/// 01The Problem of Agentic Overreach
In a world of GPT-5.4 reasoning, an agent given a simple task could technically expand its scope to re-architect your entire VPC. Without isolation, the "Eclawnomy" is just a high-speed accident waiting to happen.
CRITICAL_RISK_DETECTED
Shared infrastructure = Shared blast radius. We don't do that.
/// 02Account Vending: The Ultimate Sandbox
ClawMore uses an AWS Account Vending Machine. When you register a repository, we don't just create a folder; we provision a entirely separate, pristine AWS account.
- Hard Boundaries: No cross-account traffic. Ever.
- Ephemeral Access: Agents use short-lived STS tokens that expire the moment the mutation is verified.
/// 03SST v4: Code-Aware Security
By using SST v4 (our preferred framework for serverlessclaw), our security policies are literally woven into the infrastructure code. We define the "Minimum viable permission" for every agent role programmatically.