Skip to main content
Station provides sandboxed environments for agents to execute code safely. Two modes are available depending on your use case.

Sandbox Modes

Compute Mode

Ephemeral containers for quick calculations and data processing. Each call runs in a fresh container.

Code Mode

Persistent Linux sandbox for iterative development. Full shell access, package installation, and file persistence across calls.

Enabling Sandbox

Via MCP Tools

The create_agent and update_agent tools accept sandbox configuration:
Enable Code Mode:
Disable sandbox:

Via Frontmatter (.prompt file)

Add sandbox: to your agent’s frontmatter:
The agent receives a sandbox_run tool for executing code:

Code Mode

Enable persistent Linux sandbox with mode: code:

Code Mode Tools

When mode: code is enabled, agents receive these tools:

Example: Full Development Workflow

Configuration Reference

Compute Mode

Code Mode

Runtime Images

Session Scoping (Code Mode)

Sessions can be scoped to share containers:
Container shared across all agents in a workflow:

Deployment Requirements

Requires Dagger (auto-managed):

Fly Machines Backend

When running Station on Fly.io, use the Fly Machines backend instead of Docker (Fly’s Firecracker VMs don’t support Docker-in-Docker).

Configuration

Required environment variables:
  • FLY_API_TOKEN - Your Fly.io API token
  • FLY_ORG - Organization slug (if not in config)

Custom Images

Create a Dockerfile with your required tools:
Build and push:
Then configure:

Private Registry Authentication

For private images, add registry credentials:

Environment Variable Injection

Inject secrets and configuration into sandbox containers using the STN_CODE_ prefix. This is essential for CLI tools like Terraform, AWS CLI, kubectl, etc.

How It Works

Environment variables on the Station host with the STN_CODE_ prefix are automatically injected into sandbox containers with the prefix stripped:

Setting Variables

Common Use Cases

Example: Terraform Agent

Never hardcode secrets in agent prompts or workflow definitions. Always use STN_CODE_* environment variables.

Session Persistence (Fly Machines)

When running on Fly.io, sandbox sessions are persisted to NATS KV store. This enables sessions to survive Station restarts.

How It Works

Benefits

Configuration

Session persistence is automatic when using Fly Machines backend. No additional configuration required.

Session Recovery

On Station startup, existing Fly Machines are automatically recovered:
Sessions are keyed by workflow run ID for workflow-scoped sessions, ensuring the same sandbox is reused across workflow steps even after Station restarts.

Security

Both modes provide isolation:
  • Unprivileged containers (no --privileged)
  • No Docker socket access from within sandbox
  • Network disabled by default
  • Resource limits enforced
  • Timeout protection
Enable allow_network: true only when necessary. Network access allows the sandbox to reach external services.

File Staging

Stage files between your local system and sandbox containers via NATS Object Store.
File staging solves the challenge of getting large files into sandboxes without passing content through LLM context (which is slow, expensive, and size-limited).

How It Works

File Staging Tools

When Code Mode is enabled, agents get two additional tools:

Example Workflow

Tool Reference

Fetch a file from NATS Object Store and write it to the sandbox.

File Key Conventions

CLI File Management

See the full stn files CLI reference for upload, download, list, and delete commands.

Next Steps

Agent Development

Create agents that use sandbox

Workflows

Multi-step agent orchestration