Skip to content

docs(cli): document sandbox tool policy and whole-process mode#1256

Draft
wenemily wants to merge 2 commits into
mainfrom
docs/cli-sandbox-mcp-whole-process
Draft

docs(cli): document sandbox tool policy and whole-process mode#1256
wenemily wants to merge 2 commits into
mainfrom
docs/cli-sandbox-mcp-whole-process

Conversation

@wenemily

Copy link
Copy Markdown
Contributor

Summary

Updates the sandbox docs for two source PRs:

  • CLI-975 (Factory-AI/factory-mono#13561: sandbox tool policy foundation) — MCP tools now fail closed under an active sandbox. Documents the default-deny tool policy and removes the stale "MCPs are not isolated yet" note.
  • CLI-1017 (Factory-AI/factory-mono#13574: whole-process sandbox mode) — adds the new mode: "whole-process" (Linux) that isolates the entire Droid process, including the main process, MCP stdio transports, and subagents.

Files

  • docs/cli/configuration/sandbox.mdx
  • docs/jp/cli/configuration/sandbox.mdx

Closes CLI-975 and CLI-1017.

@factory-droid

factory-droid Bot commented Jun 23, 2026

Copy link
Copy Markdown
Contributor

Droid encountered an error —— View job


Security Review

Droid is reviewing code and running a security check…

@mintlify

mintlify Bot commented Jun 23, 2026

Copy link
Copy Markdown
Contributor

Preview deployment for your docs. Learn more about Mintlify Previews.

Project Status Preview Updated (UTC)
factory 🟢 Ready View Preview Jun 23, 2026, 10:50 PM

💡 Tip: Enable Workflows to automatically generate PRs for you.

MCP tools now fail closed under an active sandbox via the default-deny
tool policy, and the new whole-process mode isolates the entire Droid
process on Linux. Update the sandbox reference accordingly (EN + JP).

Co-authored-by: factory-droid[bot] <138933559+factory-droid[bot]@users.noreply.github.com>
Document CLI-1050 (mediated WebSearch, Factory-domain network defaults)
and CLI-1051 (Task subagents inherit the parent sandbox). Correct the
MCP tools behavior: under the merged sandbox they are mediated by
argument inspection (URL args checked against allowedDomains, path args
against the filesystem policy) rather than blanket-denied, while
connectors still fail closed. Mirrored to JP.

Co-authored-by: factory-droid[bot] <138933559+factory-droid[bot]@users.noreply.github.com>
@wenemily wenemily force-pushed the docs/cli-sandbox-mcp-whole-process branch from 1f499b0 to 0b8c2ee Compare July 1, 2026 20:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant