docs: refresh daily docs for 0.0.29

[miyoungc]

Summary

Refreshes user-facing docs for the last 24 hours of merged NemoClaw history and bumps the docs metadata to 0.0.29, the next version after v0.0.28. The updates are limited to behavior supported by merged PR descriptions and diffs.

Changes

• docs/reference/commands.md: documented nemoclaw <name> policy-add --from-file and --from-dir, including custom preset review guidance, from feat(policy): support custom preset files via --from-file / --from-dir (closes #2039) #2077 / commit 7720b175.
• docs/deployment/deploy-to-remote-gpu.md: clarified that non-loopback CHAT_UI_URL disables OpenClaw device pairing for remote browser-only deployments, from fix: auto-disable device auth for non-loopback URLs (#2341) #2449 / commit f5ee8a4d.
• docs/inference/inference-options.md: documented provider-aware credential retry validation and the NVIDIA-only nvapi- prefix check, from fix(onboard): don't enforce nvapi- prefix on non-NVIDIA API keys #2389 / commit 6f7f0c6d.
• docs/inference/switch-inference-providers.md: documented NEMOCLAW_INFERENCE_INPUTS for text/image-capable model metadata baked into openclaw.json, from fix(onboard): propagate NEMOCLAW_INFERENCE_INPUTS to baked openclaw.json #2441 / commit f4391892.
• docs/reference/troubleshooting.md: added the Git certificate verification entry for proxy CA propagation through GIT_SSL_CAINFO, GIT_SSL_CAPATH, CURL_CA_BUNDLE, and REQUESTS_CA_BUNDLE, from fix(sandbox): export GIT_SSL_CAINFO so git trusts proxy CA #2345 / commit fa0dc1ab.
• docs/versions1.json and docs/project.json: promoted docs version 0.0.29; docs/versions1.json omits unpublished 0.0.26, 0.0.27, and 0.0.28 entries.
• .agents/skills/nemoclaw-user-*: regenerated derived user skill references from the updated docs.
• Reviewed with no extra doc changes: fix(onboard): clarify preflight messages reference local NIM #2575 / d392ec07, fix(sandbox): include generate-openclaw-config.py in optimized build context #2565 / a3231049, fix(uninstall): source nvm before npm uninstall to find the correct p… #1965 / db1ef3ca, fix(inference): migrate GLM-5 model references to GLM-5.1 (#1744) #1990 / db665834, refactor(onboard): extract modules from onboard.ts (Steps 1-3, rebased) #2495 / 7da86fa3, feat(cli): add gateway-token command to retrieve sandbox auth token #2496 / 3192f4f4, fix(sandbox): strip forward-proxy fields when rewriting to https.request #2490 / 8c209058, fix(onboard): auto-patch cluster image for Docker 26+ overlayfs nested mount break #2487 / 1f615e2f, perf(dockerfile): move token injection to late layer to preserve build cache #2483 / 5653d33a, fix(security): revert gateway auth token externalization #2482 / 31c782c0, chore(deps): bump OpenClaw from 2026.4.2 to 2026.4.9 #2464 / 23bb5703, fix(sandbox): fix non-root gateway startup and add crash safety net #2472 / a54f9a34, and fix(install): refuse to auto-resume a failed onboarding session #2437 / 6bc860d7.
• Skipped per docs policy: fix(cli): replace config-set allow-list with mode-based new-path gate #2420 / 7b76df6b touched the experimental sandbox config path listed in docs/.docs-skip; fix(hermes): set file permissions so sandbox user can read copied files #2466 / cc15689c touched a skipped term and CI-only sandbox image files.

Type of Change

• Code change (feature, bug fix, or refactor)
• Code change with doc updates
• Doc only (prose changes, no code sample modifications)
• Doc only (includes code sample changes)

Verification

• npx prek run --all-files passes
• npm test passes — failed locally in installer-integration tests and one onboard helper timeout; the doc-scoped hook test projects passed under prek.
• Tests added or updated for new or changed behavior
• No secrets, API keys, or credentials committed
• Docs updated for user-facing behavior changes
• make docs builds without warnings (doc changes only) — build succeeded, but local Sphinx emitted the existing version-switcher file read message.
• Doc pages follow the style guide (doc changes only)
• New doc pages include SPDX header and frontmatter (new pages only)

AI Disclosure

• AI-assisted — tool: Codex

---

Signed-off-by: Miyoung Choi miyoungc@nvidia.com

Summary by CodeRabbit

• New Features

  • Support for custom YAML presets in policy configuration via --from-file and --from-dir.
  • New build-time inference input option to declare accepted modalities (text or text,image).

