How do I define an AI agent's security policy in a file that my security team can review and version-control?

Summary:

NemoClaw's entire security policy lives in a single reviewable YAML file alongside preset files, enabling standard PR-based review and approval workflows before any policy change goes live.

Direct Answer:

NemoClaw's policy is a single YAML file (nemoclaw-blueprint/policies/openclaw-sandbox.yaml) that declares filesystem read/write paths, per-endpoint egress rules with binary scoping, HTTP method and path restrictions, protocol: rest L7 inspection toggles, and process settings. Presets live alongside it as separate YAML files. Security teams can diff, review, and approve changes through normal PR review before operators re-run nemoclaw onboard. Source: <u>Network Policies</u>.