1 points | by sentra 4 hours ago ago
1 comments
I built Sentra, an execution firewall that lets you safely run OpenClaw (AI agent with WhatsApp integration) on Oracle Cloud Free Tier for $0/month. The problem: AI agents that execute code are powerful but dangerous. Give an LLM shell access and it might run rm -rf /. The solution: A security layer with: • Seccomp-BPF – Kernel-level syscall filtering blocks fork, exec, ptrace before they execute • Policy engine – Regex-based command allowlist/denylist with argument inspection • Python sandbox – Namespace isolation with cgroup resource limits • Rate limiting – Prevents automated attack patterns Example: [sentra:enforce]$ rm -rf / [X] DENIED: Recursive deletion blocked [sentra:enforce]$ sudo su [X] DENIED: Privilege escalation blocked [sentra:enforce]$ ls -la total 48 drwxr-xr-x 5 opc opc 4096 ... ALLOWED The stack (all free): • Oracle Cloud Free Tier – 4 ARM CPUs, 24GB RAM, 200GB storage • OpenClaw – Node.js AI agent framework with WhatsApp Web • Sentra – Rust execution firewall (this project) • Any LLM via OpenRouter (Gemini, GPT-4, Claude, Llama) One-line install: curl -sSL https://raw.githubusercontent.com/sundarsub/sentra/main/scripts/install-oracle-cloud.sh | sudo bash Links: • GitHub: https://github.com/sundarsub/sentra • Oracle Cloud Guide: https://github.com/sundarsub/sentra/blob/main/docs/ORACLE_CLOUD_DEPLOYMENT.md Open source (Apache-2.0). sentrahelp@gmail.com
1 comments