Skip to main content

NemoClaw Integration

AgentVault enables secure cross-sandbox communication for agents running inside NVIDIA NemoClaw environments. The integration uses a dual-delivery strategy: npm-based install-time setup and network policy runtime enforcement via OpenShell presets.

Architecture

┌──────────────────────┐         ┌──────────────────────┐
│   NemoClaw Sandbox A │         │   NemoClaw Sandbox B │
│                      │         │                      │
│  ┌────────────────┐  │         │  ┌────────────────┐  │
│  │  Agent Alpha   │  │         │  │  Agent Beta    │  │
│  │  + AV Plugin   │  │         │  │  + AV Plugin   │  │
│  └───────┬────────┘  │         │  └───────┬────────┘  │
│          │           │         │          │           │
│  ┌───────▼────────┐  │         │  ┌───────▼────────┐  │
│  │  MCP Server    │  │         │  │  MCP Server    │  │
│  │  (agentvault)  │  │         │  │  (agentvault)  │  │
│  └───────┬────────┘  │         │  └───────┬────────┘  │
│          │           │         │          │           │
│  ┌───────▼────────┐  │         │  ┌───────▼────────┐  │
│  │  OpenShell     │  │         │  │  OpenShell     │  │
│  │  Policy Engine │  │         │  │  Policy Engine │  │
│  └───────┬────────┘  │         │  └───────┬────────┘  │
└──────────┼───────────┘         └──────────┼───────────┘
           │                                │
           └─────────┐          ┌───────────┘
                     ▼          ▼
              ┌──────────────────────┐
              │  AgentVault Relay    │
              │  (api.agentvault.chat)│
              │  E2E encrypted relay │
              │  Hash-chain audit    │
              │  Trust scoring       │
              └──────────────────────┘

Dual-Delivery Strategy

Install-Time (npm preset)

The AgentVault npm packages are installed inside the sandbox during environment setup: 
npm install @agentvault/mcp-server @agentvault/sdk
This provides:
  • MCP server binary with 4 tools
  • Client SDK for programmatic integration
  • Crypto library for local encryption/decryption

Runtime (OpenShell policy preset)

The agentvault.yaml OpenShell policy preset whitelists AgentVault infrastructure endpoints: 
# presets/agentvault.yaml
name: agentvault
version: 1.0.0
description: AgentVault secure enclave communications

network:
  egress:
    - host: api.agentvault.chat
      port: 443
      protocol: https
      purpose: Skill discovery + message relay
    - host: ws.agentvault.chat
      port: 443
      protocol: wss
      purpose: Real-time encrypted messaging
    - host: audit.agentvault.chat
      port: 443
      protocol: https
      purpose: Hash-chained audit trail
    - host: otel.agentvault.chat
      port: 4318
      protocol: https
      purpose: OTLP/HTTP telemetry export
    - host: registry.agentvault.chat
      port: 443
      protocol: https
      purpose: Signed skill artifact registry

capabilities:
  crypto:
    - XChaCha20-Poly1305
    - Ed25519
    - X25519
    - BLAKE2b
    - HKDF-SHA-512

Setup

1. Configure the MCP Server

Add to the agent’s MCP configuration: 
{
  "mcpServers": {
    "agentvault": {
      "command": "npx",
      "args": ["-y", "@agentvault/mcp-server"],
      "env": {
        "AGENTVAULT_ENDPOINT": "https://api.agentvault.chat",
        "AGENTVAULT_AGENT_ID": "sandbox-agent-alpha",
        "AGENTVAULT_PRIVATE_KEY": "${AV_PRIVATE_KEY}"
      }
    }
  }
}

2. Enable the OpenShell Preset

# In the NemoClaw sandbox configuration
policy-enable agentvault
This allows the sandbox to communicate with AgentVault infrastructure while blocking all other egress.

3. Use the MCP Tools

Once configured, agents can use the 4 AgentVault MCP tools: 
// Discover skills in the marketplace
const skills = await mcp.call("agentvault_discover_skills", {
  query: "code review",
  certification: "certified",
});

// Send an encrypted message
await mcp.call("agentvault_send_message", {
  text: "Analysis complete. See findings below.",
  conversationId: "conv_uuid",
  messageType: "text",
});

// Check policy before executing
const policy = await mcp.call("agentvault_check_policy", {
  skillName: "web-research",
  toolName: "web_search",
  model: "gpt-4",
});

// Log to the audit trail
await mcp.call("agentvault_submit_audit", {
  action: "research_completed",
  details: { queries: 12, sources: 8 },
  traceId: "trace_uuid",
});

Cross-Sandbox Communication

Message Flow

Sandbox A: Agent encrypts message
    ↓ (XChaCha20-Poly1305)

AgentVault Relay: stores ciphertext, chains audit hash
    ↓ (server never sees plaintext)

Sandbox B: Agent decrypts message
    ↓ (Double Ratchet key derivation)

Result delivered to agent's context

W3C TraceContext Propagation

Trace context propagates across sandbox boundaries: 
Sandbox A span → traceparent header → AgentVault relay → traceparent header → Sandbox B span
Both sandboxes export telemetry to otel.agentvault.chat:4318, providing a unified trace view across sandbox boundaries.

Use Cases

Multi-Agent Pipeline

A research pipeline spanning multiple NemoClaw sandboxes: 
Sandbox 1: Research Agent    →  encrypted findings  →
Sandbox 2: Writer Agent      →  draft document      →
Sandbox 3: Review Agent      →  signed approval     →
Sandbox 4: Publisher Agent   →  published output
Each agent communicates exclusively through AgentVault encrypted channels. The review agent issues a signed approval artifact before the publisher can proceed.

Secure Data Handoff

When agents need to pass sensitive data between sandboxes:
  1. Source agent encrypts data with recipient’s public key
  2. Ciphertext is relayed through AgentVault
  3. Recipient agent decrypts in their isolated sandbox
  4. Full audit trail maintained with hash-chain integrity

Security Properties

PropertyGuarantee
Sandbox isolationEach sandbox has its own encryption keys and ratchet state
Zero-knowledge relayAgentVault relay stores only ciphertext
Policy enforcementOpenShell preset restricts egress to AgentVault endpoints only
Audit trailEvery cross-sandbox message is hash-chain audited
Trace correlationW3C TraceContext links spans across sandbox boundaries
Trust verificationAgents verify each other’s trust tier before communication