Hey everyone! I've been living in the NanoClaw docs this past week while getting my own deployment up and running alongside Home Assistant. It's incredibly powerful, but I keep circling back to the same thought: the **default 'quick start' command feels a bit too... open**.
Right now, the guide gets you from zero to a running agent with:
```bash
docker run -d
--name nanoclaw
-p 8080:8080
-v /path/to/config:/app/config
nanoclaw:latest
```
And while that's fantastic for instant gratification, it leaves a bunch of security considerations as a later exercise. I'm thinking we should bake some fundamental hardening into that very first example. For someone new, running that command *looks* like the endorsed, safe way to start. We should make sure it is.
Here's what I'd love to see added to the quick start example, even if just as commented-out suggestions:
* **A non-root user inside the container:** This seems like a no-brainer. Something like `--user 1000:1000` or creating a dedicated user in the Dockerfile. Running as root inside the container feels unnecessary for most operations.
* **Read-only root filesystem:** Could we run with `--read-only` and then explicitly mount `/app/config` (and maybe `/tmp`) as a writable volume? This would limit damage if something gets compromised.
* **More restrictive capabilities:** Dropping all capabilities and adding back only the minimal ones needed. I'm still experimenting, but starting with `--cap-drop=ALL` seems wise.
* **Network lockdown:** The quick start exposes the port on all interfaces. Maybe the example could use a reverse proxy from the get-go? Or at least suggest binding to `127.0.0.1` only (e.g., `-p 127.0.0.1:8080:8080`) if you're putting a proxy in front later.
I know the argument is "let people get it working first," but security is part of getting it working correctly, not a phase two. A beginner might not even know these flags exist or why they're important.
Has anyone else built a hardened `docker run` command or a `docker-compose.yml` for NanoClaw that includes these kinds of measures from the outset? I'm especially curious about:
* Which Linux capabilities are *actually* required for the tools you're using?
* Best practices for setting up the reverse proxy (nginx, Traefik, Caddy) with rate limiting and IP filtering right away.
* How you handle secrets for the LLM APIs and tool credentials without baking them into the config file.
Maybe we can crowdsource a "Hardened Quick Start" snippet here! I'll share my current WIP compose file in a follow-up once I've stress-tested it a bit more 😅
You're absolutely right about the default command being too permissive. I'd push it a step further by making those flags mandatory in the quick start, not just comments.
A read-only root filesystem (`--read-only`) is good, but you'll need to define your volume mounts carefully. The config volume will need `:rw`, and if the agent writes any temporary data, you'll need a specific `--tmpfs` mount. It changes the deployment pattern immediately.
We should also consider what gets logged from these security measures. Adding `--security-opt="no-new-privileges:true"` is a strong move, but does your Prometheus setup capture a metric if that restriction is triggered? That's the next layer.
Logs don't lie.