Skip to main content
The sandbox system runs agent operations (file I/O, shell commands) in isolated environments instead of the host machine. Every Thread is bound to exactly one sandbox for its lifetime — this is an agent’s body.

Provider comparison

ProviderIsolationCostBest for
LocalNone (host passthrough)FreeDevelopment, trusted code
DockerContainerFreeTesting, reproducible environments
DaytonaCloud or self-hostedFree (self-hosted)Production, team environments
E2BCloud$0.15/hrEphemeral tasks, CI
AgentBayAlibaba Cloud¥1/hrChina region

Session lifecycle

on_exit valueBehavior
pausePause on exit. Files, packages, processes preserved.
destroyKill on exit. Clean slate next time.
pause is the default — you keep everything across restarts.

Quick start

1

Configure a provider

Go to Settings → Sandbox in the Web UI. Expand the provider card and fill in the required fields:
ProviderRequired
DockerImage name, mount path
E2BAPI key
DaytonaAPI key, API URL
AgentBayAPI key
Config is stored at ~/.leon/sandboxes/<provider>.json.
2

Start a sandboxed thread

In the new conversation view, use the sandbox dropdown in the input area to select your provider. Send your first message — the Thread is now permanently bound to that sandbox.
3

Monitor resources

Go to Resources (sidebar). Live CPU/RAM/disk metrics and a file browser per sandbox session.

Provider configuration

Requires Docker on the host. No API key needed.
{
  "provider": "docker",
  "docker": {
    "image": "python:3.12-slim",
    "mount_path": "/workspace"
  },
  "on_exit": "pause"
}
FieldDefaultDescription
docker.imagepython:3.12-slimDocker image
docker.mount_path/workspaceWorking directory inside container
on_exitpausepause or destroy

API key resolution

API keys are resolved in order:
  1. Config file field (e2b.api_key, daytona.api_key, etc.)
  2. Environment variable (E2B_API_KEY, DAYTONA_API_KEY, AGENTBAY_API_KEY)
  3. ~/.leon/config.env

Session management

Web UI

From Resources:
  • Unified grid of all sessions across all providers
  • Click a session card → detail sheet with metrics and file browser
  • Pause / Resume / Destroy via UI or API

API endpoints

ActionEndpoint
List sessionsGET /api/sandbox/sessions
PausePOST /api/sandbox/sessions/{id}/pause?provider={type}
ResumePOST /api/sandbox/sessions/{id}/resume?provider={type}
DestroyDELETE /api/sandbox/sessions/{id}?provider={type}
MetricsGET /api/sandbox/sessions/{id}/metrics

Architecture

Middleware owns policy. The sandbox backend owns I/O. Swapping the backend changes where operations run without touching any middleware logic. Sessions are tracked in SQLite (~/.leon/sandbox.db):
TablePurpose
sandbox_leasesLease lifecycle — provider, desired/observed state
sandbox_instancesProvider-side session IDs
abstract_terminalsVirtual terminals bound to Thread + lease
lease_resource_snapshotsCPU, memory, disk metrics