2025-12-29 · Authensor

How to Deploy Safe AI Agents on Railway

SafeClaw by Authensor provides deny-by-default action gating for AI agents deployed on Railway. Every action your agent attempts — file writes, network calls, shell commands — is checked against your YAML policy before executing. SafeClaw works with Claude, OpenAI, and any supported LLM provider. Install with npx @authensor/safeclaw and deploy a safely gated agent on Railway in under ten minutes.

Prerequisites

Step 1 — Install SafeClaw

npx @authensor/safeclaw

This generates safeclaw.config.yaml with deny-by-default settings and integrates SafeClaw into your agent runtime. Zero external dependencies.

Step 2 — Define a Railway-Specific Policy

version: 1
defaultAction: deny


rules:
  - action: "file:read"
    path: "/app/**"
    effect: allow



- action: "file:write"
    path: "/tmp/**"
    effect: allow



- action: "network:request"
    host: "api.openai.com"
    effect: allow



- action: "network:request"
    host: "api.anthropic.com"
    effect: allow



- action: "network:request"
    host: "*.railway.internal"
    effect: allow
    reason: "Allow private networking between Railway services"



- action: "env:read"
    key: "DATABASE_URL"
    effect: deny
    reason: "Agent must not read database connection strings"



- action: "env:read"
    key: "RAILWAY_TOKEN"
    effect: deny
    reason: "Agent must not access Railway API token"



- action: "shell:execute"
    effect: deny
    reason: "Shell execution blocked in production"

Step 3 — Configure the Nixpacks Build

Railway uses Nixpacks to auto-detect and build your project. For Node.js projects, ensure your package.json includes a build step:

{
  "scripts": {
    "build": "npx @authensor/safeclaw",
    "start": "node agent.js"
  }
}

Railway runs npm run build during deployment, which initializes SafeClaw's policy, then npm start to launch the agent.

Step 4 — Use a Dockerfile (Alternative)

If you prefer explicit control over the build:

FROM node:20-slim
WORKDIR /app
COPY package*.json ./
RUN npm ci --production
COPY . .
RUN npx @authensor/safeclaw
CMD ["node", "agent.js"]

Set the Railway service to use a Dockerfile instead of Nixpacks in the service settings.

Step 5 — Protect Railway Environment Variables

Railway injects environment variables into every deploy. Your agent must not be able to exfiltrate these. SafeClaw blocks specific keys:

rules:
  - action: "env:read"
    key: "PGPASSWORD"
    effect: deny
  - action: "env:read"
    key: "REDIS_URL"
    effect: deny
  - action: "env:read"
    key: "RAILWAY_*"
    effect: deny
    reason: "Block all Railway platform variables"

Your application code accesses these variables at startup. SafeClaw only blocks the AI agent from accessing them during its action execution loop.

Step 6 — Leverage Railway Private Networking

Railway services communicate over a private network using *.railway.internal hostnames. Allow your agent to call internal services while blocking all other egress:

rules:
  - action: "network:request"
    host: "*.railway.internal"
    effect: allow


- action: "network:request"
    host: "api.openai.com"
    effect: allow



- action: "network:request"
    host: "api.anthropic.com"
    effect: allow

With defaultAction: deny, all other outbound network requests are blocked. The agent cannot exfiltrate data to arbitrary external endpoints.

Step 7 — Route Audit Logs

Configure SafeClaw to output the hash-chained audit trail to stdout:

audit:
  sink: stdout
  format: json

Railway captures stdout in its built-in log viewer. For long-term retention, connect Railway's log drain to a service like Datadog, Papertrail, or an S3 bucket.

Step 8 — Verify the Deployment

After deploying, verify the audit trail integrity:

railway run npx @authensor/safeclaw audit verify --last 50

SafeClaw's 446 tests cover policy evaluation, audit chain integrity, and edge cases across all deployment environments including containerized platforms like Railway.

Related Pages

Try SafeClaw

Action-level gating for AI agents. Set it up in your browser in 60 seconds.

$ npx @authensor/safeclaw