• Improvements

  • Credential validation now offers interactive recovery: re-enter key, retry, choose another provider, or exit.
  • Clarified provider-specific API key prefix handling (nvapi- only applies to NVIDIA keys).

• Documentation

  • TLS certificate troubleshooting for inspected networks.
  • Clarified remote dashboard security/device-pairing behavior; command docs updated; docs version bumped.

[coderabbitai]

📝 Walkthrough

Walkthrough

Refines several docs: updates inference credential validation flow, ties OpenClaw pairing disablement to non-loopback CHAT_UI_URL, adds policy-add flags for custom YAML presets, documents Git TLS-inspection CA troubleshooting, and bumps documentation version metadata to 0.0.29.

Changes

Cohort / File(s)	Summary
Inference Validation Flow /.agents/skills/nemoclaw-user-configure-inference/references/inference-options.md, docs/inference/inference-options.md	Distinguishes credential-specific validation failures from generic provider/model failures; wizard now offers re-enter API key / select another provider / retry / exit options. Notes nvapi- prefix check applies only to NVIDIA_API_KEY.
Remote Deployment Security /.agents/skills/nemoclaw-user-deploy-remote/SKILL.md, docs/deployment/deploy-to-remote-gpu.md	Reframes device-pairing disablement to depend on CHAT_UI_URL being a non-loopback origin; clarifies browser-only remote users cannot complete terminal pairing and warns against exposing the dashboard origin.
Policy Command & Troubleshooting /.agents/skills/nemoclaw-user-reference/references/commands.md, docs/reference/commands.md, /.agents/skills/nemoclaw-user-reference/references/troubleshooting.md, docs/reference/troubleshooting.md	Adds --from-file and --from-dir for nemoclaw <name> policy-add, updates --yes/--force behavior and examples; adds troubleshooting for Git certificate errors in TLS-inspecting networks and documents CA-bundle env var export/persistence.
Inference Inputs Metadata /.agents/skills/nemoclaw-user-configure-inference/SKILL.md, docs/inference/switch-inference-providers.md	Introduces NEMOCLAW_INFERENCE_INPUTS build-time env var and documents accepted input modalities (text or text,image) in model metadata; updates onboarding examples.
Version Metadata docs/project.json, docs/versions1.json	Bumps docs/project.json version from 0.0.25 to 0.0.29; adds 0.0.29 as preferred in docs/versions1.json and removes older public entries (0.0.16–0.0.19).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐇 I hopped through pages, soft and spry,

Tucked keys and CA-bundles where they lie.
Presets, inputs, pairing in a line—
Versioned snugly: 0.0.29. 🥕✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'docs: refresh daily docs for 0.0.29' directly reflects the main change: bumping documentation to version 0.0.29 and refreshing docs based on merged NemoClaw history.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch docs/daily-refresh-0.0.29

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

docs/reference/commands.md (1)

351-375: ⚠️ Potential issue | 🟡 Minor

Document --from-file and --from-dir exclusivity and batch-failure behavior.

The new flags are documented, but the page does not mention that combining both flags is invalid, and --from-dir stops on the first failing preset. Adding this avoids confusing failures in automation.

Proposed doc addition

 | `--from-file <path>` | Apply a custom preset YAML file instead of a built-in preset |
 | `--from-dir <path>` | Apply every custom preset YAML file in a directory in lexicographic order |
 | `--yes`, `--force` | Skip the confirmation prompt (requires a preset name, `--from-file`, or `--from-dir`) |
 | `--dry-run` | Preview the endpoints a preset would open without applying changes |

+`--from-file` and `--from-dir` are mutually exclusive.
+`--from-dir` reads only `.yaml` and `.yml` files and aborts on the first failed preset.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docs/reference/commands.md` around lines 351 - 375, Update the policy-add CLI
docs to state that the flags `--from-file` and `--from-dir` are mutually
exclusive (cannot be used together) and to document the batch-failure behavior
of `--from-dir` (it stops processing on the first failing preset), referencing
the `policy-add` command and the flags `--from-file`, `--from-dir`, and
`--yes`/`--force` so readers know the limitation and that automation should
handle failure/ordering accordingly.

