Skip to content

guides

Intended Documentation

OpenShell and NemoClaw Integration

Compile MIR intents and Domain LIM results into OpenShell policy YAML for the NVIDIA OpenShell / NemoClaw runtime stack.

intermediate2 min readimplemented

OpenShell and NemoClaw Integration#

Intended includes @intended/openshell-adapter, a reference integration that compiles Intended MIR intents and Domain LIM signals into policy YAML for the documented NVIDIA OpenShell interface.

  • NVIDIA OpenShell and NVIDIA NemoClaw are third-party projects published by NVIDIA under Apache 2.0
  • upstream materials currently describe those projects as alpha / early preview
  • Intended is an independent integration layer and is not affiliated with or endorsed by NVIDIA
  • Intended does not operate your upstream OpenShell or NemoClaw instance

What this integration does today#

  • compiles runtime requests into OpenShell-compatible YAML
  • infers presets such as github, npm_registry, openclaw_api, and provider/runtime hints
  • tightens generated policy when LIM indicates higher risk or fail-closed posture
  • supports CLI-driven policy generation for operator review and deployment

What it does not do today#

  • it does not remotely apply policy on your behalf
  • it does not stream upstream runtime telemetry back from NVIDIA software automatically
  • it does not convert upstream alpha software into a Intended-managed service

Installation#

bash
pnpm add @intended/openshell-adapter
pnpm add @intended/cli

Input shape#

Provide the runtime context plus one or more MIR intents:

json
{
  "runtime": "openclaw",
  "providers": ["nvidia"],
  "requestedPresets": ["github"],
  "intents": [
    {
      "intent": "sdlc.repo.write",
      "targetSystem": "github",
      "proposedAction": "push repository changes"
    }
  ],
  "lim": {
    "summary": "production repository write",
    "riskTier": "high",
    "failClosed": true
  }
}

Compile with the CLI#

bash
meritt openshell-compile \
  --input meritt-openshell.json \
  --output meritt-openshell.yaml \
  --runtime openclaw \
  --provider nvidia \
  --preset github

Apply the emitted policy#

Use the documented upstream OpenShell interface:

bash
openshell policy set meritt-openshell.yaml

Review the generated policy before applying it in any environment that can reach production systems or sensitive data.

  1. Compile policy in a review environment.
  2. Inspect inferred presets and endpoint scope.
  3. Validate the generated YAML against your runtime configuration.
  4. Apply in staging first.
  5. Promote to production only after operator review.

Security notes#

  • treat the generated policy as configuration with security impact
  • upstream runtime hardening remains your responsibility
  • do not treat the adapter as proof that upstream runtime defaults are safe
  • require review before allowing network destinations or privileged binaries