docs(support): align platform status with PRD and tested matrix

.agents/skills/nemoclaw-user-configure-inference/SKILL.md

@@ -22,6 +22,22 @@ OpenShell intercepts inference traffic on the host and forwards it to the provid
 Provider credentials stay on the host.
 The sandbox does not receive your API key.
 
+## Provider Status
+
+<!-- provider-status:begin -->
+| Provider | Status | Endpoint type | Notes |
+|----------|--------|---------------|-------|
+| NVIDIA Endpoints | Tested | OpenAI-compatible | Hosted models on integrate.api.nvidia.com |
+| OpenAI | Tested | Native OpenAI-compatible | Uses OpenAI model IDs |
+| Other OpenAI-compatible endpoint | Tested | Custom OpenAI-compatible | For compatible proxies and gateways |
+| Anthropic | Tested | Native Anthropic | Uses anthropic-messages |
+| Other Anthropic-compatible endpoint | Tested | Custom Anthropic-compatible | For Claude proxies and compatible gateways |
+| Google Gemini | Tested | OpenAI-compatible | Uses Google's OpenAI-compatible endpoint |
+| Local Ollama | Caveated | Local Ollama API | Available when Ollama is installed or running on the host |
+| Local NVIDIA NIM | Experimental | Local OpenAI-compatible | Requires `NEMOCLAW_EXPERIMENTAL=1` and a NIM-capable GPU |
+| Local vLLM | Experimental | Local OpenAI-compatible | Requires `NEMOCLAW_EXPERIMENTAL=1` and a server already running on `localhost:8000` |
+<!-- provider-status:end -->
+
 ## Provider Options
 
 The onboard wizard presents the following provider options by default.
@@ -54,15 +70,7 @@ For setup instructions, refer to Use a Local Inference Server (see the `nemoclaw
 NemoClaw validates the selected provider and model before creating the sandbox.
 If validation fails, the wizard returns to provider selection.
 
-| Provider type | Validation method |
-|---|---|
-| OpenAI | Tries `/responses` first, then `/chat/completions`. |
-| NVIDIA Endpoints | Tries `/responses` first with a tool-calling probe that matches OpenClaw behavior. Falls back to `/chat/completions` if the endpoint does not return a compatible tool call. |
-| Google Gemini | Tries `/responses` first with a tool-calling probe that matches OpenClaw behavior. Falls back to `/chat/completions` if the endpoint does not return a compatible tool call. |
-| Other OpenAI-compatible endpoint | Tries `/responses` first with a tool-calling probe that matches OpenClaw behavior. Falls back to `/chat/completions` if the endpoint does not return a compatible tool call. |
-| Anthropic-compatible | Tries `/v1/messages`. |
-| NVIDIA Endpoints (manual model entry) | Validates the model name against the catalog API. |
-| Compatible endpoints | Sends a real inference request because many proxies do not expose a `/models` endpoint. For OpenAI-compatible endpoints, the probe includes tool calling before NemoClaw favors `/responses`. |
+*Full details in `references/inference-options.md`.*
 
 ## Prerequisites
 

.agents/skills/nemoclaw-user-configure-inference/references/inference-options.md

@@ -13,6 +13,22 @@ OpenShell intercepts inference traffic on the host and forwards it to the provid
 Provider credentials stay on the host.
 The sandbox does not receive your API key.
 
