I built Sentra, an execution firewall that lets you safely run OpenClaw (AI agent with WhatsApp integration) on Oracle Cloud Free Tier for $0/month.
The problem: AI agents that execute code are powerful but dangerous. Give an LLM shell access and it might run rm -rf /.
The solution: A security layer with:
• Seccomp-BPF – Kernel-level syscall filtering blocks fork, exec, ptrace before they execute
• Policy engine – Regex-based command allowlist/denylist with argument inspection
• Python sandbox – Namespace isolation with cgroup resource limits
• Rate limiting – Prevents automated attack patterns
Example:
[sentra:enforce]$ rm -rf /
[X] DENIED: Recursive deletion blocked
[sentra:enforce]$ sudo su
[X] DENIED: Privilege escalation blocked
[sentra:enforce]$ ls -la
total 48
drwxr-xr-x 5 opc opc 4096 ...
ALLOWED
The stack (all free):
• Oracle Cloud Free Tier – 4 ARM CPUs, 24GB RAM, 200GB storage
• OpenClaw – Node.js AI agent framework with WhatsApp Web
• Sentra – Rust execution firewall (this project)
• Any LLM via OpenRouter (Gemini, GPT-4, Claude, Llama)
One-line install:
curl -sSL https://raw.githubusercontent.com/sundarsub/sentra/main/scripts/install-oracle-cloud.sh | sudo bash
Links:
• GitHub: https://github.com/sundarsub/sentra
• Oracle Cloud Guide: https://github.com/sundarsub/sentra/blob/main/docs/ORACLE_CLOUD_DEPLOYMENT.md
Open source (Apache-2.0). [email protected]