All
box.* settings on this page live in data/config.yaml. See System Environment Settings for the file’s location and how it’s loaded.Recommended Configuration
enabled: master switch. Whenfalse, all Box-dependent features are disabled (sandbox tools, skill add/edit, stdio MCP hosting).backend: see “Backend Selection” below.local.profile: security profile — controls network, mounts, and resource limits.local.host_root: host workspace directory, mapped to/workspaceinside the sandbox.local.skills_root: skill package directory; relative paths resolve underhost_root(defaults tohost_root/skills).docker.cpu_limit_enabled: whether Docker sandbox containers get a CPU limit; set tofalseto omitdocker run --cpuswhile keeping memory and PID limits.
Skills are loaded only from the Box-managed skill store. When Box Runtime or the backend is unavailable, the skill list is empty and create/edit/
register_skill are disabled — there’s no fallback to data/skills/.Backend Selection
The sandbox can run on local containers or in the cloud.box.backend picks which:
local is shorthand for “auto-pick”, not a fourth backend sitting next to docker/nsjail. The local backends (local/docker/nsjail) share the box.local.* config section; the cloud backend uses box.e2b.*.
backend is a hard selection. Setting docker and finding Docker unavailable does not fall back to Nsjail or E2B — only local auto-fans-out.BOX__BACKEND environment variable overrides box.backend (highest priority).Security Profiles
box.local.profile controls network, mounts, and resource limits for local backends:
Prefer least privilege: skip the network unless you need it (
default / offline_readonly); only add necessary directories to allowed_mount_roots.
Local Backend Configuration (box.local.*)
The local backends (local / docker / nsjail) share these settings:
Box Sandbox Memory Configuration
box.default_memory_mb sets the nsjail cgroup memory cap for every stdio-mode MCP server process.
Can be set in config.yaml or via the
BOX__DEFAULT_MEMORY_MB environment variable.
When to adjust:
- Node.js MCP servers (launched via npx/bunx): V8 + WebAssembly module initialisation needs significant memory; keep at ≥ 1536 MB
- Python MCP servers (launched via uvx): 512 MB is usually enough, but the default is fine too
- When memory is exhausted, the process is forcibly killed (return_code=137), logged as “Box managed process exited unexpectedly”
box.memory_mb in the individual MCP server config to override the global default.
Docker Backend Configuration (box.docker.*)
Cloud Backend Configuration (box.e2b.*)
Configure after settingbackend: 'e2b':
E2B doesn’t need Docker or Nsjail on the host — every execution goes through the remote sandbox.
Docker Compose Deployment
In Docker Compose, sandbox settings live on thelangbot service. LangBot forwards them to langbot_box via INIT RPC at startup.
box.runtime.endpoint:
Environment Variables
Don’t set
BOX__* or LANGBOT_BOX_* on the langbot_box service — Box Runtime doesn’t read them directly. Its configuration arrives over INIT RPC from LangBot.