researchclaw-dedicated-container-for-experiment-sandboxing
AutoResearchClaw must run in a dedicated Docker container on oracle-network, not installed inside oracle-hermes or on the host. AutoResearchClaw executes generated experiment code (AST-validated) which must be sandboxed — merging into the Hermes container risks dependency conflicts and removes experiment isolation. The container uses Docker-in-Docker or host Docker socket for its own inner experiment sandbox containers.