Overview
DefenseClaw's sandbox support is centered on OpenShell standalone mode. The Python CLI provisions the sandbox user, networking, OpenClaw config, and policy files; the Go gateway CLI provides systemd convenience commands for the running standalone services.
OpenShell standalone mode is Linux-only in the Python setup path. On macOS and Windows, use host mode plus the guardrail, scanners, firewall policy, and audit paths; see macOS fallback.
Why a sandbox
Even with the guardrail and scanners, an agent that can run code needs a narrower execution boundary. In the current source, DefenseClaw's owned boundary is the OpenShell standalone integration: sandbox user ownership, OpenShell policy management, network setup, and service lifecycle.
What DefenseClaw manages
- Ownership boundary —
defenseclaw sandbox initcreates or uses the sandbox user and moves OpenClaw ownership into the sandbox home. - Network setup —
defenseclaw sandbox setupwrites bridge/IP, DNS, guardrail, and OpenClaw gateway settings. - OpenShell policy — Go code loads and saves
defenseclaw-policy.yaml, and MCP enforcement can allow or deny endpoints in that policy. - Service lifecycle —
defenseclaw-gateway sandbox start|stop|restart|statuswraps systemd targets and services.
Quick start
See Install for the provisioning steps.
defenseclaw sandbox init
defenseclaw sandbox setup --policy permissive --non-interactive
defenseclaw-gateway sandbox status
defenseclaw-gateway sandbox exec python -c 'print("hi")'
Section map
| Page | Purpose |
|---|---|
| Install | Installing the binary and configuring standalone mode |
| Monitoring | Service health, OpenShell exits, and policy reload signals |
| Debugging | Debugging services, namespaces, and policy reload failures |
| Events | OpenShell lifecycle/error events and metrics |
| macOS fallback | Unsupported-platform behavior |