Add Code Interpreter tool type with sandboxed code execution#209
Draft
esafwan wants to merge 3 commits into
Draft
Add Code Interpreter tool type with sandboxed code execution#209esafwan wants to merge 3 commits into
esafwan wants to merge 3 commits into
Conversation
Covers three integration approaches (new tool type, sandboxed custom functions, long-lived session), full implementation plan for Approach A (Run in Sandbox tool type), new DocType schema, opensandbox_tool.py skeleton, sdk_tools.py wiring, security risks, deployment steps, and effort estimates. https://claude.ai/code/session_01LTWQ1MrfeoBMXJ1tmwqxea
Adds a new "Code Interpreter" tool type to Agent Tool Function with configurable network access (disabled / whitelist / open). Whitelist mode supports one-click package-registry presets (npm, pip, apt, brew, docker, cargo, gem, go, maven, nuget) plus free-form custom domains. Backend: - sandbox_policy.py: NetworkPolicy class with PRESET_DOMAINS registry; builds sandbox config dict consumed by the runtime integration point - agent_tool_function.json: adds network_mode, network_presets, allowed_domains fields + Code Interpreter to types Select - agent_tool_function.py: validate_code_interpreter(), Code Interpreter params schema (code, language, timeout) - sdk_tools.py: routes Code Interpreter type to handle_code_interpreter(); injects sandbox_config from NetworkPolicy; stub handler with clear wiring instructions for runtime integration Frontend: - NetworkPolicyConfig.tsx: reusable mode selector + preset chip grid + custom domains textarea; self-contained, no external state - toolTemplates.json: new "Code Interpreter" template card (terminal icon) - ToolTemplateCard / toolIconMap: terminal icon support - agent.types.ts / toolTemplate.types.ts: Code Interpreter ToolType + network_mode / network_presets / allowed_domains in ToolFormData - toolCreationForm.utils.ts: schema fields + shouldShowField + defaults - ToolCreationForm.tsx: renders NetworkPolicyConfig when type is Code Interpreter - toolApi.ts / AgentFormPage.tsx / SelectToolsModal.tsx: pass network fields through on create and update https://claude.ai/code/session_01LTWQ1MrfeoBMXJ1tmwqxea
Covers network policy modes (disabled/whitelist/open), preset registry usage, tool creation (UI, Desk, Python), sandbox runtime wiring, and three deployment scenarios: - Local bench + local Docker - HUF in Docker + host Docker engine (shared network, host.docker.internal, extra_hosts) - Remote VPS (DigitalOcean/Hetzner) with Caddy TLS, API key auth, UFW firewall Includes testing examples (NetworkPolicy, handler stub, agent end-to-end, curl), security notes, and full API reference. https://claude.ai/code/session_01LTWQ1MrfeoBMXJ1tmwqxea
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR introduces a new Code Interpreter tool type to HUF that enables agents to execute arbitrary code (Python, JavaScript, Bash, etc.) in isolated sandboxed environments with configurable network access policies. This complements the existing unsafe in-process code execution paths by providing a secure, resource-limited alternative.
Key Changes
Backend Implementation
New module
huf/ai/sandbox_policy.py: ImplementsNetworkPolicyclass to manage outbound network access for sandboxes with three modes:disabled: No network access (air-gapped)whitelist: Allow specific package registries (npm, pip, apt, brew, docker, cargo, gem, go, maven, nuget) and custom domainsopen: Unrestricted outbound accessUpdated
huf/ai/sdk_tools.py:handle_code_interpreter()function to execute code with sandbox configurationExtended
Agent Tool FunctionDocType (agent_tool_function.pyand.json):Code Interpreteras a new tool type optionnetwork_mode: Select between disabled/whitelist/opennetwork_presets: JSON array of preset registry IDsallowed_domains: Newline-separated custom domain whitelistFrontend Implementation
New component
NetworkPolicyConfig.tsx:Updated tool creation form (
ToolCreationForm.tsx):Updated supporting files:
toolApi.ts: Added network policy fields to tool update payloadtoolCreationForm.utils.ts: Added network policy schema validationtoolTemplates.json: Added Code Interpreter template configurationagent.types.ts: Added Code Interpreter to ToolType unionSelectToolsModal.tsx,AgentFormPage.tsx: Pass network policy data through tool creation flowToolTemplateCard.tsx,toolIconMap.ts: Added Terminal icon for Code Interpreter toolsNotable Implementation Details
handle_code_interpreter()currently returns structured responses; actual sandbox runtime integration is a future stepIntegration Points
The Code Interpreter tool integrates seamlessly with existing HUF infrastructure:
sdk_tools.pyhttps://claude.ai/code/session_01LTWQ1MrfeoBMXJ1tmwqxea