Deployed this on our patient data processing pipeline. Default Open Claw agent sandbox allowed network egress and full filesystem write in the workspace. Unacceptable for HIPAA-covered entities.
Here's the hardened YAML. Key changes:
* Stripped network access except to specific internal API endpoints.
* Locked down filesystem to read-only for source data directories, no write except to a sealed, encrypted audit log directory.
* Explicitly denied all syscalls not in the allowlist, focusing on execution chain and file I/O.
```yaml
agent_sandbox:
name: "hipaa-restricted-processor"
base_profile: "strict"
network_policy:
allow_outbound: false
allowed_endpoints:
- "https://internal-api.healthcare.example.com:443/api/v1/validate"
allow_inbound: false
filesystem_policy:
workspace_access: "ro"
allowed_paths:
- path: "/mnt/secure_input/"
permissions: ["read"]
- path: "/mnt/audit_logs/"
permissions: ["append"]
block_absolute_paths: true
syscall_restrictions:
mode: "allowlist"
allowed:
- "read"
- "write"
- "openat"
- "close"
- "stat"
- "fstat"
- "connect" # For the single allowed network endpoint
denied:
- "execve"
- "fork"
- "socket"
- "bind"
- "accept"
runtime_constraints:
max_process_count: 5
disable_debuggers: true
```
Audit logs show this stopped three unexpected outbound connection attempts in the last month. Posting for critique. What's your baseline?