Phase 3 / Ep 16: Multi-Agent Privilege Isolation —— Assigning Least Privilege by Role

🎯 Learning Objective: Design a differentiated permission architecture for multiple Agents.

1. Typical Three-Agent Architecture

graph TB
    subgraph Agents["🤖 Agent Legion"]
        PA["🧑‍💼 personal\nprofile: basic\nTelegram DM"]
        CA["💻 code-agent\nprofile: coding\nCLI + Discord #dev"]
        OA["🔧 ops-agent\nprofile: full\nInside Docker Only\nDiscord #ops"]
    end

    PA -->|"Capabilities"| PA_S["✅ Chat · Reminders · Schedule\n❌ Shell · Git · System Operations"]
    CA -->|"Capabilities"| CA_S["✅ Chat · Files · Shell · Git\n❌ System Operations · Process Management"]
    OA -->|"Capabilities"| OA_S["✅ All Capabilities\n⚠️ Restricted to container operations"]

2. Configuration Steps

# Create Agents
openclaw agents add personal
openclaw agents add code-agent
openclaw agents add ops-agent

# Set permissions respectively
openclaw agents config personal tools.profile basic
openclaw agents config code-agent tools.profile coding
openclaw agents config ops-agent tools.profile full

# Bind channels
openclaw agents bind personal telegram
openclaw agents bind code-agent cli
openclaw agents bind code-agent discord --channel dev
openclaw agents bind ops-agent discord --channel ops

3. Physical Isolation (ops-agent)

The ops-agent should run in an independent Docker container:

# docker-compose.yml
services:
  openclaw-ops:
    image: openclaw/openclaw:latest
    container_name: ops-agent
    environment:
      - OPENCLAW_TOOLS_PROFILE=full
    volumes:
      - ./ops-data:/root/.openclaw
    # Do not mount sensitive host directories!

4. Principle Summary

Next Episode Teaser: Phase 4 begins! Ep 17, Deep Dive into the Skill Architecture — Understanding the metadata, instruction formats, and injection mechanisms of SKILL.md.