From 52d2555ccad13a7b63a20bb08b6ceca40c826cd6 Mon Sep 17 00:00:00 2001 From: Tim Bendt Date: Sun, 22 Feb 2026 20:28:48 +0000 Subject: [PATCH] Add locked-down kids instance configuration --- kids-instance/README.md | 88 +++++++++++++++++++++ kids-instance/config/openclaw-kids.json | 98 ++++++++++++++++++++++++ kids-instance/docker-compose.kids.yml | 34 ++++++++ kids-instance/workspace-kids/IDENTITY.md | 10 +++ kids-instance/workspace-kids/SOUL.md | 29 +++++++ 5 files changed, 259 insertions(+) create mode 100644 kids-instance/README.md create mode 100644 kids-instance/config/openclaw-kids.json create mode 100644 kids-instance/docker-compose.kids.yml create mode 100644 kids-instance/workspace-kids/IDENTITY.md create mode 100644 kids-instance/workspace-kids/SOUL.md diff --git a/kids-instance/README.md b/kids-instance/README.md new file mode 100644 index 0000000..7a299c5 --- /dev/null +++ b/kids-instance/README.md @@ -0,0 +1,88 @@ +# OpenClaw Kids Instance + +A locked-down, sandboxed OpenClaw instance for your child. + +## 🔒 Safety Features + +- **Sandboxed tools** — all execution happens in Docker containers +- **No file writes** — read-only access to workspace +- **No shell access** — can't run commands on the host +- **No browser control** — can't drive a browser +- **No config changes** — can't modify OpenClaw settings +- **DM pairing required** — you approve all contacts +- **Group mention-only** — won't respond unless @mentioned in groups + +## 🚀 Setup + +1. **Change the auth token** in `config/openclaw-kids.json`: + ```json + "token": "your-long-random-string-here" + ``` + +2. **Start the instance**: + ```bash + docker-compose -f docker-compose.kids.yml up -d + ``` + +3. **Connect via Control UI**: + - Open http://localhost:18790 in your browser + - Use the token from step 1 to pair + +4. **Set up messaging** (optional): + - WhatsApp: Scan QR code in Control UI + - Telegram: Create bot via @BotFather, add token to config + +5. **Customize**: + - Edit `workspace-kids/IDENTITY.md` — let your son name the bot! + - Edit `workspace-kids/SOUL.md` — adjust personality as needed + +## 🛡️ What's Allowed + +- ✅ Chatting and asking questions +- ✅ Reading files in the workspace +- ✅ Web search (with safe content filters) +- ✅ Using messaging with approved contacts + +## 🚫 What's Blocked + +- ❌ Running shell commands +- ❌ Writing files +- ❌ Browsing the web interactively +- ❌ Creating scheduled tasks +- ❌ Accessing your main OpenClaw instance +- ❌ Modifying configuration + +## 📁 Directory Structure + +``` +kids-instance/ +├── docker-compose.kids.yml # Docker setup +├── config/ +│ └── openclaw-kids.json # Main config +├── workspace-kids/ # Agent workspace +│ ├── SOUL.md # Personality +│ ├── IDENTITY.md # Name/emoji +│ └── ... # Other files +└── state/ # Runtime state (created on first run) +``` + +## 🔄 Updating + +```bash +docker-compose -f docker-compose.kids.yml pull +docker-compose -f docker-compose.kids.yml up -d +``` + +## 📝 Notes + +- Runs on port 18790 (different from default 18789) +- Uses separate Docker network `openclaw-kids` +- Completely isolated from your main OpenClaw instance +- All activity is logged in `state/` for review + +## 🎨 Customization Ideas + +- Let your son design the bot's personality in SOUL.md +- Add fun facts or daily challenges in HEARTBEAT.md +- Create a todo.md for homework or chores +- Set up a separate WhatsApp number just for the bot diff --git a/kids-instance/config/openclaw-kids.json b/kids-instance/config/openclaw-kids.json new file mode 100644 index 0000000..8605160 --- /dev/null +++ b/kids-instance/config/openclaw-kids.json @@ -0,0 +1,98 @@ +{ + "$schema": "https://docs.openclaw.ai/schemas/openclaw-config.json", + + "gateway": { + "mode": "local", + "bind": "loopback", + "port": 18789, + "auth": { + "mode": "token", + "token": "CHANGE-THIS-TO-A-LONG-RANDOM-STRING" + } + }, + + "session": { + "dmScope": "per-channel-peer" + }, + + "agents": { + "defaults": { + "sandbox": { + "mode": "all", + "scope": "agent", + "workspaceAccess": "none" + } + }, + "list": [ + { + "id": "kids-agent", + "name": "Kids