Skip to main content
The sandbox gives the built-in Agent an isolated execution environment: run commands, read and write files, and host long-lived processes. Everyday Agent use cases (data processing, file operations, running user code, hosting stdio MCP) all rely on it. Once the sandbox is enabled, the built-in Agent automatically gains six tools — no need to wire each one into the pipeline.

Built-in Tools

exec runs inside the sandbox container; the other five operate directly on the host directory mapped to /workspace.
These tools target the built-in Agent. When using external runners such as Dify, n8n, Langflow, or Coze, use that platform’s own tool mechanism.

Sandbox Scope

The pipeline’s AI configuration lets you choose how the sandbox is shared across messages. The default “per chat” works for most cases.
Commands within the same scope share filesystem state. Choose “per message” for full isolation.

Lifecycle

Quick Start

  1. Prepare the backend: install Docker locally, or pick Nsjail / E2B
  2. Edit config.yaml:
  3. Start LangBot: the sandbox is enabled automatically
  4. In the pipeline, select the built-in Agent plus a model that supports function calling
The Agent will then automatically receive the six tools. See Sandbox Configuration for details.

Disabling the Sandbox

Set box.enabled: false. Everything that depends on the sandbox (built-in tools, Skill create/edit/activate, stdio MCP) is disabled together; MCP servers in http/sse mode are unaffected.

Next Steps