docs: refresh daily docs for 0.0.29

.agents/skills/nemoclaw-user-configure-inference/SKILL.md

@@ -119,22 +119,25 @@ This variable is only needed when switching between provider families.
 
 ## Step 3: Tune Model Metadata
 
-The sandbox image bakes model metadata (context window, max output tokens, and reasoning mode) into `openclaw.json` at build time.
+The sandbox image bakes model metadata (context window, max output tokens, reasoning mode, and accepted input modalities) into `openclaw.json` at build time.
 To change these values, set the corresponding environment variables before running `nemoclaw onboard` so they patch into the Dockerfile before the image builds.
 
 | Variable | Values | Default |
 |---|---|---|
 | `NEMOCLAW_CONTEXT_WINDOW` | Positive integer (tokens) | `131072` |
 | `NEMOCLAW_MAX_TOKENS` | Positive integer (tokens) | `4096` |
 | `NEMOCLAW_REASONING` | `true` or `false` | `false` |
+| `NEMOCLAW_INFERENCE_INPUTS` | `text` or `text,image` | `text` |
 | `NEMOCLAW_AGENT_TIMEOUT` | Positive integer (seconds) | `600` |
 
 Invalid values are ignored, and the default bakes into the image.
+Use `NEMOCLAW_INFERENCE_INPUTS=text,image` only for a model that accepts image input through the selected provider.
 
 ```console
 $ export NEMOCLAW_CONTEXT_WINDOW=65536
 $ export NEMOCLAW_MAX_TOKENS=8192
 $ export NEMOCLAW_REASONING=true
+$ export NEMOCLAW_INFERENCE_INPUTS=text,image
 $ export NEMOCLAW_AGENT_TIMEOUT=1800
 $ nemoclaw onboard
 ```

.agents/skills/nemoclaw-user-configure-inference/references/inference-options.md

@@ -75,7 +75,9 @@ For setup instructions, refer to Use a Local Inference Server (use the `nemoclaw
 ## Validation
 
 NemoClaw validates the selected provider and model before creating the sandbox.
-If validation fails, the wizard returns to provider selection.
+If credential validation fails, the wizard asks whether to re-enter the API key, choose a different provider, retry, or exit.
+The `nvapi-` prefix check applies only to `NVIDIA_API_KEY`.
+Other provider credentials, such as `OPENAI_API_KEY`, `ANTHROPIC_API_KEY`, `GEMINI_API_KEY`, and compatible endpoint keys, use provider-aware validation during retry.
 
 | Provider type | Validation method |
 |---|---|

.agents/skills/nemoclaw-user-deploy-remote/SKILL.md

@@ -106,8 +106,8 @@ default), so no extra configuration is needed.
 > set on a headless host, the compatibility wrapper prints a warning.
 >
 > `NEMOCLAW_DISABLE_DEVICE_AUTH` is also evaluated at image build time.
-> If you disable device auth for a remote deployment, any device that can reach the dashboard origin can connect without pairing.
-> Avoid this on internet-reachable or shared-network deployments.
+> When `CHAT_UI_URL` points at a non-loopback origin, NemoClaw disables OpenClaw device pairing in the generated sandbox configuration because browser-only remote users cannot complete terminal-based pairing.
+> Any device that can reach the configured dashboard origin can connect without pairing, so avoid exposing that origin on internet-reachable or shared-network deployments.
 
 ## Step 7: Proxy Configuration
 

.agents/skills/nemoclaw-user-reference/references/commands.md

@@ -318,7 +318,9 @@ If the preset name is unknown or already applied, the command exits non-zero wit
 
 | Flag | Description |
 |------|-------------|
-| `--yes`, `--force` | Skip the confirmation prompt (requires a preset name) |
+| `--from-file <path>` | Apply a custom preset YAML file instead of a built-in preset |
+| `--from-dir <path>` | Apply every custom preset YAML file in a directory in lexicographic order |
+| `--yes`, `--force` | Skip the confirmation prompt (requires a preset name, `--from-file`, or `--from-dir`) |
 | `--dry-run` | Preview the endpoints a preset would open without applying changes |
 
