Skip to main content
Sandboxes isolate agent execution from the host machine. When an agent runs a shell command, edits a file, or searches code, it does so inside a sandbox — preventing unintended side effects on the host and providing a reproducible environment for each run. Fabro supports three sandbox providers: local (no isolation), docker (container-level), and daytona (cloud VM). See Environments for full provider-specific configuration.

Network access control

For cloud sandboxes (Daytona), you can control outbound network access with the network field in [sandbox.daytona]. Three modes are available: "allow_all" (default), "block", and { allow_list = ["..."] } for CIDR-based egress filtering. Server defaults in settings.toml apply when a run config doesn’t specify network. Individual run configs can override the server default. See Environments — Network access for syntax examples and the full reference.