diff --git a/docs/concepts/agent-workspace.md b/docs/concepts/agent-workspace.md index 2b0ea5924..edf43e889 100644 --- a/docs/concepts/agent-workspace.md +++ b/docs/concepts/agent-workspace.md @@ -16,6 +16,8 @@ sessions. resolve relative paths against the workspace, but absolute paths can still reach elsewhere on the host unless sandboxing is enabled. If you need isolation, use [`agent.sandbox`](/gateway/sandboxing) (and/or per‑agent sandbox config). +When sandboxing is enabled and `workspaceAccess` is not `"rw"`, tools operate +inside a sandbox workspace under `~/.clawdbot/sandboxes`, not your host workspace. ## Default location diff --git a/docs/gateway/configuration.md b/docs/gateway/configuration.md index abad5bb7a..3125780b4 100644 --- a/docs/gateway/configuration.md +++ b/docs/gateway/configuration.md @@ -1473,6 +1473,7 @@ Controls session scoping, idle expiry, reset triggers, and where the session sto Fields: - `mainKey`: direct-chat bucket key (default: `"main"`). Useful when you want to “rename” the primary DM thread without changing `agentId`. + - Sandbox note: `agent.sandbox.mode: "non-main"` uses this key to detect the main session. Any session key that does not match `mainKey` (groups/channels) is sandboxed. - `agentToAgent.maxPingPongTurns`: max reply-back turns between requester/target (0–5, default 5). - `sendPolicy.default`: `allow` or `deny` fallback when no rule matches. - `sendPolicy.rules[]`: match by `provider`, `chatType` (`direct|group|room`), or `keyPrefix` (e.g. `cron:`). First deny wins; otherwise allow. diff --git a/docs/gateway/sandboxing.md b/docs/gateway/sandboxing.md index 7f2e6ba24..93a629bbe 100644 --- a/docs/gateway/sandboxing.md +++ b/docs/gateway/sandboxing.md @@ -31,6 +31,8 @@ Not sandboxed: - `"off"`: no sandboxing. - `"non-main"`: sandbox only **non-main** sessions (default if you want normal chats on host). - `"all"`: every session runs in a sandbox. +Note: `"non-main"` is based on `session.mainKey` (default `"main"`), not agent id. +Group/channel sessions use their own keys, so they count as non-main and will be sandboxed. ## Scope `agent.sandbox.scope` controls **how many containers** are created: diff --git a/docs/gateway/troubleshooting.md b/docs/gateway/troubleshooting.md index 7d663ccae..43b636892 100644 --- a/docs/gateway/troubleshooting.md +++ b/docs/gateway/troubleshooting.md @@ -122,6 +122,19 @@ or state drift because only one workspace is active. **Fix:** keep a single active workspace and archive/remove the rest. See [Agent workspace](/concepts/agent-workspace#legacy-workspace-folders). +### Main chat running in a sandbox workspace + +Symptoms: `pwd` or file tools show `~/.clawdbot/sandboxes/...` even though you +expected the host workspace. + +**Why:** `agent.sandbox.mode: "non-main"` keys off `session.mainKey` (default `"main"`). +Group/channel sessions use their own keys, so they are treated as non-main and +get sandbox workspaces. + +**Fix options:** +- If you want host workspaces for an agent: set `routing.agents..sandbox.mode: "off"`. +- If you want host workspace access inside sandbox: set `workspaceAccess: "rw"` for that agent. + ### "Agent was aborted" The agent was interrupted mid-response. diff --git a/docs/multi-agent-sandbox-tools.md b/docs/multi-agent-sandbox-tools.md index 58d47cee7..d17ee98f2 100644 --- a/docs/multi-agent-sandbox-tools.md +++ b/docs/multi-agent-sandbox-tools.md @@ -252,6 +252,15 @@ The global `agent.workspace` and `agent.sandbox` are still supported for backwar --- +## Common Pitfall: "non-main" + +`sandbox.mode: "non-main"` is based on `session.mainKey` (default `"main"`), +not the agent id. Group/channel sessions always get their own keys, so they +are treated as non-main and will be sandboxed. If you want an agent to never +sandbox, set `routing.agents..sandbox.mode: "off"`. + +--- + ## Testing After configuring multi-agent sandbox and tools: diff --git a/docs/start/getting-started.md b/docs/start/getting-started.md index 4104da617..d523ba71c 100644 --- a/docs/start/getting-started.md +++ b/docs/start/getting-started.md @@ -19,6 +19,23 @@ Recommended path: use the **CLI onboarding wizard** (`clawdbot onboard`). It set If you want the deeper reference pages, jump to: [Wizard](/start/wizard), [Setup](/start/setup), [Pairing](/start/pairing), [Security](/gateway/security). +Sandboxing note: `agent.sandbox.mode: "non-main"` uses `session.mainKey` (default `"main"`), +so group/channel sessions are sandboxed. If you want the main agent to always +run on host, set an explicit per-agent override: + +```json +{ + "routing": { + "agents": { + "main": { + "workspace": "~/clawd", + "sandbox": { "mode": "off" } + } + } + } +} +``` + ## 0) Prereqs - Node `>=22`