fix(cli): add local-inference policy preset for Ollama/vLLM host access (#693)

bin/lib/onboard.js

@@ -3546,11 +3546,19 @@ async function setupOpenclaw(sandboxName, model, provider) {
 // ── Step 7: Policy presets ───────────────────────────────────────
 
 // eslint-disable-next-line complexity
-async function _setupPolicies(sandboxName) {
+async function _setupPolicies(sandboxName, provider = null) {
   step(8, 8, "Policy presets");
 
   const suggestions = ["pypi", "npm"];
 
+  // Auto-detect local inference — sandbox needs host gateway egress
+  const sandbox = registry.getSandbox(sandboxName);
+  const sandboxProvider = provider || (sandbox ? sandbox.provider : null);
+  if (sandboxProvider === "ollama-local" || sandboxProvider === "vllm-local") {
+    suggestions.push("local-inference");
+    console.log(`  Auto-detected: ${sandboxProvider} → suggesting local-inference preset`);
+  }
+
   // Auto-detect based on env tokens
   if (getCredential("TELEGRAM_BOT_TOKEN")) {
     suggestions.push("telegram");
@@ -3823,6 +3831,7 @@ async function presetsCheckboxSelector(allPresets, initialSelected) {
 async function setupPoliciesWithSelection(sandboxName, options = {}) {
   const selectedPresets = Array.isArray(options.selectedPresets) ? options.selectedPresets : null;
   const onSelection = typeof options.onSelection === "function" ? options.onSelection : null;
+  const provider = options.provider || null;
   const webSearchConfig = options.webSearchConfig || null;
 
   step(8, 8, "Policy presets");
@@ -3834,6 +3843,14 @@ async function setupPoliciesWithSelection(sandboxName, options = {}) {
     suggestions.push("discord");
   if (webSearchConfig) suggestions.push("brave");
 
+  // Auto-detect local inference — sandbox needs host gateway egress
+  const sandbox = registry.getSandbox(sandboxName);
+  const sandboxProvider = provider || (sandbox ? sandbox.provider : null);
+  if (sandboxProvider === "ollama-local" || sandboxProvider === "vllm-local") {
+    suggestions.push("local-inference");
+    console.log(`  Auto-detected: ${sandboxProvider} → suggesting local-inference preset`);
+  }
+
   const allPresets = policies.listPresets();
   const applied = policies.getAppliedPresets(sandboxName);
   let chosen = selectedPresets;
@@ -4445,6 +4462,7 @@ async function onboard(opts = {}) {
         policyPresets: recordedPolicyPresets || [],
       });
       const appliedPolicyPresets = await setupPoliciesWithSelection(sandboxName, {
+        provider,
         selectedPresets:
           resume &&
           session?.steps?.policies?.status !== "complete" &&

nemoclaw-blueprint/policies/presets/local-inference.yaml

@@ -0,0 +1,28 @@
+# SPDX-FileCopyrightText: Copyright (c) 2026 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+
+preset:
+  name: local-inference
+  description: "Local inference access (Ollama, vLLM) via host gateway"
+
+network_policies:
+  local_inference:
+    name: local_inference
+    endpoints:
+      - host: host.openshell.internal
+        port: 11434
+        protocol: rest
+        enforcement: enforce
+        rules:
+          - allow: { method: GET, path: "/**" }
+          - allow: { method: POST, path: "/**" }
+      - host: host.openshell.internal
+        port: 8000
+        protocol: rest
+        enforcement: enforce
+        rules:
+          - allow: { method: GET, path: "/**" }
+          - allow: { method: POST, path: "/**" }
+    binaries:
+      - { path: /usr/local/bin/openclaw }
+      - { path: /usr/local/bin/claude }

scripts/install.sh

@@ -857,7 +857,14 @@ install_nemoclaw() {
     spin "Installing NemoClaw dependencies" bash -c "cd \"$NEMOCLAW_SOURCE_ROOT\" && npm install --ignore-scripts"
     spin "Building NemoClaw CLI modules" bash -c "cd \"$NEMOCLAW_SOURCE_ROOT\" && npm run --if-present build:cli"
     spin "Building NemoClaw plugin" bash -c "cd \"$NEMOCLAW_SOURCE_ROOT\"/nemoclaw && npm install --ignore-scripts && npm run build"
-    spin "Linking NemoClaw CLI" bash -c "cd \"$NEMOCLAW_SOURCE_ROOT\" && npm link"
+    # Use sudo for npm link only when the global prefix is not writable
+    local npm_global_prefix
+    npm_global_prefix="$(npm config get prefix 2>/dev/null)" || true
+    local sudo_cmd=""
+    if [ -n "$npm_global_prefix" ] && [ ! -w "$npm_global_prefix" ] && [ "$(id -u)" -ne 0 ]; then
+      sudo_cmd="sudo"
+    fi
+    spin "Linking NemoClaw CLI" bash -c "cd \"$NEMOCLAW_SOURCE_ROOT\" && $sudo_cmd npm link"
   else
     if [[ -f "$package_json" ]]; then
       info "Installer payload is not a persistent source checkout — installing from GitHub…"
@@ -888,7 +895,14 @@ install_nemoclaw() {
     spin "Installing NemoClaw dependencies" bash -c "cd \"$nemoclaw_src\" && npm install --ignore-scripts"
     spin "Building NemoClaw CLI modules" bash -c "cd \"$nemoclaw_src\" && npm run --if-present build:cli"
     spin "Building NemoClaw plugin" bash -c "cd \"$nemoclaw_src\"/nemoclaw && npm install --ignore-scripts && npm run build"
-    spin "Linking NemoClaw CLI" bash -c "cd \"$nemoclaw_src\" && npm link"
+    # Use sudo for npm link only when the global prefix is not writable
+    local npm_global_prefix
+    npm_global_prefix="$(npm config get prefix 2>/dev/null)" || true
+    local sudo_cmd=""
+    if [ -n "$npm_global_prefix" ] && [ ! -w "$npm_global_prefix" ] && [ "$(id -u)" -ne 0 ]; then
+      sudo_cmd="sudo"
+    fi
+    spin "Linking NemoClaw CLI" bash -c "cd \"$nemoclaw_src\" && $sudo_cmd npm link"
   fi
 