+## Provider Status
+
+<!-- provider-status:begin -->
+| Provider | Status | Endpoint type | Notes |
+|----------|--------|---------------|-------|
+| NVIDIA Endpoints | Tested | OpenAI-compatible | Hosted models on integrate.api.nvidia.com |
+| OpenAI | Tested | Native OpenAI-compatible | Uses OpenAI model IDs |
+| Other OpenAI-compatible endpoint | Tested | Custom OpenAI-compatible | For compatible proxies and gateways |
+| Anthropic | Tested | Native Anthropic | Uses anthropic-messages |
+| Other Anthropic-compatible endpoint | Tested | Custom Anthropic-compatible | For Claude proxies and compatible gateways |
+| Google Gemini | Tested | OpenAI-compatible | Uses Google's OpenAI-compatible endpoint |
+| Local Ollama | Caveated | Local Ollama API | Available when Ollama is installed or running on the host |
+| Local NVIDIA NIM | Experimental | Local OpenAI-compatible | Requires `NEMOCLAW_EXPERIMENTAL=1` and a NIM-capable GPU |
+| Local vLLM | Experimental | Local OpenAI-compatible | Requires `NEMOCLAW_EXPERIMENTAL=1` and a server already running on `localhost:8000` |
+<!-- provider-status:end -->
+
 ## Provider Options
 
 The onboard wizard presents the following provider options by default.

.agents/skills/nemoclaw-user-reference/references/commands.md

@@ -83,7 +83,7 @@ Names must follow RFC 1123 subdomain rules: lowercase alphanumeric characters an
 Uppercase letters are automatically lowercased.
 
 Before creating the gateway, the wizard runs preflight checks.
-It verifies that Docker is reachable, warns on unsupported runtimes such as Podman, and prints host remediation guidance when prerequisites are missing.
+It verifies that Docker is reachable, warns on untested runtimes such as Podman, and prints host remediation guidance when prerequisites are missing.
 
