autoresearchclaw-experiment-sandbox-requires-docker-isolation
AutoResearchClaw executes generated experiment code inside its pipeline — this MUST be sandboxed. The dedicated container approach (vs. installing inside oracle-hermes) is critical because experiment code execution in the same container as the orchestrator creates security risk. The researchclaw container uses Docker-in-Docker or host Docker socket for its own experiment sandbox containers.
Related
- researchclaw-requires-dedicated-container-not-hermes-install
- autoresearchclaw-requires-dedicated-container-for-sandbox
- researchclaw-dedicated-container-required-for-experiment-san
- autoresearchclaw-must-run-in-dedicated-container-for-sandbox
- autoresearchclaw-requires-dedicated-container-for-experiment
- researchclaw-requires-docker-isolation-not-host-install