mirror of
https://github.com/openclaw/openclaw.git
synced 2026-07-08 18:08:10 +08:00
* fix(agents): harden LSP process failures Source: #100450 Co-authored-by: morluto <williamlin1327@gmail.com> * fix(sandbox): report effective workspace layout Sources: #100435, #100439 Co-authored-by: Aniruddha Adak <aniruddhaadak80@users.noreply.github.com> Co-authored-by: ZengWen-DT <ceng.wen@xydigit.com> * fix(security): fail install checks on stream errors Source: #100413 Co-authored-by: 陈宪彪0668000387 <chen.xianbiao@xydigit.com> * fix(android): normalize all-day calendar events Source: #100032 Co-authored-by: NianJiuZst <180004567+NianJiuZst@users.noreply.github.com> * fix(ios): serialize push-to-talk lifecycle Source: #99942 Co-authored-by: NianJiuZst <180004567+NianJiuZst@users.noreply.github.com> * fix(talk): reject inherited provider names Source: #99849 Co-authored-by: zenglingbiao <zeng.lingbiao@xydigit.com> * fix(android): stop voice capture in background Source: #99840 Co-authored-by: xialonglee <li.xialong@xydigit.com> * fix(cron): preserve fallback result classification Source: #99913 Co-authored-by: jincheng-xydt <xu.jincheng@xydigit.com> * fix(google): bound Vertex response decompression Source: #99812 Co-authored-by: 黄剑雄0668001315 <huang.jianxiong@xydigit.com> * fix(plugins): report malformed discovery JSON Source: #99892 Co-authored-by: 陈宪彪0668000387 <chen.xianbiao@xydigit.com> * test(sandbox): configure non-default workspace fixture * test: fix small-fix batch validation --------- Co-authored-by: morluto <williamlin1327@gmail.com> Co-authored-by: ZengWen-DT <ceng.wen@xydigit.com> Co-authored-by: 陈宪彪0668000387 <chen.xianbiao@xydigit.com> Co-authored-by: NianJiuZst <180004567+NianJiuZst@users.noreply.github.com> Co-authored-by: zenglingbiao <zeng.lingbiao@xydigit.com> Co-authored-by: xialonglee <li.xialong@xydigit.com> Co-authored-by: jincheng-xydt <xu.jincheng@xydigit.com> Co-authored-by: 黄剑雄0668001315 <huang.jianxiong@xydigit.com>
126 lines
6.1 KiB
Markdown
126 lines
6.1 KiB
Markdown
---
|
|
summary: "Manage sandbox runtimes and inspect effective sandbox policy"
|
|
title: Sandbox CLI
|
|
read_when: "You are managing sandbox runtimes or debugging sandbox/tool-policy behavior."
|
|
status: active
|
|
---
|
|
|
|
Manage sandbox runtimes for isolated agent execution: Docker containers, SSH targets, or OpenShell backends.
|
|
|
|
## Commands
|
|
|
|
### `openclaw sandbox list`
|
|
|
|
List sandbox runtimes with status, backend, config match, age, idle time, and associated session/agent.
|
|
|
|
```bash
|
|
openclaw sandbox list
|
|
openclaw sandbox list --browser # browser containers only
|
|
openclaw sandbox list --json
|
|
```
|
|
|
|
### `openclaw sandbox recreate`
|
|
|
|
Remove sandbox runtimes to force recreation with current config. Runtimes are recreated automatically the next time the agent is used.
|
|
|
|
```bash
|
|
openclaw sandbox recreate --all
|
|
openclaw sandbox recreate --agent mybot # includes agent:mybot:* sub-sessions
|
|
openclaw sandbox recreate --session "agent:main:main"
|
|
openclaw sandbox recreate --browser --all # only browser containers
|
|
openclaw sandbox recreate --all --force # skip confirmation
|
|
```
|
|
|
|
Options:
|
|
|
|
- `--all`: recreate all sandbox containers
|
|
- `--session <key>`: recreate the runtime with this exact scope key (as shown by `sandbox list`); no short-name expansion
|
|
- `--agent <id>`: recreate runtimes for one agent (matches `agent:<id>` and `agent:<id>:*`)
|
|
- `--browser`: only affect browser containers
|
|
- `--force`: skip the confirmation prompt
|
|
|
|
Pass exactly one of `--all`, `--session`, or `--agent`.
