Description
-
Issue summary
Inside the sandbox, only inference.local (Gateway proxy) is reachable. All other external domains — including those explicitly whitelisted in network policy presets ( github.com, registry.npmjs.org, pypi.org, etc.) — return connection timeout (HTTP 000). This makes all policy presets (pypi, npm, github, slack, telegram, etc.)
-
Detailed description
Verify that whitelisted domains defined in policy presets are accessible from inside the sandbox.
All external traffic fails. Only the inference endpoint works via Gateway proxy.
Steps to reproduce:
- nemoclaw onboard (select NVIDIA Cloud API, apply pypi + npm presets)
- nemoclaw connect
- Inside sandbox:
# This works — routed through Gateway:
curl -s https://inference.local/v1/chat/completions
-H "Content-Type: application/json"
-d '{"model":"nvidia/nemotron-3-super-120b-a12b","messages":[{"role":"user","content":"Reply with one word: PONG"}],"max_tokens":50}'
→ 200 OK, model responds
# These all fail — whitelisted but unreachable:
curl -s https://api.github.com/ → 000 (timeout)
curl -s https://registry.npmjs.org/ → 000 (timeout)
# Direct IP also fails (not DNS-only):
curl -s https://140.82.121.6/ -H "Host: api.github.com" → 000 (timeout)
- nemoclaw status
→ Shows policies: pypi, npm (presets applied, but not functional)
Root cause:
The sandbox network namespace only routes traffic through the OpenShell Gateway proxy for inference.local. Whitelisted domain traffic does not appear to be proxied or directly forwarded. The network isolation blocks all outbound traffic except the Gateway tunnel.
Related:
Log:
sandbox@lynn-newmoclaw:$ curl -s https://api.github.com/
sandbox@lynn-newmoclaw:$ # empty response, HTTP 000
sandbox@lynn-newmoclaw:~$ curl -s https://inference.local/v1/chat/completions
-H "Content-Type: application/json"
-d '{"model":"nvidia/nemotron-3-super-120b-a12b","messages":[{"role":"user","content":"Reply with one word: PONG"}],"max_tokens":50}'
{"id":"chatcmpl-ab7c0b280878225e","object":"chat.completion",...}
Environment:
- NemoClaw: v0.1.0 (main branch, commit f3430c6)
- OpenShell: 0.0.10
- Colima: 0.10.1
- Docker context: colima
- Node.js: v23.10.0, npm: 11.3.0
- macOS 26.1 (Apple M4, arm64)
- Policy presets applied: pypi, npm
- Inference: NVIDIA Cloud API (nvidia/nemotron-3-super-120b-a12b)
Description
Issue summary
Inside the sandbox, only
inference.local(Gateway proxy) is reachable. All other external domains — including those explicitly whitelisted in network policy presets ( github.com, registry.npmjs.org, pypi.org, etc.) — return connection timeout (HTTP 000). This makes all policy presets (pypi, npm, github, slack, telegram, etc.)Detailed description
Verify that whitelisted domains defined in policy presets are accessible from inside the sandbox.
All external traffic fails. Only the inference endpoint works via Gateway proxy.
Steps to reproduce:
# This works — routed through Gateway:
curl -s https://inference.local/v1/chat/completions
-H "Content-Type: application/json"
-d '{"model":"nvidia/nemotron-3-super-120b-a12b","messages":[{"role":"user","content":"Reply with one word: PONG"}],"max_tokens":50}'
→ 200 OK, model responds
# These all fail — whitelisted but unreachable:
curl -s https://api.github.com/ → 000 (timeout)
curl -s https://registry.npmjs.org/ → 000 (timeout)
# Direct IP also fails (not DNS-only):
curl -s https://140.82.121.6/ -H "Host: api.github.com" → 000 (timeout)
→ Shows policies: pypi, npm (presets applied, but not functional)
Root cause:
The sandbox network namespace only routes traffic through the OpenShell Gateway proxy for
inference.local. Whitelisted domain traffic does not appear to be proxied or directly forwarded. The network isolation blocks all outbound traffic except the Gateway tunnel.Related:
Log:
sandbox@lynn-newmoclaw:
$ curl -s https://api.github.com/$ # empty response, HTTP 000sandbox@lynn-newmoclaw:
sandbox@lynn-newmoclaw:~$ curl -s https://inference.local/v1/chat/completions
-H "Content-Type: application/json"
-d '{"model":"nvidia/nemotron-3-super-120b-a12b","messages":[{"role":"user","content":"Reply with one word: PONG"}],"max_tokens":50}'
{"id":"chatcmpl-ab7c0b280878225e","object":"chat.completion",...}
Environment: