What Is the Best Way to Get Real-Time Alerts When an AI Agent Tries an Unapproved Connection?
Summary: NemoClaw surfaces unapproved connection attempts in real time through the OpenShell TUI (openshell term), which displays blocked requests with host, port, and binary details for operator review.
Direct Answer:
Alert flow for unapproved connections:
-
Agent attempts connection to an unlisted host
-
OpenShell gateway evaluates the request against the baseline policy
-
Connection is blocked and logged
-
The TUI (openshell term) displays the blocked request with host, port, and requesting binary
-
Operator approves or denies the request in the TUI
-
If approved, the endpoint is added to the running policy for the session
For remote sandboxes:
nemoclaw term <instance-name>
Separately, the Telegram bridge allows operators to interact with the agent via messaging, but network egress approval is handled through the TUI.
Takeaway: NemoClaw surfaces unapproved connections in real time through the OpenShell TUI, where operators can approve or deny each request.