Modal Sandboxes

Modal is a sandbox provider for Dari agent sessions. To use Modal, set sandbox.provider to modal in dari.yml:

dari.yml

sandbox:
  provider: modal

When provider_api_key_secret is omitted, Dari uses its managed Modal credentials if they are configured for your deployment. Add provider_api_key_secret only when you want to bring your own Modal token.

dari.yml

sandbox:
  provider: modal
  provider_api_key_secret: MODAL_TOKEN

The value in provider_api_key_secret is a stored Dari credential name, not the raw Modal token. Store the token separately with the CLI:

dari credentials add MODAL_TOKEN

Modal tokens have two parts: a token ID and a token secret. When prompted, paste them as one value in this format:

<token_id>:<token_secret>

Dari also accepts JSON if you prefer a more explicit format:

{"token_id":"ak-...","token_secret":"as-..."}

Configuration

Field	Required	Notes
`provider`	yes	Set to `modal`.
`provider_api_key_secret`	no	Name of a stored org credential containing a Modal token pair. Omit to use Dari-managed Modal credentials. Never put the raw token in `dari.yml`.
`internet_access`	no	Boolean. Defaults to `false`; set to `true` to allow public internet access from execution sandboxes.

Use MODAL_TOKEN as the conventional credential name because Modal auth is a token pair, not a single API key. You may choose a different credential name, such as MY_MODAL_TOKEN, as long as sandbox.provider_api_key_secret matches the name you store with dari credentials add.

​Configuration

Configuration