the universal sandbox runtime for agents and humans. pocketenv.io
sandbox openclaw agent claude-code vercel-sandbox deno-sandbox cloudflare-sandbox atproto sprites daytona
7
fork

Configure Feed

Select the types of activity you want to include in your feed.

Add nanoclaw sandbox deployment

+291
+1
.github/workflows/deploy.yml
··· 33 33 picoclaw, 34 34 zeroclaw, 35 35 wasmer, 36 + nanoclaw, 36 37 ] 37 38 steps: 38 39 - name: Checkout repository
+1
apps/api/src/cloudflare.ts
··· 18 18 pkgx: "https://pkgx.pocketenv.io", 19 19 zeroclaw: "https://zeroclaw.pocketenv.io", 20 20 wasmer: "https://wasmer.pocketenv.io", 21 + nanoclaw: "https://nanoclaw.pocketenv.io", 21 22 };
+148
apps/cf-sandbox/deploy/nanoclaw/Dockerfile
··· 1 + FROM codercom/code-server:latest 2 + 3 + ARG TARGETARCH 4 + 5 + USER root 6 + 7 + RUN apt-get update && apt-get install -y --no-install-recommends \ 8 + bash \ 9 + curl \ 10 + s3fs \ 11 + unzip \ 12 + git \ 13 + fontconfig \ 14 + python3 \ 15 + make \ 16 + g++ \ 17 + pkg-config \ 18 + libstdc++-12-dev \ 19 + libicu-dev \ 20 + zlib1g \ 21 + libffi-dev \ 22 + libssl-dev \ 23 + openssl \ 24 + ca-certificates \ 25 + tzdata \ 26 + build-essential \ 27 + libkrb5-dev \ 28 + uidmap \ 29 + fuse-overlayfs \ 30 + dbus-user-session \ 31 + sudo \ 32 + tmux \ 33 + gawk \ 34 + sed \ 35 + procps \ 36 + wget \ 37 + locales-all \ 38 + gnupg \ 39 + && rm -rf /var/lib/apt/lists/* \ 40 + && echo "coder ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/coder 41 + 42 + ENV LC_ALL en_US.UTF-8 43 + ENV LANG en_US.UTF-8 44 + ENV LANGUAGE en_US.UTF-8 45 + 46 + RUN curl -fsSL https://get.docker.com | sh && \ 47 + apt-get install -y --no-install-recommends docker-ce-rootless-extras && \ 48 + rm -rf /var/lib/apt/lists/* 49 + 50 + RUN usermod -aG docker coder 51 + 52 + COPY --from=docker.io/cloudflare/sandbox:0.7.8 /container-server/sandbox /sandbox 53 + 54 + RUN mkdir -p /home/coder && \ 55 + printf '#!/bin/sh\n\ 56 + set -eu\n\ 57 + sudo dockerd --iptables=false --ip6tables=false &\n\ 58 + until docker version >/dev/null 2>&1; do sleep 0.2; done\n\ 59 + echo "Docker is ready"\n\ 60 + wait\n' > /home/coder/boot-docker-for-dind.sh && chmod +x /home/coder/boot-docker-for-dind.sh 61 + 62 + COPY banner.sh /usr/bin 63 + 64 + RUN chmod a+x /usr/bin/banner.sh 65 + 66 + COPY --from=docker.io/library/node:24 /usr/local/bin/node /usr/local/bin/node 67 + 68 + COPY --from=docker.io/library/node:24 /usr/local/include /usr/local/include 69 + 70 + COPY --from=docker.io/library/node:24 /usr/local/lib/node_modules /usr/local/lib/node_modules 71 + 72 + RUN printf '#!/bin/sh\nexec node /usr/local/lib/node_modules/npm/bin/npm-cli.js "$@"\n' > /usr/local/bin/npm && \ 73 + printf '#!