Sandbox Modes
Compute Mode
Ephemeral containers for quick calculations and data processing. Each call runs in a fresh container.
Code Mode
Persistent Linux sandbox for iterative development. Full shell access, package installation, and file persistence across calls.
Enabling Sandbox
Via MCP Tools
create_agent and update_agent tools accept sandbox configuration:
Via Frontmatter (.prompt file)
Addsandbox: to your agent’s frontmatter:
sandbox_run tool for executing code:
Code Mode
Enable persistent Linux sandbox withmode: code:
Code Mode Tools
Whenmode: code is enabled, agents receive these tools:
Example: Full Development Workflow
Configuration Reference
Compute Mode
Code Mode
Runtime Images
Session Scoping (Code Mode)
Sessions can be scoped to share containers:- Workflow Scope
- Agent Scope
Container shared across all agents in a workflow:
Deployment Requirements
- Compute Mode
- Code Mode
Requires Dagger (auto-managed):
Fly Machines Backend
When running Station on Fly.io, use the Fly Machines backend instead of Docker (Fly’s Firecracker VMs don’t support Docker-in-Docker).Configuration
FLY_API_TOKEN- Your Fly.io API tokenFLY_ORG- Organization slug (if not in config)
Custom Images
Create a Dockerfile with your required tools:Private Registry Authentication
For private images, add registry credentials:- GitHub (ghcr.io)
- Docker Hub
- AWS ECR
Environment Variable Injection
Inject secrets and configuration into sandbox containers using theSTN_CODE_ prefix. This is essential for CLI tools like Terraform, AWS CLI, kubectl, etc.
How It Works
Environment variables on the Station host with theSTN_CODE_ prefix are automatically injected into sandbox containers with the prefix stripped:
Setting Variables
- Fly.io Secrets
- Docker
- Local Development
Common Use Cases
Example: Terraform Agent
Session Persistence (Fly Machines)
When running on Fly.io, sandbox sessions are persisted to NATS KV store. This enables sessions to survive Station restarts.How It Works
Benefits
Configuration
Session persistence is automatic when using Fly Machines backend. No additional configuration required.Session Recovery
On Station startup, existing Fly Machines are automatically recovered:Sessions are keyed by workflow run ID for workflow-scoped sessions, ensuring the same sandbox is reused across workflow steps even after Station restarts.
Security
Both modes provide isolation:- Unprivileged containers (no
--privileged) - No Docker socket access from within sandbox
- Network disabled by default
- Resource limits enforced
- Timeout protection
File Staging
Stage files between your local system and sandbox containers via NATS Object Store.File staging solves the challenge of getting large files into sandboxes without passing content through LLM context (which is slow, expensive, and size-limited).
How It Works
File Staging Tools
When Code Mode is enabled, agents get two additional tools:Example Workflow
Tool Reference
- sandbox_stage_file
- sandbox_publish_file
Fetch a file from NATS Object Store and write it to the sandbox.
File Key Conventions
CLI File Management
See the full
stn files CLI reference for upload, download, list, and delete commands.Next Steps
Agent Development
Create agents that use sandbox
Workflows
Multi-step agent orchestration