   refresh_path

scripts/walkthrough.sh

@@ -84,10 +84,9 @@ tmux kill-session -t "$SESSION" 2>/dev/null || true
 # Create session with TUI on the left
 tmux new-session -d -s "$SESSION" -x 200 -y 50 "openshell term"
 
-# Split right pane for the agent
-# NVIDIA_API_KEY is not needed inside the sandbox — inference is proxied
-# through the OpenShell gateway which injects credentials server-side.
-tmux split-window -h -t "$SESSION" \
+# Split right pane for the agent — pass NVIDIA_API_KEY via tmux -e so it
+# reaches the sandbox environment without being embedded in the command string.
+tmux split-window -h -t "$SESSION" -e "NVIDIA_API_KEY=$NVIDIA_API_KEY" \
   "openshell sandbox connect nemoclaw -- bash -c 'nemoclaw-start openclaw agent --agent main --local --session-id live'"
 
 # Even split

test/policies.test.js

@@ -95,9 +95,9 @@ selectFromList(items, options)
 
 describe("policies", () => {
   describe("listPresets", () => {
-    it("returns all 10 presets", () => {
+    it("returns all 11 presets", () => {
       const presets = policies.listPresets();
-      expect(presets.length).toBe(10);
+      expect(presets.length).toBe(11);
     });
 
     it("each preset has name and description", () => {
@@ -118,6 +118,7 @@ describe("policies", () => {
         "discord",
         "huggingface",
         "jira",
+        "local-inference",
         "npm",
         "outlook",
         "pypi",
@@ -246,6 +247,33 @@ describe("policies", () => {
     });
   });
 
+  describe("local-inference preset", () => {
+    it("loads and contains host.openshell.internal", () => {
+      const content = policies.loadPreset("local-inference");
+      expect(content).toBeTruthy();
+      const hosts = policies.getPresetEndpoints(content);
+      expect(hosts.includes("host.openshell.internal")).toBeTruthy();
+    });
+
+    it("allows Ollama port 11434 and vLLM port 8000", () => {
+      const content = policies.loadPreset("local-inference");
+      expect(content.includes("port: 11434")).toBe(true);
+      expect(content.includes("port: 8000")).toBe(true);
+    });
+
+    it("has a binaries section", () => {
+      const content = policies.loadPreset("local-inference");
+      expect(content.includes("binaries:")).toBe(true);
+    });
+
+    it("extracts valid network_policies entries", () => {
+      const content = policies.loadPreset("local-inference");
+      const entries = policies.extractPresetEntries(content);
+      expect(entries).toBeTruthy();
+      expect(entries.includes("local_inference")).toBe(true);
+    });
+  });
+
   describe("buildPolicySetCommand", () => {
     it("shell-quotes sandbox name to prevent injection", () => {
       const cmd = policies.buildPolicySetCommand("/tmp/policy.yaml", "my-assistant");

test/runner.test.js

@@ -495,7 +495,10 @@ describe("regression guards", () => {
         path.join(import.meta.dirname, "..", "scripts", "walkthrough.sh"),
         "utf-8",
       );
-      // Check only executable lines (tmux spawn, openshell connect) — not comments/docs
+      // Check only executable lines (tmux spawn, openshell connect) — not comments/docs.
+      // The safe `tmux -e "NVIDIA_API_KEY=..."` pattern is allowed because it
+      // passes the key through the environment rather than embedding it in the
+      // shell command that runs inside the sandbox.
       const cmdLines = src
         .split("\n")
         .filter(
@@ -505,7 +508,10 @@ describe("regression guards", () => {
             (l.includes("tmux") || l.includes("openshell sandbox connect")),
         );
       for (const line of cmdLines) {
-        expect(line.includes("NVIDIA_API_KEY")).toBe(false);
+        if (line.includes("NVIDIA_API_KEY")) {
+          // Only the tmux -e env-passing pattern is acceptable
+          expect(line).toMatch(/-e\s+"NVIDIA_API_KEY=/);
+        }
       }
     });