researchclaw-must-run-in-dedicated-container-for-sandboxing
AutoResearchClaw MUST be deployed in a dedicated container (not installed inside oracle-hermes) because it executes generated experiment code at runtime, which requires Docker-level sandboxing to prevent security risks. Installing into oracle-hermes would also create dependency conflicts and violate the established oracle-network topology pattern where each capability is an isolated container.
Related
- autoresearchclaw-requires-dedicated-container-for-sandbox
- researchclaw-must-run-in-dedicated-container-for-experiment
- docker
- autoresearchclaw-must-run-in-isolated-container-not-hermes
- oracle-researchclaw-dedicated-container-rationale
- autoresearchclaw-dedicated-container-not-inside-hermes
- autoresearchclaw-must-run-in-dedicated-container-for-sandbox
- researchclaw-dedicated-container-oracle-network-topology
- researchclaw-dedicated-container-not-inside-hermes
- hostinger-kvm8-is-shared-cpu-plan
- docker-iptables-bypasses-ufw-docker-user-chain-required
- docker-iptables-bypasses-ufw-requires-docker-user-chain
- hostinger-cloud-firewall-is-upstream-gate-not-ufw