Adds the SafetyNYC gateway (host.openshell.internal:8000) to a NemoClaw sandbox's network policy so the other SafetyNYC skills can reach it through the deny-by-default OpenShell egress filter. Use when the user sees a blocked egress in the sandbox, when onboarding a new NemoClaw sandbox, or when the gateway is running on the host but the sandbox cannot curl it.
Tell the NemoClaw sandbox that the SafetyNYC gateway is allowed. Without this rule, any call from inside the sandbox to the host-side gateway fails silently (deny-by-default OpenShell egress filter). Verified against real NemoClaw alpha v0.0.13 on 2026-04-11 — the schema below matches files in ~/.nemoclaw/source/nemoclaw-blueprint/policies/.
http://127.0.0.1:8000, but a NemoClaw sandbox is a containerized pod (Landlock + seccomp + netns, Kubernetes pod inside an OpenShell gateway). Inside the sandbox, the host is reachable as host.openshell.internal, NOT as 127.0.0.1. The policy rule must use host.openshell.internal:8000.0.0.0.0:11434 (not ) for the same reason. This applies to any host-side service a sandbox wants to reach. If SafetyNYC's is bound to , launch it with instead — see the bottom of this skill for the command.127.0.0.1:11434uvicorn127.0.0.1--host 0.0.0.0/usr/local/bin/claude) make the request. This is unusual — most firewalls are per-host-port only.● = applied, ○ = not applied in nemoclaw <sandbox> policy-list. Active version is shown in Policy version N loaded messages during onboard.nemoclaw onboard has completed).safetynyc-user-route or safetynyc-user-camera-report is blocked by the sandbox's egress filter.curl http://127.0.0.1:8000/health works from the host, fails from inside nemoclaw <sandbox> connect).A sandbox network policy lives at ~/.nemoclaw/source/nemoclaw-blueprint/policies/openclaw-sandbox.yaml as the base policy, with add-on presets in ~/.nemoclaw/source/nemoclaw-blueprint/policies/presets/*.yaml. Each preset wraps its rules under a preset: {name, description} header and then the same network_policies: block as the base.
Shape of a single network policy entry:
network_policies:
<policy_name>:
name: <policy_name>
endpoints:
- host: <hostname>
port: <port>
protocol: rest # required — 'rest' is the HTTP/REST interpreter
enforcement: enforce # required
tls: terminate # include for HTTPS only; omit for HTTP
rules:
- allow: { method: GET, path: "/**" }
- allow: { method: POST, path: "/**" }
binaries:
- { path: /usr/local/bin/claude }
- { path: /usr/local/bin/openclaw }
Alternative short form (TCP tunnel, no HTTP-method filtering — see presets/github.yaml / presets/brew.yaml):
- host: <hostname>
port: <port>
access: full
nemoclaw policy-addCreate ~/.nemoclaw/source/nemoclaw-blueprint/policies/presets/safetynyc-gateway.yaml:
# SPDX-FileCopyrightText: Copyright (c) 2026 SafetyNYC team
# SPDX-License-Identifier: MIT