docs: expand per-agent sandbox profiles

2026-01-07 20:31:23 +01:00
parent 9980f20218
commit 0e9837183d
3 changed files with 160 additions and 5 deletions
--- a/docs/install/docker.md
+++ b/docs/install/docker.md
@@ -86,6 +86,18 @@ container. The gateway stays on your host, but the tool execution is isolated:
 Warning: `scope: "shared"` disables cross-session isolation. All sessions share
 one container and one workspace.

+### Per-agent sandbox profiles (multi-agent)
+
+If you use multi-agent routing, each agent can override sandbox + tool settings:
+`routing.agents[id].sandbox` and `routing.agents[id].tools`. This lets you run
+mixed access levels in one gateway:
+- Full access (personal agent)
+- Read-only tools + read-only workspace (family/work agent)
+- No filesystem/shell tools (public agent)
+
+See [Multi-Agent Sandbox & Tools](/multi-agent-sandbox-tools) for examples,
+precedence, and troubleshooting.
+
 ### Default behavior

 - Image: `clawdbot-sandbox:bookworm-slim`