Overview

When the assistant needs to run code for analysis, parsing, aggregation, or visualization, it uses a secure sandbox environment. The sandbox is isolated from your production systems and can be customized to match your needs.

What the sandbox is

The sandbox is a containerized execution environment where the assistant runs code during investigations. It provides:

• Isolation: Code runs in a secure container, separate from your production infrastructure.
• Language support: Python, Node.js, and shell scripts are available by default.
• Persistence: Files created during a conversation persist within that thread, so the assistant can build on previous work.
• Customization: You can configure init scripts, environment variables, and resource limits.

When the sandbox is used

The assistant uses the sandbox when it needs to:

• Parse and transform log data
• Aggregate metrics or calculate statistics
• Generate visualizations and charts
• Run analysis scripts
• Test hypotheses with code

You see sandbox execution as tool calls in the conversation. The assistant shows the code it runs and the output it receives.

Sandbox configuration

You can customize the sandbox to include your organization's tools and configuration.

Security

The sandbox is designed with security in mind:

• Network isolation: Sandbox containers cannot access your production systems or internal networks.
• Resource limits: CPU, memory, and execution time are limited to prevent runaway processes.
• No persistence across threads: Each thread gets a fresh sandbox state. Data does not leak between conversations.
• Audit logging: All sandbox executions are logged and can be reviewed.