Sandboxes - Dari

Every agent session runs inside a sandbox: an isolated VM-like environment where the harness executes tool calls, runs commands, and edits files. The sandbox is provisioned per session and torn down when the session ends. You can omit sandbox for Dari-managed defaults. Add a sandbox: block when you need runtimes, packages, setup scripts, internet access, environment variables, secrets, resources, or full Dockerfile control:

sandbox:
  runtimes:
    node: "20"
  packages:
    apt:
      - ripgrep
  setup:
    script: scripts/setup.sh
  internet_access: false

Supported Providers

E2B Sandboxes

Supported today. Backed by E2B’s managed sandbox service.

Modal Sandboxes

Supported today. Backed by Modal sandboxes.

Dari supports E2B and Modal as sandbox providers. E2B is the default when sandbox.provider is omitted. Execution sandboxes do not get public internet access by default. Set sandbox.internet_access: true in dari.yml, or pass a session-level override when creating a session, only when the agent needs outbound internet access.

Webhooks E2B Sandboxes

​Supported Providers

E2B Sandboxes

Modal Sandboxes

Supported Providers