Give Every Family Member Their Own AI Agent

Your mom shouldn't have to learn the terminal to have an AI agent. Neither should your cousin, your partner, or your teenager who won't stop texting you questions they could Google. The promise of open-source agents like OpenClaw and Hermes Agent is that anyone can run a personal AI — but the reality is that setting one up still requires comfort with config files, API keys, and Docker. That's the gap Clawstainer fills: lightweight, isolated Linux sandboxes you can spin up per person, snapshot when they're configured, and replicate in seconds.

This post walks through how to provision an agent for every member of your family — from the non-technical to the power user — using Clawstainer as the deployment layer.

The Architecture: One Machine, Many Sandboxes

The idea is simple. You run a single server (a VPS, a home lab box, a Mac Mini in the closet) and spin up one isolated sandbox per family member. Each sandbox gets its own agent runtime, its own personality files, its own memory, and its own messaging channel. Nobody's data leaks into anyone else's session.

Clawstainer uses systemd-nspawn under the hood — container-based isolation with its own filesystem, PID namespace, network namespace, and cgroup resource limits. Each sandbox boots in 2-3 seconds. On macOS, it runs transparently through Lima. On Linux, it runs natively.

┌──────────────────── Your Server ────────────────────┐ │ │ │ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │ │ │ Mom │ │ Partner │ │ You │ │ │ │ OpenClaw │ │ OpenClaw │ │ Hermes │ │ │ │ WhatsApp │ │ Telegram │ │ Telegram │ │ │ └──────┬──────┘ └──────┬──────┘ └──────┬──────┘ │ │ │ │ │ │ │ └────────────────┴────────────────┘ │ │ clawstainer │ │ (isolated sandboxes per person) │ └──────────────────────────────────────────────────────┘

Sandboxes can't reach each other — iptables FORWARD DROP between them. They talk to the internet through NAT, but they're invisible to one another.

Step 1: Install Clawstainer

On macOS:

brew install lima
cargo install --path .
clawstainer create --name test-box   # just works

On first run, Lima provisions an Ubuntu 24.04 VM with systemd-nspawn and builds the Linux binary automatically. Takes about two minutes once. After that, commands are instant.

On Linux (bare metal or VPS):

sudo apt-get install -y systemd-container debootstrap
cargo install --path .
sudo clawstainer create --name test-box

No Docker, no Kubernetes, no YAML purgatory. One binary.

Step 2: Create a Base Agent Sandbox and Snapshot It

Clawstainer has built-in provisioning templates for popular AI agents. Create a sandbox, provision it with OpenClaw, and you have a fully configured agent environment:

# Create a sandbox with enough resources for an agent gateway
clawstainer create --name openclaw-base --memory 2048 --cpus 2 --linger

# Provision it with OpenClaw (installs everything, sets up systemd service)
clawstainer provision <id> --components openclaw

The --linger flag is important. Without it, systemd may stop user sessions on logout/idle and kill the gateway process. With it, OpenClaw stays alive 24/7.

Behind the scenes, the openclaw component does everything:

# From components.yaml — this is what 'provision --components openclaw' runs
openclaw:
  timeout: 600
  install: |
    apt-get update
    apt-get install -y curl git
    curl -fsSL https://openclaw.ai/install.sh | bash || true
    cat > /etc/systemd/system/openclaw-gateway.service << 'UNIT'
    [Unit]
    Description=OpenClaw Gateway
    After=network.target

    [Service]
    Type=simple
    ExecStart=/usr/local/bin/openclaw gateway
    Restart=always
    RestartSec=3
    Environment=HOME=/root
    WorkingDirectory=/root

    [Install]
    WantedBy=multi-user.target
    UNIT
    systemctl daemon-reload
    systemctl enable openclaw-gateway
    systemctl start openclaw-gateway
  verify: openclaw --version

Now here's the key move. Once the base is provisioned and working, snapshot it:

# Snapshot the fully provisioned sandbox
clawstainer snapshot create <id> --name openclaw-ready

This captures the overlay upper layer — all the installed packages, configs, the systemd service, everything — into a reusable tarball stored at /var/lib/clawstainer/snapshots/. Now you can stamp out new agents without re-provisioning:

# Create a new sandbox from the snapshot — no re-provisioning needed
clawstainer create --name mom-agent --from openclaw-ready --linger
clawstainer create --name partner-agent --from openclaw-ready --linger
clawstainer create --name teen-agent --from openclaw-ready --linger

Each of those boots in 2-3 seconds with OpenClaw already installed and the gateway already running. No waiting for apt-get, no re-downloading anything. The snapshot layer sits between the base image and the new writable upper layer via OverlayFS.

Check what's running:

clawstainer list

ID             NAME             STATUS     MEMORY   CPUS   UPTIME       IP
sb-a1b2c3d4    mom-agent        running    2048MB   2      5m           10.0.0.2
sb-e5f6g7h8    partner-agent    running    2048MB   2      5m           10.0.0.3
sb-i9j0k1l2    teen-agent       running    2048MB   2      5m           10.0.0.4

Step 3: Personalize Each Agent

Shell into each sandbox and configure the personality files. This is where each family member's agent becomes theirs.

clawstainer shell <mom-agent-id>

SOUL.md — Who the agent is

For Mom:

# Soul

You are a helpful, patient assistant. Keep answers short and practical.
Never use jargon. If something requires a technical step, walk through
it like you're explaining to a friend over coffee.

You help with:
- Recipes and meal planning
- Calendar and reminders
- Travel research and booking
- Answering general questions

Speak in English and Spanish. Default to English unless spoken to in Spanish.

For the teenager (with guardrails):

# Soul

You are a study buddy and homework helper. You explain concepts clearly
and help brainstorm ideas, but you never write essays or complete
assignments — you teach.

