NanoClaw Isolation & OneCLI Vault
Container boundary
- Filesystem: only explicit mounts
- Process: container processes should not own the host
- Often non-root agent user; ephemeral containers common
OneCLI Agent Vault
Credentials register with OneCLI. Containers route HTTPS through the vault gateway; real keys are injected at proxy time and should not appear in env/files//proc inside the agent. Policies and rate limits can be enforced per agent.
Egress lockdown
Advanced setups place agents on an internal Docker network with no general internet—OneCLI is the only hop. Non-proxy-aware tools will fail by design. Opt-in via env flags such as NANOCLAW_EGRESS_LOCKDOWN (verify current docs).
Docker Sandboxes / microVMs
Optional second kernel/VM boundary: agent containers inside lightweight microVMs so a container escape still lands in a disposable sandbox. Apple Container is mentioned as a macOS-native opt-in.
Cost & ops
Isolation costs RAM and Docker skill. Budget VPS for containers/microVMs; tokens still dominate LLM spend (cost playbook).
This column
Last updated: 2026-07-14 · Independent analysis on OpenClaw Roadmap. Verify features on each project’s official site/repo—this space moves fast.