feat: sandbox shell execution abstraction by lgrammel · Pull Request #14949 · vercel/ai

lgrammel · 2026-05-04T13:42:50Z

Background

Many agents are using filesystems through shell and file read/write tools, often in separate sandbox environments. These agents are so common that a first-class sandbox abstraction would be beneficial.

Summary

add Sandbox type
add sandbox option to generateText, streamText, ToolLoopAgent
make sandbox available in ToolExecutionOptions

Example

Tool definition:

import { tool } from 'ai';
import { z } from 'zod';

export function sandboxShellTool() {
  return tool({
    description: 'Run a shell command',
    inputSchema: z.object({
      command: z.string(),
    }),

    execute: async ({ command }, { sandbox }) => {
      // TODO figure out type inference to turn the runtime error into a type error
      if (!sandbox) {
        throw new Error('Sandbox is not available');
      }
      return sandbox.executeCommand({ command });
    },
  });
}

Agent definition:

import { openai } from '@ai-sdk/openai';
import { ToolLoopAgent } from 'ai';
import { sandboxShellTool } from '../../tools/sandbox-shell-tool';

export const sandboxAgent = new ToolLoopAgent({
  model: openai('gpt-5.5'),

  tools: {
    shell: sandboxShellTool(),
  },

  prepareCall: ({ sandbox, ...rest }) => ({
    ...rest,
    instructions:
      `You are a helpful assistant that can run shell commands.\n` +
      `You are operating in the following sandbox: ${sandbox?.description}`,
  }),
});

Agent call:

import { Bash } from 'just-bash';
import { JustBashSandbox } from '../../sandbox/just-bash-sandbox';
import { sandboxAgent } from './sandbox-agent';

const sandbox = new JustBashSandbox(
  new Bash({
    cwd: '/home/user',
  }),
);

const result = await sandboxAgent.stream({
  prompt:
    'Create a file named greeting.txt with a short greeting, then list the files and show the file contents.',
  sandbox,
});

Manual Verification

agent - generate src/agent/openai/generate-local-sandbox
agent - stream src/agent/openai/stream-local-sandbox
test with ui examples/ai-e2e-next/app/chat/sandbox/page.tsx

Future Work

read/write files in sandboxes
explore generic typing of sandbox tools
move sandbox shell tool into ai package
allow choosing a sandbox in prepareStep
add timeout to executeCommand
figure out sandbox streaming
need onFinalize callback (or something) that is always invoked (on finish, abort, error etc)

…tPnS

) ## Background We introduced a sandbox abstraction in #14949 When possible, provider defined tools should automatically leverage it unless the users provide custom execution functions. ## Summary Automatically use sandbox by default in Anthropic bash tools. ## Example ```ts const result = await generateText({ model: anthropic('claude-opus-4-7'), tools: { bash: anthropic.tools.bash_20250124(), }, sandbox: new LocalSandbox({ rootDirectory: `${process.env.HOME}/Downloads`, }), stopWhen: isStepCount(2), prompt: 'List the files in my home directory.', }); ``` ## Manual Verification - [x] run and verify `examples/ai-functions/src/generate-text/anthropic/bash-tool.ts` ## Future Work - sandbox type safety - apply to bash tools from other providers ## Related Issues Builds upon #14949

## Background We introduced a `Sandbox` abstraction in #14949 It should be possible to change/determine the sandbox in `prepareStep`. ## Summary Allow changing the sandbox in `prepareStep`. ## Related Issues Follow up from #14949

… execution (#15123) ## Background We introduced a Sandbox abstraction for bash execution in #14949 ## Summary Add `workingDirectory` option to `executeCommand` ## Related Issues Builds on #14949

…ion (#15124) ## Background We introduced a Sandbox abstraction for bash execution in #14949 ## Summary Add `abortSignal` option to `executeCommand` ## Related Issues Builds on #14949

… wrappers to `Experimental_Sandbox` abstraction (#15345) ## Background `Experimental_Sandbox` (previous: #14949, #15253, #15301) only exposed `description` and `runCommand`, so tools that needed file I/O had to wrap every read/write in a shell command (`cat`, `tee`, `echo > …`). That is fragile for binary content and impossible to type properly. ## Summary - Adds six file methods to `Experimental_Sandbox`: streaming `readFile`/`writeFile` as the foundation, plus `readBinaryFile`/`readTextFile` and `writeBinaryFile`/`writeTextFile` as convenience wrappers. - All methods take a single options object so additional fields can be added without breaking the signature. - Using a stream for the foundation is the most low-level and future-proof primitive, plus it handles large files better. - In a follow up PR, we'll add another reduced abstraction surface, because technically a sandbox provider shouldn't have to implement the convenience wrappers `readTextFile`, `writeTextFile`, etc. This can take inspiration from (or continue with) #15311. - Updates the three example sandbox implementations (`LocalSandbox`, `JustBashSandbox`, both `VercelSandbox` copies) to implement the new methods, using streaming `readFile`/`writeFile` as the foundation that the binary and text variants delegate to. ## Checklist - [x] All commits are signed (PRs with unsigned commits cannot be merged) - [x] Tests have been added / updated (for bug fixes / features) - [x] Documentation has been added / updated (for bug fixes / features) - [x] A _patch_ changeset for relevant packages has been added (for bug fixes / features - run `pnpm changeset` in the project root) - [x] I have reviewed this pull request (self-review) ## Future Work See above: We'll need to add that reduced abstraction surface so that only essential methods _have_ to be implemented by the provider. We can provide a helper function to fill in the convenience wrappers automatically.

