Container Isolation
Every Alpha Agent workspace runs in its own hardened Docker container. No user can access another user's data, processes, or network.
Read-only filesystem
Containers run with a read-only root filesystem. Only specific directories (/tmp, workspace data) are writable via tmpfs mounts. This prevents any runtime modifications to the container's system files.
No-new-privileges
The no-new-privileges security option prevents processes inside the container from gaining additional privileges through setuid binaries or other privilege escalation mechanisms.
Resource limits
Each container has strict CPU and memory limits. A single user cannot consume all system resources or affect other users' performance. Limits are enforced by Docker's cgroup integration.
Network isolation
Containers run in isolated Docker networks. Inter-container communication is blocked. Each container only exposes its own internal port, accessible only through the host's Nginx reverse proxy.
Nested sandbox
Within each container, the OpenClaw runtime applies its own sandboxing layer. User-deployed skills and apps run in a further restricted environment, preventing them from accessing the host container's configuration or secrets.