|
|
|
|
For `ssh` and OpenShell `remote`, recreate matters more than with Docker: the remote workspace is canonical after the initial seed, `recreate` deletes that canonical remote workspace for the selected scope, and the next run reseeds it from the current local workspace.
|
|
|
|
### `openclaw sandbox explain`
|
|
|
|
Inspect the effective sandbox mode/scope/workspace access, sandbox tool policy, and elevated-tool gates (with fix-it config key paths).
|
|
|
|
The report keeps `workspaceRoot` as the configured sandbox root and separately shows the effective host workspace, backend runtime workdir, and Docker mount table. For `workspaceAccess: "rw"`, the effective host workspace is the agent workspace rather than a directory below `workspaceRoot`.
|
|
|
|
```bash
|
|
openclaw sandbox explain
|
|
openclaw sandbox explain --session agent:main:main
|
|
openclaw sandbox explain --agent work
|
|
openclaw sandbox explain --json
|
|
```
|
|
|
|
Unlike `recreate --session`, this accepts short session names (for example `main`) and expands them against the resolved agent.
|
|
|
|
## Why recreate is needed
|
|
|
|
Updating sandbox config does not affect running containers: existing runtimes keep their old settings, and idle runtimes are only pruned after `prune.idleHours` (default 24h). Regularly used agents can keep stale runtimes alive indefinitely. `openclaw sandbox recreate` removes the old runtime so the next use rebuilds it from current config.
|
|
|
|
<Tip>
|
|
Prefer `openclaw sandbox recreate` over manual backend-specific cleanup. It uses the Gateway's runtime registry and avoids mismatches when scope or session keys change.
|
|
</Tip>
|
|
|
|
## Common triggers
|
|
|
|
| Change | Command |
|
|
| -------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------- |
|
|
| Docker image update (`agents.defaults.sandbox.docker.image`) | `openclaw sandbox recreate --all` |
|
|
| Sandbox config (`agents.defaults.sandbox.*`) | `openclaw sandbox recreate --all` |
|
|
| SSH target/auth (`agents.defaults.sandbox.ssh.{target,workspaceRoot,identityFile,certificateFile,knownHostsFile,identityData,certificateData,knownHostsData}`) | `openclaw sandbox recreate --all` |
|
|
| OpenShell source/policy/mode (`plugins.entries.openshell.config.{from,mode,policy}`) | `openclaw sandbox recreate --all` |
|
|
| `setupCommand` | `openclaw sandbox recreate --all` (or `--agent <id>` for one agent) |
|
|
|
|
<Note>
|
|
Runtimes are automatically recreated when the agent is next used.
|
|
</Note>
|
|
|
|
## Registry migration
|
|
|
|
Sandbox runtime metadata lives in the shared SQLite state database. Older installs may have legacy registry files that regular reads no longer rewrite:
|
|
|
|
- `~/.openclaw/sandbox/containers.json`
|
|
- `~/.openclaw/sandbox/browsers.json`
|
|
- one JSON shard per container/browser under `~/.openclaw/sandbox/containers/` or `~/.openclaw/sandbox/browsers/`
|
|
|
|
Run `openclaw doctor --fix` to migrate valid legacy entries into SQLite. Invalid legacy files are quarantined so a corrupt old registry cannot hide current runtime entries.
|
|
|
|
## Configuration
|
|
|
|
Sandbox settings live in `~/.openclaw/openclaw.json` under `agents.defaults.sandbox` (per-agent overrides go in `agents.list[].sandbox`):
|
|
|
|
```jsonc
|
|
{
|
|
"agents": {
|
|
"defaults": {
|
|
"sandbox": {
|
|
"mode": "all", // off, non-main, all
|
|
"backend": "docker", // docker, ssh, openshell (plugin-provided)
|
|
"scope": "agent", // session, agent, shared
|
|
"docker": {
|
|
"image": "openclaw-sandbox:bookworm-slim",
|
|
"containerPrefix": "openclaw-sbx-",
|
|
// ... more Docker options
|
|
},
|
|
"prune": {
|
|
"idleHours": 24, // auto-prune after 24h idle
|
|
"maxAgeDays": 7, // auto-prune after 7 days
|
|
},
|
|
},
|
|
},
|
|
},
|
|
}
|
|
```
|
|
|
|
## Related
|
|
|
|
- [CLI reference](/cli)
|
|
- [Sandboxing](/gateway/sandboxing)
|
|
- [Agent workspace](/concepts/agent-workspace)
|
|
- [Doctor](/gateway/doctor): checks sandbox setup.
|