From b2ac69e12b936bdc6ff034defff1b6cff96a4dcc Mon Sep 17 00:00:00 2001
From: Viktor Barzin <viktorbarzin@meta.com>
Date: Sun, 1 Mar 2026 16:51:35 +0000
Subject: [PATCH] [ci skip] openclaw: disable sandbox mode for unrestricted
 execution

- Set agents.defaults.sandbox.mode = off
- Combined with exec.host=gateway and exec.security=full,
  OpenClaw can now run any command on the container host
---
 stacks/openclaw/main.tf | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/stacks/openclaw/main.tf b/stacks/openclaw/main.tf
index 9c5b7aa7..4bc0d055 100644
--- a/stacks/openclaw/main.tf
+++ b/stacks/openclaw/main.tf
@@ -89,6 +89,9 @@ resource "kubernetes_config_map" "openclaw_config" {
         defaults = {
           contextTokens     = 1000000
           bootstrapMaxChars = 30000
+          sandbox = {
+            mode = "off"
+          }
           model = {
             primary   = "nim/mistralai/mistral-large-3-675b-instruct-2512"
             fallbacks = ["nim/nvidia/llama-3.1-nemotron-ultra-253b-v1", "modelrelay/auto-fastest"]