Docker

Docker is the recommended way to run superclaw in production. The hardened container profile gives you read-only rootfs, non-root execution, capability drops, and a narrow workspace mount with zero host surface.

Quick start

Pull the image from GitHub Container Registry and run a task against the current directory:

bash
docker run --rm \
  --user 1000:1000 \
  --read-only \
  --cap-drop ALL \
  --security-opt no-new-privileges:true \
  --pids-limit 64 \
  --network host \
  -e ANTHROPIC_API_KEY="$ANTHROPIC_API_KEY" \
  -v "$(pwd)":/workspace \
  -v blaze-data:/data \
  -w /workspace \
  ghcr.io/akshaymemane/superclaw:latest \
  "read the README and write a summary to summary.md"
--read-only

The container root filesystem is mounted read-only. The agent can only write to /workspace and /data volumes.

--cap-drop ALL

All Linux capabilities are dropped. The agent process has no elevated kernel access.

--user 1000:1000

Runs as a non-root user. Host files in /workspace are owned by UID/GID 1000.

no-new-privileges

Prevents the process from gaining additional privileges via setuid binaries.

--pids-limit 64

Caps the number of processes the container can spawn, limiting run_bash abuse.

-v $(pwd):/workspace

Mounts only the current directory. The agent cannot read or write outside this path.

docker-compose.yml

For repeatable runs or CI integration, use a Compose file. This example runs a single task and exits:

docker-compose.ymlyaml
1version: "3.9"23services:4  superclaw:5    image: ghcr.io/akshaymemane/superclaw:latest6    user: "1000:1000"7    read_only: true8    cap_drop:9      - ALL10    security_opt:11      - no-new-privileges:true12    pids_limit: 6413    environment:14      - ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY}15    volumes:16      - ./workspace:/workspace17      - blaze-data:/data18    working_dir: /workspace19    command: >20      "research the latest Go release and write a summary to go-release.md"2122volumes:23  blaze-data:

Running with Compose

bash
# Run and stream logs
docker compose run --rm superclaw

# Override the task at runtime
docker compose run --rm superclaw "list all Go files and count lines of code"

Environment variables

Pass configuration via environment variables inside the container. BLAZE_* variables override the corresponding superclaw.json fields:

.envbash
# Required
ANTHROPIC_API_KEY=sk-ant-...

# Optional: override any superclaw.json field
BLAZE_MODEL=claude-haiku-4-5
BLAZE_MAX_STEPS=10
BLAZE_TIMEOUT=60
BLAZE_SKILLS=coding,github

# Optional: search backend (required for web_search tool)
BRAVE_API_KEY=BSA...
VariableMaps toNotes
ANTHROPIC_API_KEYRequired. Never baked into the image.
BLAZE_MODELmodelOverride the model ID.
BLAZE_MAX_STEPSmax_stepsOverride step limit.
BLAZE_TIMEOUTtimeout_secondsOverride run timeout.
BLAZE_MAX_FETCHmax_fetch_callsOverride fetch limit.
BLAZE_SKILLSskillsComma-separated skill names.
BRAVE_API_KEYRequired for web_search tool.

Volume mounts

/workspaceread + write

The working directory for all file operations. read_file, write_file, patch_file, list_files, and run_bash all operate within this directory. Mount your project here.

bash
-v "$(pwd)":/workspace
/dataread + writepersistent

Session history is written to /data/.superclaw/runs.jsonl. Mount a named volume here to persist history across container restarts. If not mounted, history is discarded when the container exits.

bash
-v blaze-data:/data

Security profile

The recommended profile for production use:

SettingValueEffect
--read-onlytrueRoot filesystem is read-only. No writes outside /workspace and /data.
--user1000:1000Non-root. No risk of host file ownership issues.
--cap-dropALLNo Linux capabilities. Cannot bind privileged ports, modify network, etc.
--security-optno-new-privileges:trueDisables privilege escalation via setuid/setgid.
--pids-limit64Process limit. Prevents fork bombs and subprocess sprawl.
--networkhost (or bridge)Restrict to bridge with egress rules for stronger isolation.

Build the image from source

The official image uses a multi-stage build with a scratch base — only the static binary and CA certificates are included:

Dockerfiledockerfile
1FROM golang:1.23-alpine AS builder2WORKDIR /build3COPY . .4RUN CGO_ENABLED=0 GOOS=linux go build -trimpath -ldflags="-s -w" \5    -o /superclaw ./cmd/superclaw67FROM scratch8COPY --from=builder /superclaw /superclaw9COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/10USER 1000:100011ENTRYPOINT ["/superclaw"]
bash
docker build -t superclaw:local .
docker run --rm -e ANTHROPIC_API_KEY="$ANTHROPIC_API_KEY" \
  -v "$(pwd)":/workspace superclaw:local "your task here"