Built-in Tools
exec runs inside the sandbox container; the other five operate directly on the host directory mapped to /workspace.
These tools target the built-in Agent. When using external runners such as Dify, n8n, Langflow, or Coze, use that platform’s own tool mechanism.
Sandbox Scope
The pipeline’s AI configuration lets you choose how the sandbox is shared across messages. The default “per chat” works for most cases.Lifecycle
Quick Start
- Prepare the backend: install Docker locally, or pick Nsjail / E2B
- Edit
config.yaml: - Start LangBot: the sandbox is enabled automatically
- In the pipeline, select the built-in Agent plus a model that supports function calling
Disabling the Sandbox
Setbox.enabled: false. Everything that depends on the sandbox (built-in tools, Skill create/edit/activate, stdio MCP) is disabled together; MCP servers in http/sse mode are unaffected.
Next Steps
- Sandbox Configuration — backends, security profiles, mounts, environment variables
- Runtimes & Extensions Compared — how the sandbox, Skills, MCP, and plugins divide responsibilities
