actually started working.

It also smooths operator-facing workflows. Hermes sandboxes now show the upstream NemoClaw provider and model in their generated config, the onboarding provider menu is clearer, OpenClaw agent listings are available through the host CLI, WhatsApp pairing renders a compact terminal QR code again, and port probing no longer depends on nc being installed on the host.

Under the hood, this release invests heavily in maintainability and release confidence. Onboarding continues its move toward an explicit FSM shape, the live E2E scenario stack now has typed fixtures and registry-driven fan-out, post-reboot recovery has a stable host-side regression guard, and CI/test sharding was adjusted so the next round of fixes has a cleaner runway.

Shipped Changes

Onboarding, GPU, and Sandbox Reliability

• #4956 prefers CDI GPU mode over legacy --gpus all on Docker hosts that advertise an NVIDIA CDI spec. This keeps NemoClaw aligned with OpenShell's CDI device injection path and avoids supervisor reconnect failures during GPU sandbox recreation.
• #5024 proves local GPU inference from inside the actual OpenShell sandbox runtime and routes local providers through the reachable inference.local bridge path when needed. This closes the false-positive probe where docker exec could reach host loopback while the agent could not.
• #5018 adds Jetson/Tegra device-node group propagation during GPU sandbox recreation. Jetson sandboxes now get the /dev/nvmap-owning group needed for CUDA initialization, and status can report verified CUDA rather than a bare enabled state.
• #5012 makes TCP port probing fall back to a Node-based connection check when nc is unavailable. Minimal Linux and Windows hosts can now avoid misleading "port not ready" failures during onboarding.
• #4763 fixes gateway scope-upgrade auto-approval after onboard and during recover. Pending gateway approvals are cleared with the right environment and timeout budget, reducing first-run fallback loops.
• #4706 writes a stable install-version fingerprint when NemoClaw is installed without a .git directory. Release tarball and packed installs no longer reinstall the managed model router on every onboard.
• #5030 suppresses expected provider-cleanup probe noise when a fresh sandbox does not exist yet. Onboarding stays quieter while still retaining stale-provider cleanup behavior.
• #5015 rejects the reserved Hermes API port as a dashboard port before sandbox creation. This makes a security-sensitive port conflict explicit and fail-fast.
• #5017 restores NemoClaw's mutable OpenClaw config permissions after a raw in-sandbox openclaw doctor --fix. Gateway-side config persistence is protected even when users run OpenClaw commands directly inside the sandbox.
• #5019 grants /dev/pts in OpenClaw sandbox policy tiers so tmux and other PTY-allocating terminal flows can run. The E2E coverage now fails hard if PTY support regresses.

OpenClaw, Hermes, and Messaging

• #5043 adds nemoclaw <name> agents list as a host-side passthrough to the in-sandbox OpenClaw agent listing command. The host CLI now covers the add, list, and delete lifecycle for sandbox agents.
• #5010 records upstream provider and model metadata in Hermes config and clarifies the onboarding provider menu. Operators can inspect the real upstream route even when Hermes presents a proxy-style provider: custom configuration.
• #5016 forces WhatsApp terminal QR rendering through the renderer that the pairing flow actually uses. Pairing codes are compact and scan-friendly again, with E2E coverage on the rendered dimensions.

Onboarding Architecture

• #4480, #4481, #4482, #4483, #4484, #4485, #4486, #4487, #4488, #4499, and #4500 move onboarding toward explicit FSM phases and flow slices. This lowers the risk of future onboarding fixes by making phase ordering, context, and stop states easier to test.

E2E, CI, and Release Confidence

• #4965, #4966, #4967, #4968, and #4969 add the first Vitest live scenario fixture context, clients, smoke scenario, workflow, and migration deletion gates. This gives live E2E work a typed foundation instead of another one-off shell harness.
• #5002, #5003, #5004, #5005, #5006, and #5035 expand the live scenario framework with environment, onboarding, state validation, registry discovery, workflow fan-out, and readable test names. Scenario failures should now be easier to route and understand.
• #5046 and #5087 add and stabilize a post-reboot recovery scenario around host-side invariants. The guard focuses on registry and Docker container preservation so regressions are caught without depending on flaky runtime liveness on ubuntu-latest.
• #5013 makes the live agent-turn latency E2E tolerate transient provider-validation failures. Endpoint timeouts and temporary 429/5xx responses now produce bounded retries and a skip rather than hiding latency regressions behind setup noise.
• #4996 removes deprecated bash scenario entrypoints and orphan helper libraries, while #5042 refreshes the scenario docs and adds a real gateway negative-path test. The E2E stack now points maintainers at the TypeScript runner and has better failure-path coverage.
• #4982, #4991, #4994, and #5032 align main and PR Vitest gates, trust base CI actions where appropriate, expand CLI coverage to five shards, and drop duplicate self-hosted PR runs. CI should spend more time on signal and less time duplicating work.
• #4995, #4997, #5000, and #5011 split large CLI and onboarding test suites. Smaller suites make failures easier to isolate and reduce load-related timeout pressure.
• #5022 routes E2E fixture redaction through the canonical entrypoint, #5020 brings all TypeScript files under Biome coverage and formatting, and #4993 trims single-use aliases. These are maintenance changes, but they reduce drift in the code and test surface.

Docs, Skills, and Project Hygiene

• #4992 refreshes the v0.0.61 release docs and generated user-skill references. The docs and agent-facing guidance stay aligned with the prior release surface.
• #5045 fixes the backup-all copyable example and adds a regression test for copyable command fences. This keeps documentation examples pasteable and prevents prompt-prefixed shell snippets from sneaking back in.
• #4954 tightens GitHub bug-report intake. Better issue shape helps maintainers triage reproducibility, environment details, and priority more consistently.

Thank You

Thank you to external contributors @kagura-agent for the fallback install fingerprint fix in #4706, and @Thabhelo for the backup/restore documentation fix and regression test in #5045.