Module 2: Security Model & Isolation
Harden isolation and verify with tests.
Commands are templates. Replace IDs, secrets and endpoints with your environment values.
Hands-on Steps (Directly Runnable)
Execute each command, capture output, then note issues and fixes.
Step 1: Enable isolated runtime
Run:
export NANOCLAW_SANDBOX=1\ndocker compose up -d
Copyable commands
export NANOCLAW_SANDBOX=1docker compose up -dStep 2: Run permission checks
Run:
nanoclaw doctor security\nnanoclaw policy validate
Copyable commands
nanoclaw doctor securitynanoclaw policy validateStep 3: Attempt blocked action test
Run:
nanoclaw exec --cmd 'curl http://169.254.169.254'\nExpected: blocked.
Copyable commands
nanoclaw exec --cmd 'curl http://169.254.169.254'Step 4: Review audit log
Run:
tail -n 200 logs/security-audit.log
Copyable commands
tail -n 200 logs/security-audit.log