fix(security): harden sandbox browser network defaults

2026-05-09 01:38:26 +00:00 · 2026-02-21 14:01:40 +01:00
parent cf82614259
commit f48698a50b
19 changed files with 224 additions and 5 deletions
--- a/src/config/types.sandbox.ts
+++ b/src/config/types.sandbox.ts
@@ -48,7 +48,11 @@ export type SandboxBrowserSettings = {
  enabled?: boolean;
  image?: string;
  containerPrefix?: string;
+  /** Docker network for sandbox browser containers (default: openclaw-sandbox-browser). */
+  network?: string;
  cdpPort?: number;
+  /** Optional CIDR allowlist for CDP ingress at the container edge (for example: 172.21.0.1/32). */
+  cdpSourceRange?: string;
  vncPort?: number;
  noVncPort?: number;
  headless?: boolean;