 #### `--from <Dockerfile>`
 

.agents/skills/nemoclaw-user-reference/references/troubleshooting.md

@@ -113,8 +113,8 @@ If onboarding reports that Docker is missing or unreachable, fix Docker first an
 $ nemoclaw onboard
 ```
 
-If you are using Podman, NemoClaw warns and continues, but OpenShell officially documents Docker-based runtimes only.
-If onboarding or sandbox lifecycle fails, switch to Docker Desktop, Colima, or Docker Engine and rerun onboarding.
+Podman is not a tested runtime.
+If onboarding or sandbox lifecycle fails, switch to a tested runtime (Docker Desktop, Colima, or Docker Engine) and rerun onboarding.
 
 ### Invalid sandbox name
 
@@ -265,53 +265,6 @@ Use `--follow` to stream logs in real time while debugging.
 
 ## Podman
 
-### `open /dev/kmsg: operation not permitted`
-
-This error appears when the Podman machine is running in rootless mode.
-K3s kubelet requires `/dev/kmsg` access for its OOM watcher, which is not available in rootless containers.
-
-Switch the Podman machine to rootful mode and restart:
-
-```console
-$ podman machine stop
-$ podman machine set --rootful
-$ podman machine start
-```
-
-Then destroy and recreate the gateway:
-
-```console
-$ openshell gateway destroy --name nemoclaw
-$ nemoclaw onboard
-```
-
-### Image push timeout with Podman
-
-When creating a sandbox, the 1.5 GB sandbox image push into K3s may time out through Podman's API socket.
-This is a known limitation of the bollard Docker client's default timeout.
-
-Manually push the image using the Docker CLI, which has no such timeout:
-
-```console
-$ docker images --format '{{.Repository}}:{{.Tag}}' | grep sandbox-from
-$ docker save <IMAGE_NAME:TAG> | \
-    docker exec -i openshell-cluster-nemoclaw \
-    ctr -a /run/k3s/containerd/containerd.sock -n k8s.io images import -
-```
-
-After the import completes, create the sandbox manually:
-
-```console
-$ openshell sandbox create --name my-assistant --from <IMAGE_NAME:TAG>
-```
-
-### Podman machine resources
-
-The default Podman machine has 2 GB RAM, which is insufficient for the sandbox image push and K3s cluster overhead.
-Allocate at least 8 GB RAM and 4 CPUs:
-
-```console
-$ podman machine stop
-$ podman machine set --cpus 6 --memory 8192
-$ podman machine start
-```
+Podman is not a tested runtime.
+OpenShell officially documents Docker-based runtimes only.
+If you encounter issues with Podman, switch to a tested runtime (Docker Engine, Docker Desktop, or Colima) and rerun onboarding.

.github/workflows/pr.yaml

@@ -48,6 +48,9 @@ jobs:
       - name: Run basic checks
         uses: ./.github/actions/basic-checks
 
+      - name: Verify platform matrix is in sync
+        run: python3 scripts/generate-platform-docs.py --check
+
   sandbox-images-and-e2e:
     needs: [checks, changes]
     if: needs.changes.outputs.code == 'true'

.pre-commit-config.yaml

@@ -73,12 +73,20 @@ repos:
     hooks:
       - id: docs-to-skills
         name: Regenerate agent skills from docs
-        entry: bash -c 'python3 scripts/docs-to-skills.py docs/ .agents/skills/ --prefix nemoclaw && git add .agents/skills/'
+        entry: bash -c 'python3 scripts/docs-to-skills.py docs/ .agents/skills/ --prefix nemoclaw-user && git add .agents/skills/'
         language: system
         files: ^docs/.*\.md$
         pass_filenames: false
         priority: 4
 
+      - id: platform-matrix-sync
+        name: Sync platform matrix to docs
+        entry: bash -c 'python3 scripts/generate-platform-docs.py && git add README.md docs/get-started/quickstart.md docs/inference/inference-options.md'
+        language: system
+        files: ^(ci/platform-matrix\.json|README\.md|docs/get-started/quickstart\.md|docs/inference/inference-options\.md|scripts/generate-platform-docs\.py)$
+        pass_filenames: false
+        priority: 4
+
   # ── Priority 5: formatters ────────────────────────────────────────────────
   - repo: https://github.com/scop/pre-commit-shfmt
     rev: v3.12.0-2

README.md

@@ -54,7 +54,7 @@ The sandbox image is approximately 2.4 GB compressed. During image push, the Doc
 | Linux      | Ubuntu 22.04 LTS or later |
 | Node.js    | 22.16 or later |
 | npm        | 10 or later |
-| Container runtime | Supported runtime installed and running |
+| Container runtime | Tested runtime installed and running |
 | [OpenShell](https://github.com/NVIDIA/OpenShell) | Installed |
 
