refactor(sandbox): unify scope + per-agent overrides

2026-01-08 01:17:49 +01:00
parent ad8b7c739b
commit 145fe1cec7
10 changed files with 343 additions and 140 deletions
--- a/docs/gateway/configuration.md
+++ b/docs/gateway/configuration.md
@@ -340,6 +340,8 @@ Run multiple isolated agents (separate workspace, `agentDir`, sessions) inside o
    - `scope`: `"session"` | `"agent"` | `"shared"`
    - `workspaceRoot`: custom sandbox workspace root
    - `docker`: per-agent docker overrides (e.g. `image`, `network`, `env`, `setupCommand`, limits; ignored when `scope: "shared"`)
+    - `browser`: per-agent sandboxed browser overrides (ignored when `scope: "shared"`)
+    - `prune`: per-agent sandbox pruning overrides (ignored when `scope: "shared"`)
    - `tools`: per-agent sandbox tool policy (deny wins; overrides `agent.sandbox.tools`)
  - `tools`: per-agent tool restrictions (overrides `agent.tools`; applied before sandbox tool policy).
    - `allow`: array of allowed tool names