/bin/sh\nexec node /usr/local/lib/node_modules/npm/bin/npx-cli.js "$@"\n' > /usr/local/bin/npx && \ 74 + chmod +x /usr/local/bin/npm /usr/local/bin/npx 75 + 76 + RUN curl -fsSL https://github.com/ryanoasis/nerd-fonts/releases/download/v3.4.0/CascadiaMono.zip -o /tmp/CascadiaMono.zip && \ 77 + mkdir -p /usr/share/fonts && \ 78 + unzip -o /tmp/CascadiaMono.zip -d /usr/share/fonts/CascadiaMono && \ 79 + fc-cache -fv 80 + 81 + USER coder 82 + 83 + RUN curl https://mise.run | sh && \ 84 + curl https://pkgx.sh | sh 85 + 86 + RUN curl -s https://ohmyposh.dev/install.sh | bash -s && \ 87 + curl -s https://raw.githubusercontent.com/JanDeDobbeleer/oh-my-posh/refs/heads/main/themes/tokyonight_storm.omp.json | tee ~/.tokyonight_storm.omp.json >/dev/null && \ 88 + echo 'eval "$(oh-my-posh init bash --config ~/.tokyonight_storm.omp.json)"' >> ~/.bashrc 89 + 90 + RUN case "${TARGETARCH}" in \ 91 + amd64) EZA_ARCH="x86_64-unknown-linux-musl" ;; \ 92 + arm64) EZA_ARCH="aarch64-unknown-linux-musl" ;; \ 93 + *) echo "Unsupported arch: ${TARGETARCH}" && exit 1 ;; \ 94 + esac && \ 95 + wget -qO /tmp/eza.tar.gz "https://github.com/eza-community/eza/releases/latest/download/eza_${EZA_ARCH}.tar.gz" && \ 96 + tar -xzf /tmp/eza.tar.gz -C ~/.local/bin && \ 97 + chmod +x ~/.local/bin/eza && \ 98 + rm /tmp/eza.tar.gz && \ 99 + echo 'alias ls="eza -l"' >> ~/.bashrc 100 + 101 + RUN curl -sLf --retry 3 --tlsv1.2 --proto "=https" 'https://packages.doppler.com/public/cli/gpg.DE2A7741A397C129.key' | gpg --dearmor | sudo tee /etc/apt/keyrings/doppler.gpg >/dev/null \ 102 + && echo "deb [signed-by=/etc/apt/keyrings/doppler.gpg] https://packages.doppler.com/public/cli/deb/debian any-version main" | sudo tee /etc/apt/sources.list.d/doppler-cli.list \ 103 + && sudo apt-get update && sudo apt-get install -y doppler && doppler --version 104 + 105 + RUN curl -fsSL https://tailscale.com/install.sh | sh 106 + 107 + RUN git clone --recursive --depth 1 --shallow-submodules https://github.com/akinomyoga/ble.sh.git && \ 108 + mkdir -p ~/.local && \ 109 + make -C ble.sh install PREFIX=/home/coder/.local && \ 110 + rm -rf ble.sh && \ 111 + echo 'export LANG=en_US.UTF-8' >> ~/.bashrc && \ 112 + echo 'source -- ~/.local/share/blesh/ble.sh' >> ~/.bashrc 113 + 114 + RUN curl --proto '=https' --tlsv1.2 -LsSf https://setup.atuin.sh | sh && \ 115 + echo 'export PATH=$PATH:$HOME/.deno/bin:$HOME/.atuin/bin:$HOME/.local/bin:$HOME/.npm-global/bin' >> ~/.bashrc && \ 116 + echo 'eval "$(atuin init bash)"' >> ~/.bashrc || true 117 + 118 + RUN mkdir -p ~/.npm-global && npm config set prefix "~/.npm-global" 119 + 120 + ENV PATH "/root/.deno/bin:/home/coder/.local/bin:/home/coder/.npm-global/bin:${PATH}" 121 + 122 + RUN npm install -g @anthropic-ai/claude-code pm2 123 + 124 + RUN curl -fsSL https://deno.land/install.sh | sh 125 + 126 + RUN curl -fsSL https://bun.sh/install | bash 127 + 128 + RUN code-server --install-extension bastndev.lynx-theme --force && \ 129 + touch ~/.vscode-setup-done 130 + 131 + RUN wget -qO /tmp/zoxide.tar.gz https://github.com/ajeetdsouza/zoxide/releases/download/v0.9.9/zoxide-0.9.9-x86_64-unknown-linux-musl.tar.gz && \ 132 + tar -xzf /tmp/zoxide.tar.gz -C ~/.local/bin zoxide && \ 133 + chmod +x ~/.local/bin/zoxide && \ 134 + rm /tmp/zoxide.tar.gz && \ 135 + echo 'eval "$(zoxide init bash)"' >> ~/.bashrc 136 + 137 + WORKDIR /workspace 138 + 139 + RUN git clone https://github.com/qwibitai/nanoclaw.git 140 + 141 + ENV COMMAND_TIMEOUT_MS 300000 142 + 143 + EXPOSE 8080 144 + EXPOSE 3000/tcp 145 + 146 + ENTRYPOINT ["/sandbox"] 147 + 148 + CMD ["/home/coder/boot-docker-for-dind.sh"]
+30
apps/cf-sandbox/deploy/nanoclaw/banner.sh
··· 1 + #!/usr/bin/env bash 2 + 3 + readonly MAGENTA="$(tput setaf 5 2>/dev/null || echo '')" 4 + readonly GREEN="$(tput setaf 2 2>/dev/null || echo '')" 5 + readonly CYAN="$(tput setaf 6 2>/dev/null || echo '')" 6 + readonly NEON="$(tput setaf 50 2>/dev/null || echo '')" 7 + readonly NO_COLOR="$(tput sgr0 2>/dev/null || echo '')" 8 + 9 + cat << EOF 10 + ${NEON} 11 + ██████╗ ██████╗ ██████╗██╗ ██╗███████╗████████╗███████╗███╗ ██╗██╗ ██╗ 12 + ██╔══██╗██╔═══██╗██╔════╝██║ ██╔╝██╔════╝╚══██╔══╝██╔════╝████╗ ██║██║ ██║ 13 + ██████╔╝██║ ██║██║ █████╔╝ █████╗ ██║ █████╗ ██╔██╗ ██║██║ ██║ 14 + ██╔═══╝ ██║ ██║██║ ██╔═██╗ ██╔══╝ ██║ ██╔══╝ ██║╚██╗██║╚██╗ ██╔╝ 15 + ██║ ╚██████╔╝╚██████╗██║ ██╗███████╗ ██║ ███████╗██║ ╚████║ ╚████╔╝ 16 + ╚═╝ ╚═════╝ ╚═════╝╚═╝ ╚═╝╚══════╝ ╚═╝ ╚══════╝╚═╝ ╚═══╝ ╚═══╝ 17 + ${NO_COLOR} 18 + 19 + ╭─────────────────────────────────────────────────────────────╮ 20 + │ This environment is ephemeral. │ 21 + │ What you build here lives fast and dies clean. │ 22 + │ │ 23 + │ Break systems. │ 24 + │ Spawn agents. │ 25 + │ Ship experiments. │ 26 + ╰─────────────────────────────────────────────────────────────╯ 27 + 28 + Happy hacking! 🎉 29 + 30 + EOF
+109
apps/cf-sandbox/deploy/nanoclaw/wrangler.jsonc
··· 1 + /** 2 + * For more details on how to configure Wrangler, refer to: 3 + * https://developers.cloudflare.com/workers/wrangler/configuration/ 4 + */ 5 + /** 6 + * For more details on how to configure Wrangler, refer to: 7 + * https://developers.cloudflare.com/workers/wrangler/configuration/ 8 + */ 9 + { 10 + "$schema": "node_modules/wrangler/config-schema.json", 11 + "name": "nanoclaw", 12 + "main": "src/index.ts", 13 + "compatibility_date": "2025-05-06", 14 + "compatibility_flags": ["nodejs_compat"], 15 + "observability": { 16 + "enabled": true, 17 + }, 18 + /** 19 + * Smart Placement 20 + * Docs: https://developers.cloudflare.com/workers/configuration/smart-placement/#smart-placement 21 + */ 22 + // "placement": { "mode": "smart" } 23 + /** 24 + * Bindings 25 + * Bindings allow your Worker to interact with resources on the Cloudflare Developer Platform, including 26 + * databases, object storage, AI inference, real-time communication and more. 27 + * https://developers.cloudflare.com/workers/runtime-apis/bindings/ 28 + */ 29 + /** 30 + * Environment Variables 31 + * https://developers.cloudflare.com/workers/wrangler/configuration/#environment-variables 