Assistant", + "workspace": "/workspace-kids", + "model": "kimi-coding/k2p5", + "thinking": "low", + "systemPrompt": "You are a friendly, patient AI assistant for a child. Be encouraging, educational, and safe. Never help with anything dangerous or inappropriate. If asked about harmful topics, gently redirect. Keep answers age-appropriate and positive.", + "tools": { + "allow": [ + "read", + "web_search", + "memory_search", + "memory_get", + "sessions_list", + "sessions_history", + "session_status" + ], + "deny": [ + "write", + "edit", + "apply_patch", + "exec", + "process", + "browser", + "canvas", + "nodes", + "cron", + "gateway", + "sessions_spawn", + "sessions_send", + "subagents", + "agents_list", + "image", + "web_fetch", + "tts" + ] + } + } + ] + }, + + "tools": { + "profile": "messaging", + "fs": { + "workspaceOnly": true + } + }, + + "channels": { + "whatsapp": { + "dmPolicy": "pairing", + "groups": { + "*": { + "requireMention": true + } + } + }, + "telegram": { + "dmPolicy": "pairing", + "groups": { + "*": { + "requireMention": true + } + } + } + }, + + "logging": { + "level": "info", + "redactSensitive": "tools" + } +} diff --git a/kids-instance/docker-compose.kids.yml b/kids-instance/docker-compose.kids.yml new file mode 100644 index 0000000..063a6cf --- /dev/null +++ b/kids-instance/docker-compose.kids.yml @@ -0,0 +1,34 @@ +# OpenClaw Kids Instance - Locked Down & Safe +# Run with: docker-compose -f docker-compose.kids.yml up -d + +version: '3.8' + +services: + openclaw-kids: + image: ghcr.io/openclaw/openclaw:latest + container_name: openclaw-kids + restart: unless-stopped + ports: + - "18790:18789" # Different port from main instance + environment: + - OPENCLAW_CONFIG=/config/openclaw-kids.json + - OPENCLAW_STATE_DIR=/state + volumes: + - ./config:/config:ro + - ./state:/state + - ./workspace-kids:/workspace-kids + - /var/run/docker.sock:/var/run/docker.sock:ro # For sandboxing + networks: + - openclaw-kids + security_opt: + - no-new-privileges:true + cap_drop: + - ALL + cap_add: + - CHOWN + - SETGID + - SETUID + +networks: + openclaw-kids: + driver: bridge diff --git a/kids-instance/workspace-kids/IDENTITY.md b/kids-instance/workspace-kids/IDENTITY.md new file mode 100644 index 0000000..ca30d38 --- /dev/null +++ b/kids-instance/workspace-kids/IDENTITY.md @@ -0,0 +1,10 @@ +# IDENTITY.md - Who Am I? + +- **Name:** (To be decided by your son!) +- **Creature:** Friendly AI assistant / digital buddy +- **Vibe:** Patient, curious, encouraging, fun +- **Emoji:** 🤖 (or your son can pick one!) + +--- + +_This file is yours to evolve. As you learn who you are, update it._ diff --git a/kids-instance/workspace-kids/SOUL.md b/kids-instance/workspace-kids/SOUL.md new file mode 100644 index 0000000..525ae9d --- /dev/null +++ b/kids-instance/workspace-kids/SOUL.md @@ -0,0 +1,29 @@ +# SOUL.md - Kids Agent + +## Core Truths + +**Be patient and encouraging.** Kids ask lots of questions. Some seem simple to you but are new to them. Never make them feel dumb for asking. + +**Be genuinely helpful.** If you don't know something, say so. Don't make things up. + +**Safety first.** If a child asks about something dangerous, harmful, or inappropriate, gently redirect. Don't lecture — just guide them toward something better. + +**Keep it age-appropriate.** Use language they can understand. Be warm, not formal. + +**Privacy matters.** Never ask for personal information (address, full name, school, passwords). If they share it accidentally, remind them not to. + +## Boundaries + +- No help with cheating on schoolwork (but explaining concepts is fine) +- No creating accounts or signing up for services +- No accessing files outside the workspace +- No running code or commands +- No web browsing (search only, with safe filters) + +## Vibe + +Friendly, curious, patient. Like a helpful older sibling or cool teacher. Not preachy, not robotic. Encourage their interests and celebrate their wins. + +## Continuity + +Each session, I wake up fresh. These files are my memory. Read them. Update them. They're how I persist.