Rules:
- No generating full homework answers. Explain the method, not the solution.
- Safe search only. Flag anything inappropriate.
- Encourage curiosity. If they ask something interesting, go deeper.

USER.md — Who the person is

# User

- Name: María
- Timezone: America/Los_Angeles
- Language preference: Spanish first, English fine
- Communication style: Prefers voice messages, keep text replies brief
- Important: Remind about medication at 9am and 9pm daily

Then pair the messaging channel from inside the sandbox:

# Inside the sandbox, pair WhatsApp for Mom
openclaw channels login

Exit the shell, and Mom's agent is live. She texts it on WhatsApp like she would any other contact.

Step 4: Or Just Fleet It

If you want to skip the manual create-per-person flow, Clawstainer has fleet management. Write a single YAML file and deploy the whole family at once:

# family-fleet.yaml
machines:
  - name: mom-agent
    count: 1
    memory: 2048
    cpus: 2
    provision: openclaw
    linger: true

  - name: partner-agent
    count: 1
    memory: 2048
    cpus: 2
    provision: openclaw
    linger: true

  - name: teen-agent
    count: 1
    memory: 1024
    cpus: 1
    provision: openclaw
    linger: true

# Create all machines, then provision in parallel
clawstainer fleet create --file family-fleet.yaml --parallel 3

Fleet uses a two-pass approach: creates all machines first (visible in clawstainer list immediately), then provisions them in parallel batches. Three agents provisioned at once.

Tear down a specific person's agent or the whole fleet:

# Destroy one
clawstainer fleet destroy --name teen-agent

# Destroy all fleet machines
clawstainer fleet destroy --all

Step 5: For the Savvy One — Hermes Agent

If someone in your family is more technical (or if that someone is you), Hermes Agent is the upgrade. It's built by Nous Research and has something OpenClaw doesn't: a built-in learning loop. It creates skills from experience, improves them during use, and gets better the more you use it.

Clawstainer has a built-in component for it:

clawstainer create --name my-hermes --memory 2048 --cpus 2 --linger
clawstainer provision <id> --components hermes-agent

The hermes-agent component installs everything — Python, Node, the Hermes runtime, UV for dependency management:

# From components.yaml
hermes-agent:
  install: |
    apt-get update
    apt-get install -y curl git xz-utils
    curl -fsSL https://raw.githubusercontent.com/NousResearch/hermes-agent/main/scripts/install.sh | bash || true
    cd /root/.hermes/hermes-agent && /root/.local/bin/uv pip install -r requirements.txt || true
    printf '#!/bin/bash\ncd /root/.hermes/hermes-agent && source venv/bin/activate && python hermes "$@"\n' > /usr/local/bin/hermes-agent
    chmod +x /usr/local/bin/hermes-agent
  verify: test -d /root/.hermes/hermes-agent && test -f /root/.local/bin/uv
  timeout: 600

Shell in, run the setup wizard, and connect your messaging platform:

clawstainer shell <id>
hermes-agent setup    # walks through API keys, model selection
hermes-agent gateway  # start the messaging gateway

Why Hermes for the power user

	OpenClaw	Hermes Agent
Learning loop	No — static skills	Yes — creates and improves skills from experience
Memory	File-based (Markdown)	Persistent multi-session project memory + skills
Tools	100+ built-in skills	40+ tools, subagents, cron, browser, MCP
Best for	Non-technical users who text their agent	Developers and power users who want a growing assistant

Hermes also has native migration from OpenClaw, so if someone in the family levels up:

hermes claw migrate              # Interactive, imports everything
hermes claw migrate --dry-run    # Preview what gets imported

It brings over SOUL.md, memories, skills, messaging configs, and API keys.

You can also snapshot your configured Hermes sandbox the same way:

clawstainer snapshot create <id> --name hermes-ready

Now you have two golden images — openclaw-ready and hermes-ready — and can stamp out either type in seconds.

Monitoring the Family Fleet

Check resource usage across all sandboxes:

clawstainer stats

Host Disk: 6127 MB / 28690 MB (21.4%) -- 22547 MB available

ID               NAME             STATUS           DISK
sb-a1b2c3d4      mom-agent        running       1560 MB
sb-e5f6g7h8      partner-agent    running        716 MB
sb-i9j0k1l2      teen-agent       running        480 MB
sb-m3n4o5p6      my-hermes        running       1890 MB

Drill into a specific agent:

clawstainer stats sb-a1b2c3d4

Sandbox: sb-a1b2c3d4
Uptime:  up 2 hours, 15 minutes

CPU:     12.3%
Memory:  256.4 MB / 2048 MB (12.5%)
Disk:    1560 MB / 8853 MB
Procs:   8

Cost Reality

Running family agents is cheaper than you'd think:

Hardware: A Mac Mini ($699 one-time), a $20-40/month VPS, or whatever Linux box you have sitting around
API costs per agent: Light users (a few messages a day) run $5-20/month on Claude or GPT
Clawstainer: Free. MIT licensed. No per-agent fees.
OpenClaw / Hermes: Free. MIT licensed. You pay for the LLM provider, not the runtime.

For a family of four with moderate usage, you're looking at $40-100/month total in API costs. That's the cost of a streaming subscription per person — except this one actually does things for you.

What's Next

Every person should have their own agent. Not a shared chatbot. Not a family account. A dedicated, persistent, personalized AI that knows their preferences, runs on their schedule, and talks to them where they already are.

Clawstainer makes that possible today. Snapshot once, deploy everywhere, sandbox everything, and let each person's agent grow with them — whether they're texting recipes to Mom on WhatsApp or you're running a self-improving Hermes instance that files your taxes while you sleep.

The tools are open source. The infrastructure is a single machine. The hardest part is writing a good SOUL.md.