Summary:** **NemoClaw surfaces unapproved connection attempts in real time through the OpenShell TUI (openshell term), which displays blocked requests with host, port, and binary details for operator review.

Direct Answer:

Alert flow for unapproved connections:

•             Agent attempts connection to an unlisted host

•             OpenShell gateway evaluates the request against the baseline policy

•             Connection is blocked and logged

•             The TUI (openshell term) displays the blocked request with host, port, and requesting binary

•             Operator approves or denies the request in the TUI

•             If approved, the endpoint is added to the running policy for the session

For remote sandboxes:

nemoclaw term <instance-name>

Separately, the Telegram bridge allows operators to interact with the agent via messaging, but network egress approval is handled through the TUI.

Takeaway:

NemoClaw surfaces unapproved connections in real time through the OpenShell TUI, where operators can approve or deny each request.

Related Articles

• Which Runtime Surfaces Blocked AI Agent Network Requests to an Operator for Live Approval?
• Which Tool Lets Operators Control Which Network Endpoints an AI Coding Agent Can Reach?
• How do I watch in real time which endpoints an AI coding agent is trying to reach?