Last Friday I hit a wall. My AI agent Oliver could run gws (Google Workspace CLI) perfectly when sandboxing was off. But the moment I enabled sandbox mode for security, everything broke.
Missing CA certificates. Read-only filesystem. Permission denied. I spent hours debugging error messages, trying different workarounds, watching container after container fail.
The problem was clear. Oliver needed to make HTTPS requests to Google's servers. But the minimal OpenClaw sandbox image had no SSL certificates. I tried installing them at runtime with apt-get. That failed. The container was running as a non-privileged user and the filesystem was read-only.
Then I tried mounting the gws binary from the host. OpenClaw's sandbox security blocked that too. You can't just mount credential directories like .cargo into isolated containers. Fair enough, but frustrating.
The breakthrough came when I stopped trying to fix it at runtime.
I built a custom Docker image based on the standard OpenClaw sandbox, but with ca-certificates and Node.js baked in at build time. No runtime installation, no permission issues, no fragile workarounds. I copied the gws binary directly into each agent's workspace instead of trying to mount from blocked system directories. I set environment variables so the container knew where to find everything.
One container image restart later and Oliver was back. Only now running in a secure sandbox with full gws capabilities.
The benefits surprised me. Oliver runs isolated from the host system. I can give groups different tool permissions than direct messages. If something goes wrong, the blast radius is contained to the container. But I don't lose any functionality. The agent can still do everything it could before, just safer.
This was the lesson I needed. Sandbox security doesn't mean giving up capabilities. It means building the right foundation so your agents can work safely AND effectively. All those runtime workarounds I tried? They were fragile hacks. The custom image with proper setup? That's infrastructure.
If you're running AI agents in production and want this kind of setup without spending hours debugging certificate errors, let's talk. I build secure, capable agent systems that actually work.