32 + */ 33 + // "vars": { "MY_VARIABLE": "production_value" } 34 + "vars": { 35 + "SANDBOX_TRANSPORT": "websocket", 36 + "VOLUME_BUCKET": "pocketenv-volumes", 37 + "PREVIEW_TOKEN": "nanoclaw", 38 + }, 39 + /** 40 + * Note: Use secrets to store sensitive data. 41 + * https://developers.cloudflare.com/workers/configuration/secrets/ 42 + */ 43 + /** 44 + * Static Assets 45 + * https://developers.cloudflare.com/workers/static-assets/binding/ 46 + */ 47 + // "assets": { "directory": "./public/", "binding": "ASSETS" } 48 + /** 49 + * Service Bindings (communicate between multiple Workers) 50 + * https://developers.cloudflare.com/workers/wrangler/configuration/#service-bindings 51 + */ 52 + // "services": [{ "binding": "MY_SERVICE", "service": "my-service" }] 53 + "containers": [ 54 + { 55 + "class_name": "Sandbox", 56 + "image": "./Dockerfile", 57 + "instance_type": "standard-3", 58 + "max_instances": 20, 59 + }, 60 + ], 61 + "durable_objects": { 62 + "bindings": [ 63 + { 64 + "class_name": "Sandbox", 65 + "name": "Sandbox", 66 + }, 67 + ], 68 + }, 69 + "migrations": [ 70 + { 71 + "new_sqlite_classes": ["Sandbox"], 72 + "tag": "v1", 73 + }, 74 + ], 75 + "hyperdrive": [ 76 + { 77 + "binding": "HYPERDRIVE", 78 + "id": "45a57339b01e45559b753ffcacbc20e4", 79 + }, 80 + ], 81 + /** 82 + * Smart Placement 83 + * https://developers.cloudflare.com/workers/configuration/smart-placement/#smart-placement 84 + */ 85 + // "placement": { "mode": "smart" } 86 + /** 87 + * Bindings 88 + * Bindings allow your Worker to interact with resources on the Cloudflare Developer Platform, including 89 + * databases, object storage, AI inference, real-time communication and more. 90 + * https://developers.cloudflare.com/workers/runtime-apis/bindings/ 91 + */ 92 + /** 93 + * Environment Variables 94 + * https://developers.cloudflare.com/workers/wrangler/configuration/#environment-variables 95 + * Note: Use secrets to store sensitive data. 96 + * https://developers.cloudflare.com/workers/configuration/secrets/ 97 + */ 98 + // "vars": { "MY_VARIABLE": "production_value" } 99 + /** 100 + * Static Assets 101 + * https://developers.cloudflare.com/workers/static-assets/binding/ 102 + */ 103 + // "assets": { "directory": "./public/", "binding": "ASSETS" } 104 + /** 105 + * Service Bindings (communicate between multiple Workers) 106 + * https://developers.cloudflare.com/workers/wrangler/configuration/#service-bindings 107 + */ 108 + // "services": [ { "binding": "MY_SERVICE", "service": "my-service" } ] 109 + }
+1
apps/cf-sandbox/src/types/sandbox.ts
··· 53 53 "picoclaw", 54 54 "zeroclaw", 55 55 "wasmer", 56 + "nanoclaw", 56 57 ]) 57 58 .optional() 58 59 .default("openclaw"),
+1
apps/sandbox/src/workers.ts
··· 18 18 pkgx: "https://pkgx.pocketenv.io", 19 19 zeroclaw: "https://zeroclaw.pocketenv.io", 20 20 wasmer: "https://wasmer.pocketenv.io", 21 + nanoclaw: "https://nanoclaw.pocketenv.io", 21 22 };