AuraOne
Start a project
RESOURCES · DOCS · AGENT STUDIO · SECURITY

Sandbox guide

Run untrusted stdio MCP servers with declared paths and limited network/file access.

Talk to AI LabsAll docs
SECTION
Security

Where this entry sits in the docs index.

READ TIME
8 min

Pace it for a coffee or a coffee break.

SECTIONS
1

Each one stands alone and is copy-paste safe.

INSTRUMENT READOUT · SECURITY
THE WALKTHROUGH

What you will actually do.

STEP 01
SECURITY

When to enable sandbox mode

Enable sandbox mode when testing a server from an unknown repository, a server with destructive tools, or a server that requests broad filesystem access.

Sandbox mode is a guardrail, not a proof of safety. Review linter findings, inspect the manifest, and run sample calls against disposable data first.

01

macOS uses sandbox-exec profiles for declared paths.

↳ CHECK
02

Linux uses bubblewrap when available.

↳ CHECK
03

Remote SSE/HTTP servers cannot be sandboxed locally; restrict headers and use disposable keys.

↳ CHECK
04

Sandbox rejection errors include the denied path or capability when the platform exposes it.

↳ CHECK
↳ COMMANDS
agentstudio connect --stdio "python server.py" --sandbox --allow-read ./fixtures --allow-write ./tmp
agentstudio risk-scan ./server --fail-on high
CONTINUE READING
← PREVIOUS
Privacy and telemetry
NEXT →
Troubleshooting
SECURITY

Next time, it's already a replay.

The path you just read becomes the path you can repeat. One trace, one artifact, one gate the next release has to clear.

Talk to AI LabsAll docs
Sandbox guide | Agent Studio Open Docs