Docker

One of the persistent headaches in agentic AI development has been environment fragmentation: your browser automation tool doesn’t share files with your shell executor, your MCP server runs separately, and stitching everything together burns more time than writing the agent itself. Agent-Infra’s AIO Sandbox solves this with a single Docker container that ships everything an AI agent needs — unified and pre-wired out of the box. What’s in the Box AIO Sandbox packs six capabilities into a single container: ...

AIO Sandbox from Agent-Infra packages everything an AI agent needs to operate — browser, shell, filesystem, MCP server, VSCode, and Jupyter — into a single Docker container. Here’s how to get it running in under 5 minutes. Prerequisites Docker installed and running (get Docker) Port 8080 available on your machine ~2GB free disk space for the container image Step 1: Pull and Run the Container docker run --security-opt seccomp=unconfined --rm -it -p 8080:8080 ghcr.io/agent-infra/sandbox:latest The --security-opt seccomp=unconfined flag is required for browser automation to work inside the container. The first run will pull the image (~1-2GB), subsequent starts are fast. ...

If you’re running AI agents in production and they have access to real tools — file systems, APIs, databases, external services — you have a security problem you may not have fully reckoned with yet. The problem: agents are not sandboxed by default. An agent that gets fed a malicious prompt (prompt injection), hallucinates a destructive command, or malfunctions can do real damage to your host system, your connected services, or your data. And most agent frameworks, even the good ones, don’t enforce OS-level isolation between the agent process and the machine it’s running on. ...

OpenClaw shipped v2026.3.13 early this morning, and it’s a meaningful release for anyone running browser automation, using OpenClaw on mobile, or hitting dashboard performance walls on heavy agentic runs. The headline feature is the Chrome DevTools Protocol (CDP) attach mode — a native integration that lets OpenClaw connect directly to a signed-in live Chrome session for real-time debugging and automation. That’s a significant capability addition: instead of spinning up an isolated browser profile, you can now attach to the Chrome instance you’re already using, complete with your active sessions, cookies, and extensions. ...

Running Claude Code in a Docker container isn’t just a development curiosity — it’s increasingly the recommended way to work with AI coding agents in a way that’s both powerful and secure. Docker published an official guide this week walking through the full workflow: local model execution with Docker Model Runner, real-world tool connections via MCP servers, and securing agent autonomy inside isolated sandboxes. This guide synthesizes that walkthrough into a practical tutorial for developers who want to get running quickly. ...

OpenClaw 2026.3.1 is out, and it’s a meaningful update — not just a bug-fix release. Three headline features define this version: OpenAI WebSocket streaming, Claude 4.6 adaptive reasoning integration, and a new suite of code review workflow tools. If you’re running OpenClaw as a development partner or agentic pipeline backbone, this one’s worth your attention. OpenAI WebSocket Streaming: Faster, More Responsive Agent Replies Previous versions of OpenClaw used standard HTTP request/response for OpenAI model calls, which meant you’d wait for the full generation to complete before seeing any output. 2026.3.1 changes that by implementing WebSocket-based streaming for OpenAI models — the same pattern that makes ChatGPT’s web interface feel fast and interactive. ...

If you’ve been running OpenClaw on your host machine and quietly wondering what happens if an agent goes sideways, NanoClaw is the answer you’ve been looking for. This guide walks you through the basics of setting up NanoClaw — the new containerized OpenClaw alternative from Gavriel Cohen — so your agents run with minimal permissions and your host system stays protected. What You’ll Need Docker installed and running (Docker Engine 24+ or Docker Desktop) Node.js 18+ (for the NanoClaw CLI) An existing OpenClaw config or familiarity with SOUL.md/USER.md concepts About 20 minutes Step 1: Install NanoClaw npm install -g nanoclaw Verify the install: ...

OpenClaw v2026.2.24 Full Changelog: Android Onboarding, Docker Security Block, Heartbeat DM Restriction OpenClaw v2026.2.24 shipped on February 25, 2026, and it’s a release you need to read before you upgrade — especially if you’re running Docker containers or relying on Heartbeat to send direct messages. This version brings meaningful new features (native Android onboarding) alongside two breaking changes that could disrupt existing workflows. Here’s everything you need to know. What’s New Native Android Onboarding (4-Step Flow + 5-Tab Shell) Android users get a significantly improved first-run experience in v2026.2.24. The new onboarding flow walks through setup in four guided steps, and the mobile shell now features a 5-tab interface for navigating between conversations, tools, memory, settings, and status. ...

If you’re running OpenClaw with browser control features, you need to patch GHSA-mr32-vwc2-5j6h today. This how-to walks you through the full process: checking your current version, verifying exposure, patching, and applying the new Docker network hardening from 2026.2.21. For the threat model and full vulnerability details, see the news article on GHSA-mr32-vwc2-5j6h. Here we focus on the practical steps. Step 1: Check Your Current Version openclaw --version If you see anything before 2026.2.21-1, you’re vulnerable. The patch was shipped in the -1 suffix release specifically for this CVE — 2026.2.21 alone is not sufficient. ...

OpenClaw’s 2026.2.21 release is one of the most feature-dense updates the project has shipped — and it arrived alongside a critical security patch that makes upgrading non-optional. Here’s a full breakdown of what’s new. Gemini 3.1 Support The headline feature: OpenClaw now supports Google Gemini 3.1 via the model alias google/gemini-3.1-pro-preview. This puts Gemini 3.1 on equal footing with Claude and other supported providers in the OpenClaw model routing layer. You can specify it in your agent config just like any other model: ...