 Use `--dry-run` to audit a preset before applying it:
@@ -327,6 +329,21 @@ Use `--dry-run` to audit a preset before applying it:
 $ nemoclaw my-assistant policy-add --dry-run
 ```
 
+Apply a custom preset file when you need to grant access to an endpoint that is not covered by a built-in preset:
+
+```console
+$ nemoclaw my-assistant policy-add --from-file ./presets/my-internal-api.yaml
+```
+
+For batch workflows, apply all preset files from a directory:
+
+```console
+$ nemoclaw my-assistant policy-add --from-dir ./presets/ --yes
+```
+
+Review every host in custom preset files before applying them.
+Custom presets bypass the built-in preset review process and can widen sandbox egress.
+
 ### `nemoclaw <name> policy-list`
 
 List available policy presets and show which ones are applied to the sandbox.

.agents/skills/nemoclaw-user-reference/references/troubleshooting.md

@@ -466,6 +466,24 @@ The status command detects the sandbox context and reports "active (inside sandb
 
 Run `openshell sandbox list` on the host to check the underlying sandbox state.
 
+### Git clone fails with a certificate verification error
+
+In networks that inspect TLS, OpenShell injects a proxy CA bundle into the sandbox.
+Current NemoClaw exports that bundle as `GIT_SSL_CAINFO` during sandbox startup and persists it for `nemoclaw <name> connect` sessions, so Git can trust the proxy CA.
+It also forwards standard CA bundle variables for subprocesses, including `GIT_SSL_CAPATH`, `CURL_CA_BUNDLE`, and `REQUESTS_CA_BUNDLE`.
+
+If Git still reports `server certificate verification failed`, reconnect to the sandbox and check that the CA variables are present:
+
+```console
+$ env | grep -E 'SSL_CERT_FILE|GIT_SSL_CAINFO|CURL_CA_BUNDLE|REQUESTS_CA_BUNDLE'
+```
+
+If they are missing on an older sandbox, upgrade NemoClaw and run:
+
+```console
+$ nemoclaw <name> rebuild
+```
+
 ### `openclaw update` hangs or times out inside the sandbox
 
 This is expected for the current NemoClaw deployment model.

docs/deployment/deploy-to-remote-gpu.md

@@ -116,8 +116,8 @@ available when the installer builds the sandbox image. If `CHAT_UI_URL` is not
 set on a headless host, the compatibility wrapper prints a warning.
 
 `NEMOCLAW_DISABLE_DEVICE_AUTH` is also evaluated at image build time.
-If you disable device auth for a remote deployment, any device that can reach the dashboard origin can connect without pairing.
-Avoid this on internet-reachable or shared-network deployments.
+When `CHAT_UI_URL` points at a non-loopback origin, NemoClaw disables OpenClaw device pairing in the generated sandbox configuration because browser-only remote users cannot complete terminal-based pairing.
+Any device that can reach the configured dashboard origin can connect without pairing, so avoid exposing that origin on internet-reachable or shared-network deployments.
 :::
 
 ## Proxy Configuration

docs/inference/inference-options.md

@@ -95,7 +95,9 @@ For setup instructions, refer to [Use a Local Inference Server](use-local-infere
 ## Validation
 
 NemoClaw validates the selected provider and model before creating the sandbox.
-If validation fails, the wizard returns to provider selection.
+If credential validation fails, the wizard asks whether to re-enter the API key, choose a different provider, retry, or exit.
+The `nvapi-` prefix check applies only to `NVIDIA_API_KEY`.
+Other provider credentials, such as `OPENAI_API_KEY`, `ANTHROPIC_API_KEY`, `GEMINI_API_KEY`, and compatible endpoint keys, use provider-aware validation during retry.
 
 | Provider type | Validation method |
 |---|---|

docs/inference/switch-inference-providers.md

@@ -133,22 +133,25 @@ This variable is only needed when switching between provider families.
 
 ## Tune Model Metadata
 
-The sandbox image bakes model metadata (context window, max output tokens, and reasoning mode) into `openclaw.json` at build time.
+The sandbox image bakes model metadata (context window, max output tokens, reasoning mode, and accepted input modalities) into `openclaw.json` at build time.
 To change these values, set the corresponding environment variables before running `nemoclaw onboard` so they patch into the Dockerfile before the image builds.
 
 | Variable | Values | Default |
 |---|---|---|
 | `NEMOCLAW_CONTEXT_WINDOW` | Positive integer (tokens) | `131072` |
 | `NEMOCLAW_MAX_TOKENS` | Positive integer (tokens) | `4096` |
 | `NEMOCLAW_REASONING` | `true` or `false` | `false` |
+| `NEMOCLAW_INFERENCE_INPUTS` | `text` or `text,image` | `text` |
 | `NEMOCLAW_AGENT_TIMEOUT` | Positive integer (seconds) | `600` |
 
 Invalid values are ignored, and the default bakes into the image.
+Use `NEMOCLAW_INFERENCE_INPUTS=text,image` only for a model that accepts image input through the selected provider.
 
