let5see/clawdbot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add sandbox browser control allowlists

Browse Source
This commit is contained in:
Peter Steinberger
2026-01-11 01:52:23 +01:00
parent b0b4b33b6b
commit 07be761779
12 changed files with 165 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
docs/gateway/configuration.md
View File

@@ -1377,6 +1377,9 @@ Legacy: `perSession` is still supported (`true` → `scope: "session"`,
headless: false,
enableNoVnc: true,
allowHostControl: false,
allowedControlUrls: ["http://10.0.0.42:18791"],
allowedControlHosts: ["browser.lab.local", "10.0.0.42"],
allowedControlPorts: [18791],
autoStart: true,
autoStartTimeoutMs: 12000
},
@@ -1424,6 +1427,11 @@ sandboxed sessions to explicitly target the **host** browser control server
via the browser tool (`target: "host"`). Leave this off if you want strict
sandbox isolation.
Allowlists for remote control:
- `allowedControlUrls`: exact control URLs permitted for `target: "custom"`.
- `allowedControlHosts`: hostnames permitted (hostname only, no port).
- `allowedControlPorts`: ports permitted (defaults: http=80, https=443).
### `models` (custom providers + base URLs)
Clawdbot uses the **pi-coding-agent** model catalog. You can add custom providers

1
docs/gateway/sandboxing.md
View File

@@ -22,6 +22,7 @@ and process access when the model does something dumb.
- By default, the sandbox browser auto-starts (ensures CDP is reachable) when the browser tool needs it.
Configure via `agents.defaults.sandbox.browser.autoStart` and `agents.defaults.sandbox.browser.autoStartTimeoutMs`.
- `agents.defaults.sandbox.browser.allowHostControl` lets sandboxed sessions target the host browser explicitly.
- Optional allowlists gate `target: "custom"`: `allowedControlUrls`, `allowedControlHosts`, `allowedControlPorts`.
Not sandboxed:
- The Gateway process itself.

1
docs/tools/browser.md
View File

@@ -244,5 +244,6 @@ How it maps:
- `controlUrl` sets `target: "custom"` implicitly (remote control server).
- In sandboxed sessions, `target: "host"` requires `agents.defaults.sandbox.browser.allowHostControl=true`.
- If `target` is omitted: sandboxed sessions default to `sandbox`, non-sandbox sessions default to `host`.
- Sandbox allowlists can restrict `target: "custom"` to specific URLs/hosts/ports.
This keeps the agent deterministic and avoids brittle selectors.