docs(multi-agent): add section on per-agent sandbox and tools

Add new section explaining: - How to configure per-agent sandbox settings - How to configure per-agent tool restrictions - Benefits (security isolation, resource control, flexible policies) - Link to detailed guide Include example config showing personal assistant (no sandbox) vs family bot (sandboxed with read-only tools).
2026-01-07 11:59:04 +01:00
parent bf4b89e873
commit dad1a99a20
1 changed files with 38 additions and 0 deletions
--- a/docs/concepts/multi-agent.md
+++ b/docs/concepts/multi-agent.md
@@ -131,3 +131,41 @@ multiple phone numbers without mixing sessions.
  },
 }
 ```
+
+## Per-Agent Sandbox and Tool Configuration
+
+Starting with v2026.1.6, each agent can have its own sandbox and tool restrictions:
+
+```js
+{
+  routing: {
+    agents: {
+      personal: {
+        workspace: "~/clawd-personal",
+        sandbox: {
+          mode: "off",  // No sandbox for personal agent
+        },
+        // No tool restrictions - all tools available
+      },
+      family: {
+        workspace: "~/clawd-family",
+        sandbox: {
+          mode: "all",     // Always sandboxed
+          scope: "agent",  // One container per agent
+        },
+        tools: {
+          allow: ["read"],                    // Only read tool
+          deny: ["bash", "write", "edit"],    // Deny others
+        },
+      },
+    },
+  },
+}
+```
+
+**Benefits:**
+- **Security isolation**: Restrict tools for untrusted agents
+- **Resource control**: Sandbox specific agents while keeping others on host
+- **Flexible policies**: Different permissions per agent
+
+See [Multi-Agent Sandbox & Tools](/docs/multi-agent-sandbox-tools) for detailed examples.