Skip to content

guides

Intended Documentation

OpenShell and NemoClaw Integration

Compile Open Intent Layer intents and Domain LIM results into OpenShell policy YAML for the NVIDIA OpenShell / NemoClaw runtime stack.

intermediate2 min readimplemented

OpenShell and NemoClaw Integration#

Intended includes @intended/openshell-adapter, a reference integration that compiles Open Intent Layer intents and Domain LIM signals into policy YAML for the documented NVIDIA OpenShell interface.

  • NVIDIA OpenShell and NVIDIA NemoClaw are third-party projects published by NVIDIA under Apache 2.0
  • upstream materials currently describe those projects as alpha / early preview
  • Intended is an independent integration layer and is not affiliated with or endorsed by NVIDIA
  • Intended does not operate your upstream OpenShell or NemoClaw instance

What this integration does today#

  • compiles runtime requests into OpenShell-compatible YAML
  • infers presets such as github, npm_registry, openclaw_api, and provider/runtime hints
  • tightens generated policy when LIM indicates higher risk or fail-closed posture
  • supports CLI-driven policy generation for operator review and deployment

What it does not do today#

  • it does not remotely apply policy on your behalf
  • it does not stream upstream runtime telemetry back from NVIDIA software automatically
  • it does not convert upstream alpha software into a Intended-managed service

Installation#

bash
pnpm add @intended/openshell-adapter
pnpm add @intended/cli

Input shape#

Provide the runtime context plus one or more Open Intent Layer intents:

json
{
  "runtime": "openclaw",
  "providers": ["nvidia"],
  "requestedPresets": ["github"],
  "intents": [
    {
      "intent": "sdlc.repo.write",
      "targetSystem": "github",
      "proposedAction": "push repository changes"
    }
  ],
  "lim": {
    "summary": "production repository write",
    "riskTier": "high",
    "failClosed": true
  }
}

Compile with the CLI#

bash
intended openshell-compile \
  --input intended-openshell.json \
  --output intended-openshell.yaml \
  --runtime openclaw \
  --provider nvidia \
  --preset github

Apply the emitted policy#

Use the documented upstream OpenShell interface:

bash
openshell policy set intended-openshell.yaml

Review the generated policy before applying it in any environment that can reach production systems or sensitive data.

  1. Compile policy in a review environment.
  2. Inspect inferred presets and endpoint scope.
  3. Validate the generated YAML against your runtime configuration.
  4. Apply in staging first.
  5. Promote to production only after operator review.

Security notes#

  • treat the generated policy as configuration with security impact
  • upstream runtime hardening remains your responsibility
  • do not treat the adapter as proof that upstream runtime defaults are safe
  • require review before allowing network destinations or privileged binaries
OpenShell and NemoClaw Integration | Intended