feat: add sandbox browser support

2026-01-03 22:11:43 +01:00
parent 107dc1aa42
commit d8a417f7ff
13 changed files with 635 additions and 7 deletions
--- a/docs/configuration.md
+++ b/docs/configuration.md
@@ -454,6 +454,7 @@ Defaults (if enabled):
 - workspace per session under `~/.clawdis/sandboxes`
 - auto-prune: idle > 24h OR age > 7d
 - tools: allow only `bash`, `process`, `read`, `write`, `edit` (deny wins)
+- optional sandboxed browser (Chromium + CDP, noVNC observer)

 ```json5
 {
@@ -474,6 +475,16 @@ Defaults (if enabled):
        env: { LANG: "C.UTF-8" },
        setupCommand: "apt-get update && apt-get install -y git curl jq"
      },
+      browser: {
+        enabled: false,
+        image: "clawdis-sandbox-browser:bookworm-slim",
+        containerPrefix: "clawdis-sbx-browser-",
+        cdpPort: 9222,
+        vncPort: 5900,
+        noVncPort: 6080,
+        headless: false,
+        enableNoVnc: true
+      },
      tools: {
        allow: ["bash", "process", "read", "write", "edit"],
        deny: ["browser", "canvas", "nodes", "cron", "discord", "gateway"]
@@ -487,6 +498,22 @@ Defaults (if enabled):
 }
 ```

+Build the default sandbox image once with:
+```bash
+scripts/sandbox-setup.sh
+```
+
+Build the optional browser image with:
+```bash
+scripts/sandbox-browser-setup.sh
+```
+
+When `agent.sandbox.browser.enabled=true`, the browser tool uses a sandboxed
+Chromium instance (CDP). If noVNC is enabled (default when headless=false),
+the noVNC URL is injected into the system prompt so the agent can reference it.
+This does not require `browser.enabled` in the main config; the sandbox control
+URL is injected per session.
+
 ### `models` (custom providers + base URLs)

 Clawdis uses the **pi-coding-agent** model catalog. You can add custom providers