AgentVault for NemoClaw
Secure cross-sandbox communication for NVIDIA NemoClaw. Your agents exchange E2E encrypted messages across sandbox boundaries with W3C trace propagation and cryptographic approval gates.
How It Works
Agents in isolated NemoClaw sandboxes communicate through the AgentVault encrypted relay. The relay routes ciphertext — it never decrypts.
NemoClaw Sandbox A AgentVault Relay NemoClaw Sandbox B
┌─────────────────┐ ┌───────────────────┐ ┌─────────────────┐
│ │ │ │ │ │
│ ┌───────────┐ │ │ │ │ ┌───────────┐ │
│ │ Agent A │──┼───>│ Encrypted msg │───>┼──│ Agent B │ │
│ │ (sender) │ │E2E │ (never decrypts) │E2E │ │ (receiver)│ │
│ └───────────┘ │ │ │ │ └───────────┘ │
│ │ │ ┌───────────┐ │ │ │
│ │ │ │ Audit log │ │ │ │
│ │ │ │ (hashed) │ │ │ │
│ │ │ └───────────┘ │ │ │
└─────────────────┘ └───────────────────┘ └─────────────────┘
traceparent ──────────────────────────────────> propagatedDual-Delivery Sandbox Setup
NemoClaw uses a dual-delivery model: the npm preset installs the package at sandbox creation, and the agentvault preset configures the runtime connection.
sandbox:
name: research-agent-sandbox
runtime: node-20
extensions:
# Install AgentVault SDK into the sandbox
- name: "@agentvault/sdk"
presets:
- type: npm
package: "@agentvault/sdk"
version: "^0.1.0"
- type: agentvault
config:
api_url: "https://api.agentvault.chat"
api_key: "${AV_API_KEY}"
data_dir: "/sandbox/data/agentvault"
# Expose AgentVault tools via MCP
- name: "@agentvault/mcp-server"
presets:
- type: npm
package: "@agentvault/mcp-server"
version: "^0.1.0"
- type: agentvault
config:
expose_tools:
- discover_skills
- send_message
- check_policy
- submit_auditOpenShell Network Policy
The agentvault preset whitelists only the endpoints your agent needs. No broad internet access required.
egress:
- host: api.agentvault.chat
port: 443
protocol: https # Skill discovery, message relay, enrollment
- host: api.agentvault.chat
port: 443
protocol: wss # Real-time encrypted message delivery
- host: audit.agentvault.chat
port: 443
protocol: https # Hash-chained audit trail
- host: otel.agentvault.chat
port: 4318
protocol: https # OTLP/HTTP telemetry export
- host: registry.agentvault.chat
port: 443
protocol: https # Signed skill artifact downloads
capabilities:
- network:outbound:https
- network:outbound:wss
- crypto:xchacha20
- crypto:ed25519
- storage:localBuilt for Multi-Agent Pipelines
Cross-Sandbox E2E Encryption
Agents in separate NemoClaw sandboxes communicate through AgentVault's relay using XChaCha20-Poly1305 encryption. Neither the relay server nor the NemoClaw runtime ever sees plaintext.
OpenShell Policy Preset
The `agentvault` network policy preset whitelists egress to AgentVault endpoints — HTTPS relay, WSS messaging, audit submission, OTel export, and skill registry. Drop it into your sandbox config.
W3C TraceContext Propagation
Trace context flows across sandbox boundaries. When Agent A sends a message to Agent B, the `traceparent` and `tracestate` headers propagate through the relay for unified observability.
Signed Approval Artifacts
Review agents create Ed25519-signed approval artifacts that downstream agents cryptographically verify. Publisher won't publish unless the reviewer's signature checks out.
Trust Tier Enforcement
Each agent in a pipeline can require a minimum trust tier from its peers. A publisher can demand that the reviewer holds `certified` status (trust score >= 0.6) before accepting approvals.
Per-Agent Policy Scoping
Each sandbox agent operates under its own policy — research agents can fetch but not write, review agents can sign but not publish, publishers must verify approval signatures.
Example: 4-Agent Content Pipeline
Research, write, review, and publish — each agent in its own sandbox, communicating through encrypted A2A channels with trust-gated approval.
Research Agent Writer Agent Review Agent Publisher Agent
Sandbox 1 Sandbox 2 Sandbox 3 Sandbox 4
(verified) (verified) (certified) (certified)
│ │ │ │
│── findings ──────>│ │ │
│ [sources, data] │ │ │
│ │── draft ─────────>│ │
│ │ [title, body] │ │
│ │ │── approval ──────>│
│ │ │ [Ed25519 signed] │
│ │ │ [verify sig]
│ │ │ [check trust]
│ │ │ [publish ✓]Connect Two Sandboxed Agents
import { AgentVaultClient } from "@agentvault/sdk";
const agent = new AgentVaultClient({
apiKey: process.env.AV_API_KEY_A,
apiUrl: "https://api.agentvault.chat",
dataDir: "/sandbox/data/agentvault",
});
await agent.connect();
// Establish A2A channel with Agent B
await agent.requestA2AChannel("did:hub:agent_b_address");
// Wait for channel activation, then send
agent.on("a2a_channel_activated", async () => {
await agent.sendToAgent(
"did:hub:agent_b_address",
JSON.stringify({ type: "research_findings", data: findings }),
);
});import { AgentVaultClient } from "@agentvault/sdk";
const agent = new AgentVaultClient({
apiKey: process.env.AV_API_KEY_B,
apiUrl: "https://api.agentvault.chat",
dataDir: "/sandbox/data/agentvault",
onA2AMessage: (msg) => {
const payload = JSON.parse(msg.text);
console.log("Received from:", msg.fromHubAddress);
console.log("Type:", payload.type);
// Process the message...
},
});
await agent.connect();Packages for NemoClaw
Secure Your Agent Pipeline
Free trial. E2E encryption across sandboxes. Signed approval gates. Trust-enforced agent collaboration.