多智能体沙箱和工具配置
概述
多智能体设置中的每个智能体现在可以拥有自己的:
- 沙箱配置(
agents.list[].sandbox覆盖agents.defaults.sandbox) - 工具限制(
tools.allow/tools.deny,加上agents.list[].tools)
这允许你运行具有不同安全配置的多个智能体。
沙箱配置覆盖
每个智能体可以覆盖全局沙箱设置:
json5
{
agents: {
defaults: {
sandbox: { mode: "all", scope: "agent", workspaceAccess: "rw" }
},
list: [
{
id: "personal",
sandbox: { mode: "off" } // 完全访问
},
{
id: "work",
sandbox: { mode: "all", scope: "agent", workspaceAccess: "ro" } // 只读工作区
},
{
id: "public",
sandbox: { mode: "all", scope: "agent", workspaceAccess: "none" } // 无文件系统访问
}
]
}
}工具限制
每个智能体可以有自己的一组允许/拒绝工具:
json5
{
tools: {
// 全局默认
deny: ["process"],
allow: ["read", "write", "edit", "exec", "browser"]
},
agents: {
list: [
{
id: "coding",
tools: {
allow: ["read", "write", "edit", "exec", "process", "browser"],
deny: [] // 继承全局,允许所有
}
},
{
id: "read-only",
tools: {
allow: ["read", "sessions_list", "sessions_history"],
deny: ["write", "edit", "exec", "process", "browser"]
}
}
]
}
}优先级顺序
工具访问由以下顺序决定:
- 智能体工具配置 (
agents.list[].tools) - 最高优先级 - 全局工具配置 (
tools.allow/tools.deny) - 沙箱工具策略 - 在沙箱上下文中应用
- 工具配置文件 - 基础允许列表
示例场景
完全隔离的智能体
json5
{
agents: {
list: [
{
id: "isolated",
workspace: "~/clawd-isolated",
sandbox: {
mode: "all",
scope: "agent",
workspaceAccess: "none"
},
tools: {
allow: ["read", "sessions_send", "sessions_history"],
deny: ["write", "edit", "exec", "process", "browser", "image"]
}
}
]
}
}多层安全级别
json5
{
agents: {
defaults: {
sandbox: { mode: "all", scope: "shared", workspaceAccess: "ro" },
model: { provider: "openai", model: "gpt-4o" }
},
list: [
{
id: "admin",
sandbox: { mode: "off" },
tools: { allow: ["*"] }
},
{
id: "developer",
sandbox: { mode: "all", scope: "agent", workspaceAccess: "rw" },
model: { provider: "anthropic", model: "claude-sonnet-4-20250514" }
},
{
id: "assistant",
sandbox: { mode: "non-main", scope: "shared", workspaceAccess: "ro" },
tools: { deny: ["exec", "process"] }
}
]
}
}