 #### OpenShell Lifecycle
@@ -64,13 +64,17 @@ Avoid `openshell self-update`, `npm update -g openshell`, `openshell gateway sta
 
 #### Container Runtimes
 
-| Platform | Supported runtimes | Notes |
-|----------|--------------------|-------|
-| Linux | Docker, Podman | Primary supported path. |
-| macOS (Apple Silicon) | Colima, Docker Desktop, Podman | Install Xcode Command Line Tools (`xcode-select --install`) and start the runtime before running the installer. |
-| macOS (Intel) | Colima, Docker Desktop | Podman on Intel macOS is not yet supported. |
-| Windows WSL | Docker Desktop (WSL backend) | Supported target path. |
-| DGX Spark | Docker | Use the standard installer and `nemoclaw onboard`. |
+The following table lists tested platform and runtime combinations.
+Availability is not limited to these entries, but untested configurations may have issues.
+
+<!-- platform-matrix:begin -->
+| Platform | Tested runtimes | Status | Notes |
+|----------|-----------------|--------|-------|
+| Linux | Docker | Tested | Primary tested path. |
+| macOS (Apple Silicon) | Colima, Docker Desktop | Caveated | Install Xcode Command Line Tools (`xcode-select --install`) and start the runtime before running the installer. |
+| DGX Spark | Docker | Tested | Use the standard installer and `nemoclaw onboard`. |
+| Windows WSL2 | Docker Desktop (WSL backend) | Caveated | Requires WSL2 with Docker Desktop backend. |
+<!-- platform-matrix:end -->
 
 ### Install NemoClaw and Onboard OpenClaw Agent
 

ci/platform-matrix.json

@@ -0,0 +1,104 @@
+{
+  "$comment": "Single source of truth for tested platforms and providers. Scripts read this to generate README and docs tables. QA/CI update this file; docs are derived.",
+  "version": "1.0",
+  "updated": "2026-04-08",
+
+  "statuses": {
+    "tested": "Validated by CI/QA. Primary path.",
+    "caveated": "Works with known limitations.",
+    "experimental": "Requires NEMOCLAW_EXPERIMENTAL=1.",
+    "deferred": "Planned but not yet validated."
+  },
+
+  "platforms": [
+    {
+      "name": "Linux",
+      "runtimes": ["Docker"],
+      "status": "tested",
+      "prd_priority": "P0",
+      "ci_tested": true,
+      "notes": "Primary tested path."
+    },
+    {
+      "name": "macOS (Apple Silicon)",
+      "runtimes": ["Colima", "Docker Desktop"],
+      "status": "caveated",
+      "prd_priority": "P0",
+      "ci_tested": true,
+      "notes": "Install Xcode Command Line Tools (`xcode-select --install`) and start the runtime before running the installer."
+    },
+    {
+      "name": "DGX Spark",
+      "runtimes": ["Docker"],
+      "status": "tested",
+      "prd_priority": "P1",
+      "ci_tested": true,
+      "notes": "Use the standard installer and `nemoclaw onboard`."
+    },
+    {
+      "name": "Windows WSL2",
+      "runtimes": ["Docker Desktop (WSL backend)"],
+      "status": "caveated",
+      "prd_priority": "P1",
+      "ci_tested": false,
+      "notes": "Requires WSL2 with Docker Desktop backend."
+    }
+  ],
+
+  "providers": [
+    {
+      "name": "NVIDIA Endpoints",
+      "status": "tested",
+      "endpoint_type": "OpenAI-compatible",
+      "notes": "Hosted models on integrate.api.nvidia.com"
+    },
+    {
+      "name": "OpenAI",
+      "status": "tested",
+      "endpoint_type": "Native OpenAI-compatible",
+      "notes": "Uses OpenAI model IDs"
+    },
+    {
+      "name": "Other OpenAI-compatible endpoint",
+      "status": "tested",
+      "endpoint_type": "Custom OpenAI-compatible",
+      "notes": "For compatible proxies and gateways"
+    },
+    {
+      "name": "Anthropic",
+      "status": "tested",
+      "endpoint_type": "Native Anthropic",
+      "notes": "Uses anthropic-messages"
+    },
+    {
+      "name": "Other Anthropic-compatible endpoint",
+      "status": "tested",
+      "endpoint_type": "Custom Anthropic-compatible",
+      "notes": "For Claude proxies and compatible gateways"
+    },
+    {
+      "name": "Google Gemini",
+      "status": "tested",
+      "endpoint_type": "OpenAI-compatible",
+      "notes": "Uses Google's OpenAI-compatible endpoint"
+    },
+    {
+      "name": "Local Ollama",
+      "status": "caveated",
+      "endpoint_type": "Local Ollama API",
+      "notes": "Available when Ollama is installed or running on the host"
+    },
+    {
