LangSmith Sandbox Module.
This module provides sandboxed code execution capabilities through the LangSmith Sandbox API.
import { ... } from "langsmith/sandbox";import { SandboxClient } from "langsmith/sandbox";
// Uses LANGSMITH_ENDPOINT and LANGSMITH_API_KEY from environment
const client = new SandboxClient();
const snapshot = await client.createSnapshot(
"python",
"python:3.12-slim",
1_073_741_824
);
const sandbox = await client.createSandbox(snapshot.id);
try {
const result = await sandbox.run("python --version");
console.log(result.stdout);
} finally {
await sandbox.delete();
}Build a sandbox proxy rule that signs AWS HTTPS requests with SigV4.
Build a sandbox proxy rule that injects GCP OAuth bearer auth.
Provide a write-only secret value for a sandbox proxy configuration.
Build a sandbox proxy config from one or more proxy rules.
Reference a LangSmith workspace secret in a sandbox proxy configuration.
Async handle to a running command with streaming output and auto-reconnect.
Async iterable, yielding OutputChunk objects (stdout and stderr interleaved in arrival order). Access .result after iteration to get the full ExecutionResult.
Auto-reconnect behavior:
Raised when a command exceeds its timeout.
Raised when dataplane_url is not available for the sandbox.
This occurs when the sandbox-router URL is not configured for the cluster.
Raised when organization quota limits are exceeded.
Users should contact technical support via our Support Portal (https://support.langchain.com) to increase quotas.
Raised when creating a resource that already exists.
Raised when resource provisioning fails (general-purpose).
Raised when deleting a resource that is still in use.
Raised when updating a resource name to one that already exists.
Raised when a resource is not found.
Raised when an operation times out.
Raised when the API endpoint returns an unexpected error.
For example, this is raised for wrong URL or path.
Raised when authentication fails (invalid or missing API key).
Raised when connection to the sandbox server fails.
Raised when sandbox creation fails.
Base exception for sandbox client errors.
Raised when attempting to interact with a sandbox that is not ready.
Raised when a sandbox operation fails (run, read, write).
Raised when the sandbox server is reloading (close code 1001).
Subclass of connection error that signals immediate reconnect (no backoff).
Raised when request validation fails.
This includes:
Represents an active sandbox for running commands and file operations.
This class is typically obtained from SandboxClient.createSandbox() and provides methods for command execution and file I/O within the sandbox environment.
Client for interacting with the Sandbox Server API.
This client provides a simple interface for managing sandboxes and snapshots.
Options for capturing a snapshot from a running sandbox.
Options for creating a snapshot from a local Dockerfile context.
Options for creating a sandbox.
Options for creating a snapshot from a Docker image.
Result of executing a command in a sandbox.
GCS configuration for a sandbox mount.
GCS-backed sandbox mount specification.
Git configuration for a sandbox mount.
Git ref selected for a sandbox mount.
Git-backed sandbox mount specification.
Options for listing snapshots. All fields are optional and independent.
The backend always paginates: when limit is omitted the server applies
a default page size (currently 50), so a single call will not necessarily
return every snapshot visible to the caller's tenant.
Optional per-mount cache configuration supported by bucket mounts.
A single chunk of streaming output from command execution.
Lightweight provisioning status for any async-created resource.
Options for running a command in a sandbox.
S3 configuration for a sandbox mount. Field names are snake_case so the
object is wire-compatible with the backend MountSpec type.
S3-backed sandbox mount specification.
Network access-control rules for a sandbox's proxy sidecar.
Supported pattern types: exact domains, globs (e.g. *.example.com),
IPs, CIDR ranges (e.g. 10.0.0.0/8), and regex (~pattern).
Only one of allow_list and deny_list may be populated.
AWS auth rule for sandbox proxy SigV4 signing.
AWS credentials used by the backend to authenticate S3 mounts.
Configuration options for the SandboxClient.
Data representing a sandbox instance from the API.
GCP auth rule for sandbox proxy OAuth bearer injection.
GCP credentials used by the backend to authenticate GCS mounts.
Provider auth blocks for sandbox mounts.
Public mount config sent to the sandbox API.
Full proxy configuration forwarded to the sandbox server as-is (snake_case
so it's wire-compatible with the backend). Mirrors the server's
ProxyConfig type.
Secret value reference for sandbox proxy rules.
Represents a sandbox snapshot.
Snapshots are built from Docker images or captured from running sandboxes. They are used to create new sandboxes.
Options for starting a stopped sandbox.
Options for updating a sandbox (name and/or retention settings).
Options for waiting for a sandbox to become ready.
Options for waiting for a snapshot to become ready.
Internal WebSocket message type from the server.
Options for the low-level WebSocket stream functions.
Sandbox mount specification.
Provider auth helper output accepted by mountConfig.
Proxy rule accepted by the sandbox proxy config.