diff --git a/docs/gateway/sandboxing.md b/docs/gateway/sandboxing.md
index 8d4105a70..4ae1fa662 100644
--- a/docs/gateway/sandboxing.md
+++ b/docs/gateway/sandboxing.md
@@ -8,7 +8,10 @@ status: active
 # Sandboxing
 
 Clawdbot can run **tools inside Docker containers** to reduce blast radius.
-The Gateway stays on the host; tool execution runs in an isolated sandbox.
+This is **optional** and controlled by configuration (`agent.sandbox` or
+`routing.agents[id].sandbox`). If sandboxing is off, tools run on the host.
+The Gateway stays on the host; tool execution runs in an isolated sandbox
+when enabled.
 
 This is not a perfect security boundary, but it materially limits filesystem
 and process access when the model does something dumb.
diff --git a/docs/start/faq.md b/docs/start/faq.md
index 67540700f..a02d226a7 100644
--- a/docs/start/faq.md
+++ b/docs/start/faq.md
@@ -89,6 +89,10 @@ It also warns if your configured model is unknown or missing auth.
 
 Bun is supported for faster TypeScript execution, but **WhatsApp requires Node** in this ecosystem. The wizard lets you pick the runtime; choose **Node** if you use WhatsApp.
 
+### Is there a dedicated sandboxing doc?
+
+Yes. See [Sandboxing](/gateway/sandboxing). For Docker-specific setup (full gateway in Docker or sandbox images), see [Docker](/install/docker).
+
 ## Where things live on disk
 
 ### Where does Clawdbot store its data?
diff --git a/docs/start/hubs.md b/docs/start/hubs.md
index dc6d27644..18ddda1b4 100644
--- a/docs/start/hubs.md
+++ b/docs/start/hubs.md
@@ -80,6 +80,7 @@ Use these hubs to discover every page, including deep dives and reference docs t
 - [Heartbeat](https://docs.clawd.bot/gateway/heartbeat)
 - [Doctor](https://docs.clawd.bot/gateway/doctor)
 - [Logging](https://docs.clawd.bot/gateway/logging)
+- [Sandboxing](https://docs.clawd.bot/gateway/sandboxing)
 - [Dashboard](https://docs.clawd.bot/web/dashboard)
 - [Control UI](https://docs.clawd.bot/web/control-ui)
 - [Remote access](https://docs.clawd.bot/gateway/remote)