feat: add per-session agent sandbox

2026-01-03 21:35:44 +01:00
parent 7bad9f3fbd
commit 3b075dff8a
20 changed files with 1134 additions and 36 deletions
--- a/docs/security.md
+++ b/docs/security.md
@@ -99,6 +99,12 @@ services:
    network_mode: bridge  # Limited network
 ```

+### Per-session sandbox (Clawdis-native)
+
+Clawdis can also run **non-main sessions** inside per-session Docker containers
+(`agent.sandbox`). This keeps the gateway on your host while isolating agent
+tools in a hard wall container. See `docs/configuration.md` for the full config.
+
 Expose only the services your AI needs:
 - ✅ GoWA API (for WhatsApp)
 - ✅ Specific HTTP APIs