let5see/clawdbot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: clarify perSession isolation

Browse Source
This commit is contained in:
Peter Steinberger
2026-01-06 23:22:49 +01:00
parent 39d2ba78b7
commit e05a29395e
4 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
docs/security.md
View File

@@ -141,6 +141,9 @@ Two complementary approaches:
- **Run the full Gateway in Docker** (container boundary): https://docs.clawd.bot/docker
- **Per-session tool sandbox** (`agent.sandbox`, host gateway + Docker-isolated tools): https://docs.clawd.bot/configuration
Note: to prevent cross-agent access, keep `perSession: true` so each session gets
its own container + workspace. `perSession: false` shares a single container.
Important: `agent.elevated` is an explicit escape hatch that runs bash on the host. Keep `agent.elevated.allowFrom` tight and dont enable it for strangers.
## What to Tell Your AI