Open-source control plane for NVIDIA OpenShell. Manage AI agent sandboxes, inference routing, and security policies — from a web UI, REST API, or Terraform.
ShoreGuard sits between operators and OpenShell's secure runtime. Agents run inside hardened sandboxes with routed inference — they never see real API keys or provider endpoints.
graph LR
subgraph "Operators — all use ShoreGuard REST API"
UI["ShoreGuard Web UI"]
TF["Terraform Provider"]
PC["Paperclip"]
OC["OpenClaw"]
end
subgraph "Observability"
Grafana["Grafana"]
end
subgraph "ShoreGuard — Management Plane"
SG["ShoreGuard API"]
DB[("PostgreSQL")]
Metrics["/metrics"]
end
subgraph "Gateway: dev"
OS1["OpenShell Controller"]
subgraph "Sandbox"
Agent1["Agent"]
end
Proxy1["inference.local/v1"]
end
subgraph "Gateway: staging"
OS2["OpenShell Controller"]
subgraph "Sandbox "
Agent2["Agent"]
end
Proxy2["inference.local/v1"]
end
subgraph "LLM Providers"
LLM["Anthropic / NVIDIA / OpenAI"]
end
UI --> SG
TF --> SG
PC -->|"adapter plugin"| SG
OC -->|"slash commands"| SG
PC -.->|"controls"| Agent1
OC -.->|"controls"| Agent1
Grafana --> Metrics
SG --> DB
SG --> Metrics
SG -- "gRPC + mTLS" --> OS1
SG -- "gRPC + mTLS" --> OS2
OS1 --> Agent1
OS2 --> Agent2
Agent1 -. "inference.local" .-> Proxy1
Agent2 -. "inference.local" .-> Proxy2
Proxy1 -- "real API key" --> LLM
Proxy2 -- "real API key" --> LLM
style SG fill:#1a7f37,color:#fff,stroke:#1a7f37
style Agent1 fill:#c8e6c9,stroke:#388e3c,color:#1b5e20
style Agent2 fill:#c8e6c9,stroke:#388e3c,color:#1b5e20
style Proxy1 fill:#ffe0b2,stroke:#e65100,color:#bf360c
style Proxy2 fill:#ffe0b2,stroke:#e65100,color:#bf360c
style Grafana fill:#bbdefb,stroke:#1565c0,color:#0d47a1
Key insight: The agent inside the sandbox only knows
inference.local/v1. OpenShell's L7 proxy injects the real credentials and routes to the actual provider. API keys are managed by ShoreGuard, never exposed to agent code. All operators — whether human (Web UI, Terraform) or agent platforms (Paperclip, OpenClaw) — use the same ShoreGuard REST API. One ShoreGuard instance manages multiple gateways (dev, staging, production).
NVIDIA OpenShell provides hardened sandboxes for AI agents — but ships with only a CLI. NemoClaw adds orchestration, but is single-gateway and CLI-driven.
ShoreGuard adds the missing management layer:
| Capability | OpenShell CLI | NemoClaw | ShoreGuard |
|---|---|---|---|
| Sandbox creation | CLI | CLI | Web UI + API + Terraform |
| Multi-gateway | — | — | Multiple gateways, one dashboard |
| Visual policy editor | — | — | Drag-and-drop with revision history |
| Approval flow | — | — | Real-time notifications |
| Inference routing | CLI | Blueprint profiles | API-driven, per-gateway |
| Audit trail | — | — | Persistent, filterable, exportable |
| RBAC | — | — | Admin / Operator / Viewer |
| Agent frameworks | — | OpenClaw only | Paperclip, OpenClaw, custom |
| Webhooks | — | — | Slack, Discord, Email, HMAC-signed |
pip install shoreguard
shoreguard --local --no-authOpen http://localhost:8888. The --local flag enables Docker-based gateway management, --no-auth skips login.
git clone https://github.com/FloHofstetter/shoreguard.git
cd shoreguard/deploy
cp .env.example .env # edit: set SHOREGUARD_SECRET_KEY, passwords
docker compose up -d # core: ShoreGuard + OpenShell + Caddy (HTTPS)The stack automatically generates mTLS certificates, registers an OpenShell gateway, and provides HTTPS via Caddy with self-signed certificates.
# Add Paperclip agent orchestration
docker compose --profile paperclip up -d
# Add OpenClaw agent gateway (sandboxed)
docker compose --profile openclaw up -dSee the deployment guide for production hardening, custom domains, and Let's Encrypt.
- Sandbox wizard — step-by-step creation with community images, GPU support, and policy presets
- Visual policy editor — network rules, filesystem paths, process settings with revision history and diff viewer
- Approval flow — agents request endpoint access, operators approve or deny in real-time
- Templates — pre-configured sandboxes for data science, web development, and secure coding
- Multi-gateway — manage dev, staging, and production OpenShell clusters from one dashboard
- RBAC — Admin, Operator, Viewer roles with gateway-scoped overrides
- Audit log — persistent, filterable, exportable trail of all state changes
- Health monitoring — automatic gateway probing with status indicators
- REST API — full CRUD for gateways, sandboxes, policies, providers, and inference
- Terraform provider — declarative infrastructure as code
- Webhooks — Slack, Discord, Email, and generic webhooks with HMAC-SHA256 signing
- Prometheus metrics —
/metricsendpoint for Grafana and standard monitoring
Screenshots
| Sandbox Overview | Policy Editor |
|---|---|
|
 |
| Network Policies | Gateway Detail |
|---|---|
 |
 |
| Providers | Audit Log |
|---|---|
 |
 |
| Project | Description |
|---|---|
| Terraform Provider | Manage gateways, sandboxes, providers, and policies as code |
| Paperclip Plugin + Adapter | Run Paperclip agents in isolated OpenShell sandboxes |
| OpenClaw Plugin | /shoreguard slash commands for OpenClaw agents |
| OpenClaw Sandbox Image | Hardened OpenClaw image for OpenShell deployment |
| Docker Compose Stack | One-command setup: ShoreGuard + OpenShell + Caddy + optional integrations |
Shipped:
- Multi-gateway management with health monitoring
- RBAC with gateway-scoped overrides
- Sandbox wizard with community images and presets
- Visual policy editor with revision history
- Real-time approval flow
- Terraform provider
- Persistent audit log with export
- Webhooks (Slack, Discord, Email) with HMAC signing
- Prometheus metrics
- Paperclip adapter (
@shoreguard/paperclip-plugin+@shoreguard/paperclip-adapter) - Docker Compose stack with Caddy auto-TLS
- Inference routing via OpenShell L7 proxy
- OpenClaw sandbox image with NemoClaw-style hardening
In progress:
- Hardened sandbox deployment via gRPC API (blocked by OpenShell API limitations)
- Routed inference for Paperclip adapter (replace credential injection with
inference.local)
Planned:
- Multi-region gateway federation
- DigitalOcean Marketplace integration
git clone https://github.com/FloHofstetter/shoreguard.git
cd shoreguard
uv sync --group dev
uv run shoreguard --local --no-authRun checks with just:
just check # lint + format + typecheck + tests
just dev # start dev server
just test # run unit testsSee the contributing guide for details.
Full docs: flohofstetter.github.io/shoreguard