🧹 Nitpick comments (1)

docs/reference/troubleshooting.md (1)

499-499: Format git clone as inline code in the heading.

Line 499 uses a CLI command phrase in prose form. Use inline code formatting for command names in headings too for consistency.

As per coding guidelines, "CLI commands, file paths, flags, parameter names, and values must use inline code formatting."

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docs/reference/troubleshooting.md` at line 499, Update the heading "### Git
clone fails with a certificate verification error" to format the CLI command as
inline code by changing it to "### `git clone` fails with a certificate
verification error"; locate the heading text in the docs (search for the exact
string) and replace it so that the command `git clone` uses inline backticks to
comply with the guideline that CLI commands, file paths, flags and parameters
use code formatting.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@docs/reference/troubleshooting.md`:
- Around line 503-509: The verification command omits GIT_SSL_CAPATH even though
the text mentions it; update the env check used in the troubleshooting doc (the
grep pattern used in the `env | grep -E '...'` line) to include GIT_SSL_CAPATH
alongside SSL_CERT_FILE, GIT_SSL_CAINFO, CURL_CA_BUNDLE, and REQUESTS_CA_BUNDLE
so the command actually verifies all listed CA-related variables.

---

Outside diff comments:
In `@docs/reference/commands.md`:
- Around line 351-375: Update the policy-add CLI docs to state that the flags
`--from-file` and `--from-dir` are mutually exclusive (cannot be used together)
and to document the batch-failure behavior of `--from-dir` (it stops processing
on the first failing preset), referencing the `policy-add` command and the flags
`--from-file`, `--from-dir`, and `--yes`/`--force` so readers know the
limitation and that automation should handle failure/ordering accordingly.

---

Nitpick comments:
In `@docs/reference/troubleshooting.md`:
- Line 499: Update the heading "### Git clone fails with a certificate
verification error" to format the CLI command as inline code by changing it to
"### `git clone` fails with a certificate verification error"; locate the
heading text in the docs (search for the exact string) and replace it so that
the command `git clone` uses inline backticks to comply with the guideline that
CLI commands, file paths, flags and parameters use code formatting.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 6fc5ce9d-e072-4faf-864a-8435b6bf1d13

📥 Commits

Reviewing files that changed from the base of the PR and between d392ec0 and 2068960.

📒 Files selected for processing (10)

• .agents/skills/nemoclaw-user-configure-inference/references/inference-options.md
• .agents/skills/nemoclaw-user-deploy-remote/SKILL.md
• .agents/skills/nemoclaw-user-reference/references/commands.md
• .agents/skills/nemoclaw-user-reference/references/troubleshooting.md
• docs/deployment/deploy-to-remote-gpu.md
• docs/inference/inference-options.md
• docs/project.json
• docs/reference/commands.md
• docs/reference/troubleshooting.md
• docs/versions1.json

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Include GIT_SSL_CAPATH in the verification command.

Line 503 documents GIT_SSL_CAPATH, but Line 508 does not verify it. That can hide the exact missing variable in failing environments.

Proposed doc fix

-$ env | grep -E 'SSL_CERT_FILE|GIT_SSL_CAINFO|CURL_CA_BUNDLE|REQUESTS_CA_BUNDLE'
+$ env | grep -E 'SSL_CERT_FILE|GIT_SSL_CAINFO|GIT_SSL_CAPATH|CURL_CA_BUNDLE|REQUESTS_CA_BUNDLE'

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docs/reference/troubleshooting.md` around lines 503 - 509, The verification
command omits GIT_SSL_CAPATH even though the text mentions it; update the env
check used in the troubleshooting doc (the grep pattern used in the `env | grep
-E '...'` line) to include GIT_SSL_CAPATH alongside SSL_CERT_FILE,
GIT_SSL_CAINFO, CURL_CA_BUNDLE, and REQUESTS_CA_BUNDLE so the command actually
verifies all listed CA-related variables.