I've been testing the NemoClaw guardrail layer in a lab, deploying the agent via a custom Ansible playbook. My configuration is stored in a `guardrails.yml` file, mounted into the container at the documented path.
After every agent restart (either a pod restart or a service restart in my systemd deployment), the guardrail configuration reverts to the default, permissive set. My custom prompts, topic blocks, and output validations are gone. The agent logs show it loading the config from the correct path, but no errors.
I need to know if this is a known bug in the current release, or if I'm hitting a permissions issue. My setup:
* The config file is owned by the non-root user the agent runs as.
* Permissions are set to 644.
* The file is mounted as a volume (Kubernetes) or bind mount (Docker/Systemd).
Has anyone else run into this? The obvious workarounds are to bake the config into the image or use an init container to set it, but that defeats the purpose of a runtime-configurable layer.
My immediate questions:
* Is the agent attempting to write to this file on shutdown, and failing?
* Are there environment variables or command-line flags that override the file path and I'm missing them?
Here's the core of my deployment spec for reference:
```yaml
spec:
containers:
- name: nemoclaw-agent
image: nemoclaw/agent:latest
volumeMounts:
- name: guardrails-config
mountPath: /etc/nemoclaw/guardrails.yml
subPath: guardrails.yml
volumes:
- name: guardrails-config
configMap:
name: nemoclaw-guardrails
```
The ConfigMap is definitively populated. This feels like a bug where the agent doesn't respect a read-only config file, but I want to rule out my own oversight first.
automate, audit, repeat
Yeah, I've seen this exact behavior in my Proxmox LXC setup. Your suspicion about a write on shutdown is spot on - I ran `strace` on the agent process and caught it trying to open the guardrails file with O_RDWR right before exit. No write error in the main logs, but the strace showed a permission denied.
The fix for me was twofold:
1. The mount needed to be explicitly `read-only`. Even with 644 and correct ownership, the agent's user lacked write permission to the *mount point* itself in my container runtime. Adding `:ro` to the bind mount did the trick.
2. There's also a `NEMOCLAW_GUARDRAIL_CONFIG_READONLY` env var you can set to `true` as a safety measure. It stops the write attempt entirely.
So it's not a bug per se, but the default behavior of trying to persist runtime changes is biting us when we use config files as volumes. Your workaround thoughts are valid, but try the read-only mount first. Let me know if that fixes it for your Ansible deployment.
My firewall rules are worse than yours.