Docker setup Installation Install Docker on your system Install the required packages: Copied pip install 'smolagents[docker]' Setting up the docker sandbox Create a Dockerfile for your agent environment: Copied FROM python:3.10-bullseye # Install build dependencies RUN apt-get update && \ apt-get install -y --no-install-recommends \ build-essential \ python3-dev && \ pip install --no-cache-dir --upgrade pip && \ pip install --no-cache-dir smolagents && \ apt-get clean && \ rm -rf /var/lib/apt/lists/* # Set working directory WORKDIR /app # Run with limited privileges USER nobody # Default command CMD ["python", "-c", "print('Container ready')"] Create a sandbox manager to run code: Copied import docker import os from typing import Optional class DockerSandbox: def __init__(self): self.client = docker.from_env() self.container = None def create_container(self): try: image, build_logs = self.client.images.build( path=".", tag="agent-sandbox", rm=True, forcerm=True, buildargs={}, # decode=True ) except docker.errors.BuildError as e: print("Build error logs:") for log in e.build_log: if 'stream' in log: print(log['stream'].strip()) raise # Create container with security constraints and proper logging self.container = self.client.containers.run( "agent-sandbox", command="tail -f /dev/null", # Keep container running detach=True, tty=True, mem_limit="512m", cpu_quota=50000, pids_limit=100, security_opt=["no-new-privileges"], cap_drop=["ALL"], environment={ "HF_TOKEN": os.getenv("HF_TOKEN") }, ) def run_code(self, code: str) -> Optional[str]: if not self.container: self.create_container() # Execute code in container exec_result = self.container.exec_run( cmd=["python", "-c", code], user="nobody" ) # Collect all output return exec_result.output.decode() if exec_result.output else None def cleanup(self): if self.container: try: self.container.stop() except docker.errors.NotFound: # Container already removed, this is expected pass except Exception as e: print(f"Error during cleanup: {e}") finally: self.container = None # Clear the reference # Example usage: sandbox = DockerSandbox() try: # Define your agent code agent_code = """ import os from smolagents import CodeAgent, HfApiModel # Initialize the agent agent = CodeAgent( model=HfApiModel(token=os.getenv("HF_TOKEN"), provider="together"), tools=[] ) # Run the agent response = agent.run("What's the 20th Fibonacci number?") print(response) """ # Run the code in the sandbox output = sandbox.run_code(agent_code) print(output) finally: sandbox.cleanup()

Running your agent in E2B: multi-agents To use multi-agents in an E2B sandbox, you need to run your agents completely from within E2B. Here is how to do it: Copied from e2b_code_interpreter import Sandbox import os # Create the sandbox sandbox = Sandbox() # Install required packages sandbox.commands.run("pip install smolagents") def run_code_raise_errors(sandbox, code: str, verbose: bool = False) -> str: execution = sandbox.run_code( code, envs={'HF_TOKEN': os.getenv('HF_TOKEN')} ) if execution.error: execution_logs = "\n".join([str(log) for log in execution.logs.stdout]) logs = execution_logs logs += execution.error.traceback raise ValueError(logs) return "\n".join([str(log) for log in execution.logs.stdout]) # Define your agent application agent_code = """ import os from smolagents import CodeAgent, HfApiModel # Initialize the agents agent = CodeAgent( model=HfApiModel(token=os.getenv("HF_TOKEN"), provider="together"), tools=[], name="coder_agent", description="This agent takes care of your difficult algorithmic problems using code." ) manager_agent = CodeAgent( model=HfApiModel(token=os.getenv("HF_TOKEN"), provider="together"), tools=[], managed_agents=[agent], ) # Run the agent response = manager_agent.run("What's the 20th Fibonacci number?") print(response) """ # Run the agent code in the sandbox execution_logs = run_code_raise_errors(sandbox, agent_code) print(execution_logs)

The only way to run LLM-generated code securely is to isolate the execution from your local environment.

To add a first layer of security, code execution in smolagents is not performed by the vanilla Python interpreter. We have re-built a more secure LocalPythonExecutor from the ground up. To be precise, this interpreter works by loading the Abstract Syntax Tree (AST) from your Code and executes it operation by operation, making sure to always follow certain rules: By default, imports are disallowed unless they have been explicitly added to an authorization list by the user.Even so, because some innocuous packages like re can give access to potentially harmful packages as in re.subprocess, subpackages that match a list of dangerous patterns are not imported. The total count of elementary operations processed is capped to prevent infinite loops and resource bloating. Any operation that has not been explicitly defined in our custom interpreter will raise an error.