Add docs/multi-agent-sandbox-tools.md covering:
- Configuration examples (personal + restricted, work agents)
- Different sandbox modes per agent
- Tool restriction patterns (read-only, safe execution, communication-only)
- Configuration precedence rules
- Migration guide from single-agent setups
- Troubleshooting tips
Add PR_SUMMARY.md for upstream submission with:
- Feature overview and use cases
- Implementation details (49 LoC across 5 files)
- Test coverage (18 new tests, all existing tests pass)
- Backward compatibility confirmation
- Migration examples
---
Kudos to Eula, the beautiful and selfless family owl 🦉
This feature was developed to enable safe, restricted access
for family group chats while maintaining full access for
the personal assistant. Schuhu!
Add new section explaining:
- How to configure per-agent sandbox settings
- How to configure per-agent tool restrictions
- Benefits (security isolation, resource control, flexible policies)
- Link to detailed guide
Include example config showing personal assistant (no sandbox)
vs family bot (sandboxed with read-only tools).
Add 5 tests for agent-specific tool restrictions:
- Apply global tool policy when no agent-specific policy exists
- Apply agent-specific tool policy
- Allow different tool policies for different agents
- Combine global and agent-specific deny lists
- Work with sandbox tools filtering
All tests pass.
Add 6 tests for agent-specific sandbox configuration:
- Use global sandbox config when no agent-specific config exists
- Override with agent-specific sandbox mode 'off'
- Use agent-specific sandbox mode 'all'
- Use agent-specific scope
- Use agent-specific workspaceRoot
- Prefer agent config over global for multiple agents
All tests pass.
Add 7 tests for resolveAgentConfig():
- Return undefined when no agents config exists
- Return undefined when agent id does not exist
- Return basic agent config (name, workspace, agentDir, model)
- Return agent-specific sandbox config
- Return agent-specific tools config
- Return both sandbox and tools config
- Normalize agent id
All tests pass.
Changes to defaultSandboxConfig():
- Add optional agentId parameter
- Load routing.agents[agentId].sandbox if available
- Prefer agent-specific settings over global agent.sandbox
Update callers in resolveSandboxContext() and
ensureSandboxWorkspaceForSession() to extract agentId
from sessionKey and pass it to defaultSandboxConfig().
This enables per-agent sandbox modes (e.g., main: off, family: all).
Return newly added fields from routing.agents config:
- sandbox: agent-specific sandbox configuration
- tools: agent-specific tool restrictions
This makes per-agent sandbox and tool settings accessible
to other parts of the codebase.
The /activation command now properly controls group activation mode:
- Loads session state before filtering messages
- Checks groupActivation field (from /activation command)
- Falls back to config telegram.groups requireMention setting
Previously, the bot only checked config and ignored session state,
making the /activation command appear to work but have no effect.
Changes:
- Add resolveGroupActivation() to check session before config
- Import loadSessionStore to read session state early
- Pass messageThreadId to support forum topics correctly
- Add detailed explanation of group activation modes (requireMention)
- Document /activation command (mention vs always)
- Clarify two-level access control: group allowlist + sender policy
- Add troubleshooting section for common issues
- Explain that telegram.groups creates an allowlist
- Add instructions for getting group chat ID
Fixes confusion around group setup where /activation command
updates session state but doesn't persist or take effect.
Add source profiles anthropic:claude-cli and openai-codex:codex-cli; surface them in onboarding/configure.
Co-authored-by: pepicrft <pepicrft@users.noreply.github.com>
