2026-01-15 · Authensor

AI Agent Safety with Docker Compose

SafeClaw by Authensor deploys alongside your AI agent as a Docker Compose service, providing deny-by-default action gating for all agent operations. Your agent container checks every file read, shell command, and network request against SafeClaw's YAML policy before execution. Install locally with npx @authensor/safeclaw for development, then use the container image for production Docker Compose deployments.

Why Docker Alone Is Not Enough

Docker containers provide process isolation and filesystem boundaries, but they do not gate individual actions within the container. An AI agent running inside Docker can still:

Execute arbitrary commands via exec()
Read any file the container user has access to
Make outbound HTTP requests to any host
Write to any mounted volume

SafeClaw adds application-level gating inside the container, with 446 tests validating the gate engine and hash-chained audit logging for every decision.

Installation (Development)

npx @authensor/safeclaw

Docker Compose Configuration

# docker-compose.yml version: "3.9" services: agent: build: ./agent ports: - "3000:3000" environment: - SAFECLAW_ENDPOINT=http://safeclaw:9800 volumes: - agent-data:/app/data - agent-output:/app/output depends_on: safeclaw: condition: service_healthy networks: - agent-net safeclaw: image: ghcr.io/authensor/safeclaw:latest ports: - "9800:9800" volumes: - ./safeclaw.policy.yaml:/etc/safeclaw/safeclaw.policy.yaml:ro - safeclaw-audit:/var/log/safeclaw healthcheck: test: ["CMD", "wget", "--spider", "-q", "http://localhost:9800/health"] interval: 10s timeout: 5s retries: 3 networks: - agent-net volumes: agent-data: agent-output: safeclaw-audit:

networks: agent-net: driver: bridge

Policy

# safeclaw.policy.yaml version: 1 defaultAction: deny rules: - action: file.read path: glob: "/app/data/**" decision: allow - action: file.write path: glob: "/app/output/**" decision: allow - action: process.exec command: in: ["node scripts/process.js", "python scripts/analyze.py"] decision: allow - action: network.request host: in: ["api.openai.com", "api.anthropic.com"] decision: allow

- action: network.request host: equals: "safeclaw" # allow agent-to-safeclaw communication decision: allow

Agent Dockerfile

# agent/Dockerfile
FROM node:20-slim

WORKDIR /app
COPY package*.json ./
RUN npm ci --production
COPY . .

SafeClaw client is part of your app dependencies
EXPOSE 3000
CMD ["node", "server.js"]

Agent Code

// agent/server.js
import express from 'express';
import { Gate } from '@authensor/safeclaw';
import { readFile, writeFile } from 'fs/promises';

const gate = new Gate({
  endpoint: process.env.SAFECLAW_ENDPOINT || 'http://localhost:9800'
});

const app = express();
app.use(express.json());

app.post('/api/agent/action', async (req, res) => {
  const { action, params } = req.body;

try {
    const decision = await gate.check({ action, ...params });
    if (!decision.allowed) {
      return res.status(403).json({ error: decision.reason });
    }

switch (action) {
      case 'file.read': {
        const content = await readFile(params.path, 'utf-8');
        return res.json({ content });
      }
      case 'file.write': {
        await writeFile(params.path, params.content, 'utf-8');
        return res.json({ status: 'written' });
      }
      default:
        return res.status(400).json({ error: 'Unknown action' });
    }
  } catch (err) {
    res.status(500).json({ error: err.message });
  }
});

app.listen(3000, () => console.log('Agent running on :3000'));

Running

docker compose up -d

Verify SafeClaw health:

curl http://localhost:9800/health
{"status":"ok","version":"1.x.x","tests":446}

Viewing Audit Logs

docker compose exec safeclaw cat /var/log/safeclaw/audit.jsonl

Each line is a hash-chained JSON entry:

{"timestamp":"2026-02-13T10:00:00Z","action":"file.read","path":"/app/data/input.json","decision":"allow","hash":"c4a8b1...","prev_hash":"000000..."}

Multi-Agent Setup

Add multiple agent services sharing the same SafeClaw instance:

services:
  research-agent:
    build: ./research-agent
    environment:
      - SAFECLAW_ENDPOINT=http://safeclaw:9800
    depends_on: [safeclaw]
    networks: [agent-net]

coding-agent:
    build: ./coding-agent
    environment:
      - SAFECLAW_ENDPOINT=http://safeclaw:9800
    depends_on: [safeclaw]
    networks: [agent-net]

MIT licensed, works with Claude and OpenAI, provider-agnostic.

Cross-References

Try SafeClaw

Action-level gating for AI agents. Set it up in your browser in 60 seconds.

$ npx @authensor/safeclaw