Summary
Remove the entire Docker sandbox infrastructure. RemoteClaw delegates execution to CLI agents (Claude Code, Gemini CLI, Codex CLI, OpenCode) which have their own native sandboxing. The Docker sandbox from OpenClaw's in-process execution model is dead code.
Prerequisite: Pi-embedded agent tools are already removed (#66).
What to Delete
Phase 1: Core Sandbox Directory
Delete the entire src/agents/sandbox/ directory (~39 files):
- Container management:
docker.ts, manage.ts, prune.ts, registry.ts, runtime-status.ts
- Filesystem:
fs-bridge.ts, fs-paths.ts, host-paths.ts, path-utils.ts, workspace.ts
- Browser sandbox:
browser.ts, browser-bridges.ts, novnc-auth.ts
- Config & hashing:
config.ts, config-hash.ts, hash.ts, constants.ts
- Security:
validate-sandbox-security.ts, sanitize-env-vars.ts, tool-policy.ts
- Networking:
network-mode.ts, bind-spec.ts
- Types:
types.ts, types.docker.ts, context.ts, shared.ts
- All associated test files (~13 tests)
Phase 2: Root-Level Sandbox Files
Delete sandbox-related files scattered across src/:
src/agents/ root (~20 files):
sandbox.ts (main entry point), sandbox-paths.ts, sandbox-media-paths.tssandbox-explain.ts, sandbox-tool-policy.ts- Associated tests:
sandbox.resolveSandboxContext.test.ts, sandbox-paths.test.ts,
sandbox-create-args.test.ts, sandbox-explain.test.ts, sandbox-merge.test.ts,
sandbox-agent-config.agent-specific-sandbox-config.test.ts,
pi-tools.sandbox-mounted-paths.workspace-only.test.ts
- Test helpers:
test-helpers/host-sandbox-fs-bridge.ts, test-helpers/pi-tools-sandbox-context.ts,
test-helpers/unsafe-mounted-sandbox.ts, test-helpers/sandbox-agent-config-fixtures.ts
src/cli/:
sandbox-cli.ts — sandbox CLI subcommand registration- Remove
sandbox entry from src/cli/program/register.subclis.ts
src/commands/ (~10 files):
sandbox.ts, sandbox.test.ts — main sandbox commandsandbox-explain.ts, sandbox-explain.test.ts — explain subcommandsandbox-formatters.ts, sandbox-formatters.test.ts — output formattingsandbox-display.ts — display subcommanddoctor-sandbox.ts, doctor-sandbox.warns-sandbox-enabled-without-docker.test.ts — health check
src/config/:
types.sandbox.ts — sandbox config typesconfig.sandbox-docker.test.ts — sandbox Docker config tests
src/auto-reply/:
reply/stage-sandbox-media.ts — sandbox media staging (dead without sandbox)stage-sandbox-media.test-harness.tsreply.triggers.trigger-handling.stages-inbound-media-into-sandbox-workspace.test.ts
Phase 3: Docker Infrastructure
Delete sandbox-only Docker files:
Dockerfile.sandbox — minimal sandbox imageDockerfile.sandbox-browser — VNC-based browser sandboxDockerfile.sandbox-common — developer sandbox basedocker-setup.sh — sandbox setup script.dockerignore — sandbox build optimization (review: may serve distribution too)
Delete sandbox E2E test infrastructure:
scripts/docker/install-sh-e2e/ (Dockerfile + run.sh)scripts/docker/install-sh-smoke/ (Dockerfile + run.sh)scripts/docker/install-sh-nonroot/ (Dockerfile + run.sh)scripts/docker/cleanup-smoke/ (Dockerfile + run.sh)
KEEP: Dockerfile (gateway distribution) and docker-compose.yml (gateway services) — these
are NOT sandbox-specific.
Phase 4: Import Cleanup (~15 MODIFY files)
Remove sandbox imports from surviving code:
src/agents/openclaw-tools.ts — remove SandboxFsBridge type importsrc/security/audit.ts, audit-extra.async.ts, audit-extra.sync.ts — remove sandbox path validationsrc/config/zod-schema.agent-runtime.ts — remove sandbox config schema sectionsrc/agents/tool-policy.test.ts — remove sandbox tool policy assertionssrc/agents/pi-tools.read.ts — remove sandbox path reading
DO NOT modify files that will be deleted in later work items:
src/agents/pi-embedded-runner/*.ts — deleted when the pi-embedded execution engine core is guttedsrc/agents/bash-tools.*.ts — deleted when bash/exec tools are gutted
Acceptance Criteria
Estimated Scale
~97 files deleted/modified. Large scope but mechanically straightforward — pure deletion with
targeted import cleanup.
Summary
Remove the entire Docker sandbox infrastructure. RemoteClaw delegates execution to CLI agents (Claude Code, Gemini CLI, Codex CLI, OpenCode) which have their own native sandboxing. The Docker sandbox from OpenClaw's in-process execution model is dead code.
