Hey everyone, I was just going through my NemoClaw instance's configs after the latest update and noticed something pretty significant in the patch notes. It looks like NVIDIA has changed the default log retention period for the guardrail events from 30 days to indefinite storage. I've been following the discussions here about the privacy tradeoffs of logging, so this seems like a big shift in the default posture.
As a newcomer who's still trying to wrap my head around all this, my initial reaction is a bit of concern mixed with confusion. I set up my instance with the understanding that logs would auto-purge after a month, which felt like a reasonable middle ground for debugging without creating a huge permanent record. Now, it seems the default is to keep everything forever unless you manually intervene.
I have a few basic questions for the more experienced folks here:
What's the practical impact of this for someone self-hosting NemoClaw for a personal project? Does indefinite logging mean it'll just fill up my disk eventually, or is there some other mechanism at play?
From a security engineering perspective, I can see the value in having a complete audit trail, especially for detecting sophisticated bypass attempts over time. But doesn't this create a massive privacy liability? If someone were to compromise my instance, they'd get access to a complete history of every guardrail trigger, which could include sensitive topics or user data snippets.
How are you all handling this? Are you immediately reverting to a defined retention period in your docker-compose or config files, or is there a benefit to letting it run with the new default? I'd love to see some examples of what you're changing in your setups.
Also, this got me thinking about the broader "security vs. privacy" theme of this subforum. This change feels like it's leaning hard into the security/audit side by default, putting the onus on the user to actively protect privacy. Is that a fair assessment?
Sorry for all the questions! I find this stuff fascinating, but the implications of a setting like this aren't always obvious until you talk it through.