lgrammel added 9 commits May 4, 2026 14:53

1

0b17e38

2

1989217

3

fa34ab2

4

fdc5b4f

5

bac9ef6

6

fed9994

7

ce71b42

8

abe9c4e

9

ca1a644

github-actions Bot assigned lgrammel May 4, 2026

vercel Bot deployed to Preview May 4, 2026 13:44 View deployment

add vercel sandbox example

bfe2238

vercel Bot deployed to Preview May 4, 2026 14:23 View deployment

t1

5180771

vercel Bot deployed to Preview May 4, 2026 14:45 View deployment

lgrammel added 2 commits May 4, 2026 16:50

jd1

9a6ff06

10

49df48a

vercel Bot deployed to Preview May 4, 2026 14:52 View deployment

lgrammel added 3 commits May 4, 2026 16:55

Merge branch 'main' into lg/7eWtPnS

6b18717

t1

a2b7405

Merge branch 'lg/7eWtPnS' of https://github.com/vercel/ai into lg/7eW…

e2c042a

…tPnS

lgrammel changed the title ~~sandbox prototyping~~ feat: sandbox abstraction May 4, 2026

lgrammel changed the title ~~feat: sandbox abstraction~~ feat: sandbox shell execution abstraction May 4, 2026

vercel Bot deployed to Preview May 4, 2026 14:57 View deployment

lgrammel added 3 commits May 4, 2026 17:02

t2

92c1b5f

c

da1dbf7

t3

fc7e213

vercel Bot deployed to Preview May 4, 2026 15:06 View deployment

lgrammel added 2 commits May 4, 2026 17:11

d1

e00dd40

11

8c1a099

fx

5ae1fb2

vercel Bot deployed to Preview May 5, 2026 15:09 View deployment

vercel Bot reviewed May 5, 2026

View reviewed changes

Comment thread packages/ai/src/agent/tool-loop-agent.ts

fx

276d328

vercel Bot deployed to Preview May 5, 2026 15:47 View deployment

gr2m reviewed May 5, 2026

View reviewed changes

Comment thread examples/ai-e2e-next/agent/openai/sandbox-agent.ts

nicoalbanese reviewed May 6, 2026

View reviewed changes

Comment thread content/docs/03-agents/02-building-agents.mdx

lgrammel added 2 commits May 6, 2026 16:48

Merge branch 'main' into lg/7eWtPnS

0bf8541

feedback1

39a4a5a

vercel Bot deployed to Preview May 6, 2026 14:50 View deployment

add

50463a4

vercel Bot deployed to Preview May 6, 2026 14:57 View deployment

Merge branch 'main' into lg/7eWtPnS

85e34f1

vercel Bot deployed to Preview May 7, 2026 09:01 View deployment

nicoalbanese approved these changes May 7, 2026

View reviewed changes

Merge branch 'main' into lg/7eWtPnS

a543eb7

vercel Bot deployed to Preview May 7, 2026 09:06 View deployment

lgrammel merged commit 3015fc3 into main May 7, 2026
19 checks passed

lgrammel deleted the lg/7eWtPnS branch May 7, 2026 09:18

lgrammel mentioned this pull request May 7, 2026

feat(provider/anthropic): automatically use sandbox in bash tool #15084

Merged

1 task

lgrammel mentioned this pull request May 7, 2026

feat(ai): allow prepareStep to override sandbox per step #15089

Merged

This was referenced May 8, 2026

feat: add readFile to Sandbox #15097

Draft

feat: add an optional workingDirectory parameter to sandbox command execution #15123

Merged

lgrammel mentioned this pull request May 8, 2026

feat: add optional abortSignal parameters to sandbox command execution #15124

Merged

felixarntz mentioned this pull request May 15, 2026

feat(provider-utils): add readFile and writeFile plus convenience wrappers to Experimental_Sandbox abstraction #15345

Merged

5 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: sandbox shell execution abstraction#14949

feat: sandbox shell execution abstraction#14949
lgrammel merged 54 commits into
mainfrom
lg/7eWtPnS

lgrammel commented May 4, 2026 •

edited

Loading

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Conversation

lgrammel commented May 4, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Background

Summary

Example

Manual Verification

Future Work

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

lgrammel commented May 4, 2026 •

edited

Loading