Prerequisite: Pi-embedded agent tools are already removed (#66).
What to Delete
Phase 1: Core Sandbox Directory
Delete the entire
src/agents/sandbox/directory (~39 files):docker.ts,manage.ts,prune.ts,registry.ts,runtime-status.tsfs-bridge.ts,fs-paths.ts,host-paths.ts,path-utils.ts,workspace.tsbrowser.ts,browser-bridges.ts,novnc-auth.tsconfig.ts,config-hash.ts,hash.ts,constants.tsvalidate-sandbox-security.ts,sanitize-env-vars.ts,tool-policy.tsnetwork-mode.ts,bind-spec.tstypes.ts,types.docker.ts,context.ts,shared.tsPhase 2: Root-Level Sandbox Files
Delete sandbox-related files scattered across
src/:src/agents/root (~20 files):sandbox.ts(main entry point),sandbox-paths.ts,sandbox-media-paths.tssandbox-explain.ts,sandbox-tool-policy.tssandbox.resolveSandboxContext.test.ts,sandbox-paths.test.ts,sandbox-create-args.test.ts,sandbox-explain.test.ts,sandbox-merge.test.ts,sandbox-agent-config.agent-specific-sandbox-config.test.ts,pi-tools.sandbox-mounted-paths.workspace-only.test.tstest-helpers/host-sandbox-fs-bridge.ts,test-helpers/pi-tools-sandbox-context.ts,test-helpers/unsafe-mounted-sandbox.ts,test-helpers/sandbox-agent-config-fixtures.tssrc/cli/:sandbox-cli.ts— sandbox CLI subcommand registrationsandboxentry fromsrc/cli/program/register.subclis.tssrc/commands/(~10 files):sandbox.ts,sandbox.test.ts— main sandbox commandsandbox-explain.ts,sandbox-explain.test.ts— explain subcommandsandbox-formatters.ts,sandbox-formatters.test.ts— output formattingsandbox-display.ts— display subcommanddoctor-sandbox.ts,doctor-sandbox.warns-sandbox-enabled-without-docker.test.ts— health checksrc/config/:types.sandbox.ts— sandbox config typesconfig.sandbox-docker.test.ts— sandbox Docker config testssrc/auto-reply/:reply/stage-sandbox-media.ts— sandbox media staging (dead without sandbox)stage-sandbox-media.test-harness.tsreply.triggers.trigger-handling.stages-inbound-media-into-sandbox-workspace.test.tsPhase 3: Docker Infrastructure
Delete sandbox-only Docker files:
Dockerfile.sandbox— minimal sandbox imageDockerfile.sandbox-browser— VNC-based browser sandboxDockerfile.sandbox-common— developer sandbox basedocker-setup.sh— sandbox setup script.dockerignore— sandbox build optimization (review: may serve distribution too)Delete sandbox E2E test infrastructure:
scripts/docker/install-sh-e2e/(Dockerfile + run.sh)scripts/docker/install-sh-smoke/(Dockerfile + run.sh)scripts/docker/install-sh-nonroot/(Dockerfile + run.sh)scripts/docker/cleanup-smoke/(Dockerfile + run.sh)KEEP:
Dockerfile(gateway distribution) anddocker-compose.yml(gateway services) — theseare NOT sandbox-specific.
Phase 4: Import Cleanup (~15 MODIFY files)
Remove sandbox imports from surviving code:
src/agents/openclaw-tools.ts— removeSandboxFsBridgetype importsrc/security/audit.ts,audit-extra.async.ts,audit-extra.sync.ts— remove sandbox path validationsrc/config/zod-schema.agent-runtime.ts— remove sandbox config schema sectionsrc/agents/tool-policy.test.ts— remove sandbox tool policy assertionssrc/agents/pi-tools.read.ts— remove sandbox path readingDO NOT modify files that will be deleted in later work items:
src/agents/pi-embedded-runner/*.ts— deleted when the pi-embedded execution engine core is guttedsrc/agents/bash-tools.*.ts— deleted when bash/exec tools are guttedAcceptance Criteria
src/agents/sandbox/directory deleted (39 files)*sandbox*files insrc/agents/,src/commands/,src/cli/,src/config/deletedDockerfile.sandbox*(3 files) deleted; mainDockerfileanddocker-compose.ymlkeptscripts/docker/deletedsrc/auto-reply/deletedsandboxCLI subcommand deregistered fromregister.subclis.tspnpm buildpassesgrep -r "sandbox" src/shows zero references in surviving non-pi-embedded/non-bash-tools code(pi-embedded-runner and bash-tools files may still reference sandbox — they'll be deleted later)
Estimated Scale
~97 files deleted/modified. Large scope but mechanically straightforward — pure deletion with
targeted import cleanup.