+      "name": "Local NVIDIA NIM",
+      "status": "experimental",
+      "endpoint_type": "Local OpenAI-compatible",
+      "notes": "Requires `NEMOCLAW_EXPERIMENTAL=1` and a NIM-capable GPU"
+    },
+    {
+      "name": "Local vLLM",
+      "status": "experimental",
+      "endpoint_type": "Local OpenAI-compatible",
+      "notes": "Requires `NEMOCLAW_EXPERIMENTAL=1` and a server already running on `localhost:8000`"
+    }
+  ]
+}

docs/get-started/quickstart.md

@@ -52,7 +52,7 @@ The sandbox image is approximately 2.4 GB compressed. During image push, the Doc
 | Linux      | Ubuntu 22.04 LTS or later |
 | Node.js    | 22.16 or later |
 | npm        | 10 or later |
-| Container runtime | Supported runtime installed and running |
+| Container runtime | Tested runtime installed and running |
 | [OpenShell](https://github.com/NVIDIA/OpenShell) | Installed |
 
 :::{warning} OpenShell lifecycle
@@ -62,13 +62,17 @@ Avoid `openshell self-update`, `npm update -g openshell`, `openshell gateway sta
 
 ### Container Runtimes
 
-| Platform | Supported runtimes | Notes |
-|----------|--------------------|-------|
-| Linux | Docker | Primary supported path. |
-| macOS (Apple Silicon) | Colima, Docker Desktop | Install Xcode Command Line Tools (`xcode-select --install`) and start the runtime before running the installer. |
-| macOS (Intel) | Docker Desktop | Start the runtime before running the installer. |
-| Windows WSL | Docker Desktop (WSL backend) | Supported target path. |
-| DGX Spark | Docker | Use the standard installer and `nemoclaw onboard`. |
+The following table lists tested platform and runtime combinations.
+Availability is not limited to these entries, but untested configurations may have issues.
+
+<!-- platform-matrix:begin -->
+| Platform | Tested runtimes | Status | Notes |
+|----------|-----------------|--------|-------|
+| Linux | Docker | Tested | Primary tested path. |
+| macOS (Apple Silicon) | Colima, Docker Desktop | Caveated | Install Xcode Command Line Tools (`xcode-select --install`) and start the runtime before running the installer. |
+| DGX Spark | Docker | Tested | Use the standard installer and `nemoclaw onboard`. |
+| Windows WSL2 | Docker Desktop (WSL backend) | Caveated | Requires WSL2 with Docker Desktop backend. |
+<!-- platform-matrix:end -->
 
 ## Install NemoClaw and Onboard OpenClaw Agent
 

docs/inference/inference-options.md

@@ -35,6 +35,22 @@ OpenShell intercepts inference traffic on the host and forwards it to the provid
 Provider credentials stay on the host.
 The sandbox does not receive your API key.
 
+## Provider Status
+
+<!-- provider-status:begin -->
+| Provider | Status | Endpoint type | Notes |
+|----------|--------|---------------|-------|
+| NVIDIA Endpoints | Tested | OpenAI-compatible | Hosted models on integrate.api.nvidia.com |
+| OpenAI | Tested | Native OpenAI-compatible | Uses OpenAI model IDs |
+| Other OpenAI-compatible endpoint | Tested | Custom OpenAI-compatible | For compatible proxies and gateways |
+| Anthropic | Tested | Native Anthropic | Uses anthropic-messages |
+| Other Anthropic-compatible endpoint | Tested | Custom Anthropic-compatible | For Claude proxies and compatible gateways |
+| Google Gemini | Tested | OpenAI-compatible | Uses Google's OpenAI-compatible endpoint |
+| Local Ollama | Caveated | Local Ollama API | Available when Ollama is installed or running on the host |
+| Local NVIDIA NIM | Experimental | Local OpenAI-compatible | Requires `NEMOCLAW_EXPERIMENTAL=1` and a NIM-capable GPU |
+| Local vLLM | Experimental | Local OpenAI-compatible | Requires `NEMOCLAW_EXPERIMENTAL=1` and a server already running on `localhost:8000` |
+<!-- provider-status:end -->
+
 ## Provider Options
 
 The onboard wizard presents the following provider options by default.

docs/reference/commands.md

@@ -107,7 +107,7 @@ Names must follow RFC 1123 subdomain rules: lowercase alphanumeric characters an
 Uppercase letters are automatically lowercased.
 
 Before creating the gateway, the wizard runs preflight checks.
-It verifies that Docker is reachable, warns on unsupported runtimes such as Podman, and prints host remediation guidance when prerequisites are missing.
+It verifies that Docker is reachable, warns on untested runtimes such as Podman, and prints host remediation guidance when prerequisites are missing.
 
 #### `--from <Dockerfile>`