 ```console
 $ export NEMOCLAW_CONTEXT_WINDOW=65536
 $ export NEMOCLAW_MAX_TOKENS=8192
 $ export NEMOCLAW_REASONING=true
+$ export NEMOCLAW_INFERENCE_INPUTS=text,image
 $ export NEMOCLAW_AGENT_TIMEOUT=1800
 $ nemoclaw onboard
 ```

docs/project.json

@@ -1 +1 @@
-{"name": "nemoclaw", "version": "0.0.25"}
+{"name": "nemoclaw", "version": "0.0.29"}

docs/reference/commands.md

@@ -348,7 +348,9 @@ If the preset name is unknown or already applied, the command exits non-zero wit
 
 | Flag | Description |
 |------|-------------|
-| `--yes`, `--force` | Skip the confirmation prompt (requires a preset name) |
+| `--from-file <path>` | Apply a custom preset YAML file instead of a built-in preset |
+| `--from-dir <path>` | Apply every custom preset YAML file in a directory in lexicographic order |
+| `--yes`, `--force` | Skip the confirmation prompt (requires a preset name, `--from-file`, or `--from-dir`) |
 | `--dry-run` | Preview the endpoints a preset would open without applying changes |
 
 Use `--dry-run` to audit a preset before applying it:
@@ -357,6 +359,21 @@ Use `--dry-run` to audit a preset before applying it:
 $ nemoclaw my-assistant policy-add --dry-run
 ```
 
+Apply a custom preset file when you need to grant access to an endpoint that is not covered by a built-in preset:
+
+```console
+$ nemoclaw my-assistant policy-add --from-file ./presets/my-internal-api.yaml
+```
+
+For batch workflows, apply all preset files from a directory:
+
+```console
+$ nemoclaw my-assistant policy-add --from-dir ./presets/ --yes
+```
+
+Review every host in custom preset files before applying them.
+Custom presets bypass the built-in preset review process and can widen sandbox egress.
+
 ### `nemoclaw <name> policy-list`
 
 List available policy presets and show which ones are applied to the sandbox.

docs/reference/troubleshooting.md

@@ -496,6 +496,24 @@ The status command detects the sandbox context and reports "active (inside sandb
 
 Run `openshell sandbox list` on the host to check the underlying sandbox state.
 
+### Git clone fails with a certificate verification error
+
+In networks that inspect TLS, OpenShell injects a proxy CA bundle into the sandbox.
+Current NemoClaw exports that bundle as `GIT_SSL_CAINFO` during sandbox startup and persists it for `nemoclaw <name> connect` sessions, so Git can trust the proxy CA.
+It also forwards standard CA bundle variables for subprocesses, including `GIT_SSL_CAPATH`, `CURL_CA_BUNDLE`, and `REQUESTS_CA_BUNDLE`.
+
+If Git still reports `server certificate verification failed`, reconnect to the sandbox and check that the CA variables are present:
+
+```console
+$ env | grep -E 'SSL_CERT_FILE|GIT_SSL_CAINFO|CURL_CA_BUNDLE|REQUESTS_CA_BUNDLE'
+```
+
+If they are missing on an older sandbox, upgrade NemoClaw and run:
+
+```console
+$ nemoclaw <name> rebuild
+```
+
 ### `openclaw update` hangs or times out inside the sandbox
 
 This is expected for the current NemoClaw deployment model.

docs/versions1.json

@@ -1,6 +1,10 @@
 [
   {
     "preferred": true,
+    "version": "0.0.29",
+    "url": "https://docs.nvidia.com/nemoclaw/0.0.29/"
+  },
+  {
     "version": "0.0.25",
     "url": "https://docs.nvidia.com/nemoclaw/0.0.25/"
   },
@@ -23,21 +27,5 @@
   {
     "version": "0.0.20",
     "url": "https://docs.nvidia.com/nemoclaw/0.0.20/"
-  },
-  {
-    "version": "0.0.19",
-    "url": "https://docs.nvidia.com/nemoclaw/0.0.19/"
-  },
-  {
-    "version": "0.0.18",
-    "url": "https://docs.nvidia.com/nemoclaw/0.0.18/"
-  },
-  {
-    "version": "0.0.17",
-    "url": "https://docs.nvidia.com/nemoclaw/0.0.17/"
-  },
-  {
-    "version": "0.0.16",
-    "url": "https://docs.nvidia.com/nemoclaw/0.0.16/"
   }
 ]