sandbox

Provides a single shared file system at /home/gem that is accessible across all integrated runtimes (browser, shell, Jupyter, Node.js, VSCode) without requiring external storage coordination or data transfer between sandboxes. Files downloaded via browser automation are instantly available to shell commands and code execution endpoints, eliminating the fragmentation problem of separate execution environments.

Provides headless Chromium browser automation through a REST API and MCP protocol interface, supporting navigation, interaction, screenshot capture, and DOM inspection. The browser shares the unified file system, allowing downloaded files and captured data to be immediately available to other sandbox components without external storage. Integrates with browser-use framework for agent-driven web automation workflows.

Provides VNC (Virtual Network Computing) access to a remote desktop environment within the container, enabling human operators to visually interact with the sandbox. The VNC server displays the Chromium browser, terminal, and other GUI applications running in the container. Useful for debugging agent workflows, monitoring browser automation, and manual intervention.

Provides Docker container image and Docker Compose configuration for easy local and cloud deployment. The container bundles all sandbox components (browser, shell, Jupyter, VSCode, MCP server, REST API) into a single image with pre-configured networking and volume mounts. Supports deployment to Docker, Kubernetes, and cloud platforms (Volcengine VEFAAS, etc.).

Provides LangChain integration patterns and examples for using sandbox capabilities as LangChain tools. The integration includes tool wrappers that expose browser, shell, file, and code execution as LangChain-compatible tools with proper error handling and output formatting. Enables LangChain agents to orchestrate sandbox capabilities seamlessly.

Provides integration with the browser-use framework, enabling agents to use browser automation through browser-use's high-level API. The integration includes examples and documentation for combining browser-use with sandbox's shell, file, and code execution capabilities. Enables agents to perform complex web automation workflows with browser-use's agent-friendly abstractions.

Implements a skills system that packages sandbox capabilities into reusable, composable skills that agents can discover and invoke. Skills are defined with schemas, documentation, and execution logic. The system enables agents to understand available capabilities and combine them into complex workflows without hardcoding tool calls.

Provides a web-based dashboard UI for monitoring sandbox status, viewing execution logs, and controlling sandbox operations. The dashboard displays active processes, file system state, execution history, and resource usage. Enables operators to monitor agent execution, inspect results, and trigger manual operations without CLI access.

Provides an evaluation framework for testing and benchmarking AI agents running in the sandbox. The framework includes evaluation datasets, agent loop implementations, and metrics collection for assessing agent performance. Supports custom evaluation scenarios and automated testing of agent workflows.

Executes arbitrary shell commands (bash/sh) in an isolated process within the container, with access to the shared /home/gem file system and environment variables. Commands run with configurable working directory, timeout limits, and output capture (stdout/stderr). Supports both synchronous execution and streaming output for long-running processes.

Provides persistent Jupyter kernel execution with state preservation across multiple requests, enabling interactive data science workflows. Kernels maintain variable scope, imported libraries, and execution history within a session. Supports Python code execution with full access to installed packages and the shared /home/gem file system. Exposes both REST API and JupyterLab web interface for interactive development.

Executes isolated, stateless Node.js and Python scripts in separate processes with no state preservation between requests. Each execution is sandboxed with its own environment, preventing cross-contamination between agent requests. Supports quick script runs with configurable timeout and output capture. Useful for one-off computations, transformations, and utility functions.

Exposes all sandbox capabilities through a REST API (/v1/* endpoints) with auto-generated Python and TypeScript/JavaScript SDKs using Fern framework. The API provides programmatic control over browser, shell, file, and code execution with standardized request/response formats. SDKs abstract HTTP details and provide type-safe interfaces for agent integration.

Implements the Model Context Protocol (MCP) standard, exposing sandbox tools as MCP resources and tools that can be discovered and invoked by MCP-compatible AI agents. The MCP server provides standardized tool schemas, enabling agents to understand capabilities without custom integration code. Supports tool discovery, schema validation, and streaming responses for long-running operations.

Runs VS Code Server (/code-server endpoint) within the container, providing a web-based code editor with full IDE features (syntax highlighting, debugging, extensions, terminal). The editor has direct access to the shared /home/gem file system and can execute code through the sandbox's Python/Node.js/shell execution endpoints. Enables human developers to interactively edit and debug agent workflows.

Runs JupyterLab (/jupyter endpoint) within the container, providing an interactive notebook interface for exploratory data analysis and code development. Notebooks have access to the shared /home/gem file system and can execute Python code through the stateful Jupyter kernel. Supports markdown documentation, rich output visualization, and cell-by-cell execution.

Provides REST API endpoints for file operations (read, write, delete, list, upload, download) on the shared /home/gem file system. Supports batch operations, directory traversal, and metadata queries. All file operations are atomic and respect file system permissions. Integrates with browser downloads and code execution output, enabling seamless file sharing across sandbox components.