diff --git a/docs/agents/amp.mdx b/docs/agents/amp.mdx index 197b7081..728c803b 100644 --- a/docs/agents/amp.mdx +++ b/docs/agents/amp.mdx @@ -22,7 +22,11 @@ amp ## Run headless -Use `-x` for non-interactive mode and `--dangerously-allow-all` to auto-approve all tool calls (safe inside E2B sandboxes). Amp uses its own API key from [ampcode.com/settings](https://ampcode.com/settings). +Use `-x` for non-interactive mode and `--dangerously-allow-all` to auto-approve all tool calls. The sandbox isolates the agent from your host machine, but sandboxes can reach the open internet by default — restrict outbound traffic with [network rules](/docs/network/internet-access). Amp uses its own API key from [ampcode.com/settings](https://ampcode.com/settings). + + +Auto-approving tool calls is contained by the sandbox: the agent cannot touch your host machine, local files, or credentials. It can still make outbound network requests — internet access is enabled by default. To limit where an auto-approved agent can connect, configure [outbound network rules](/docs/network/internet-access) (`allowInternetAccess`, plus allow/deny lists by CIDR or hostname). Hostname rules apply to HTTP(S) traffic only; use CIDR rules for other protocols. + ```typescript JavaScript & TypeScript diff --git a/docs/agents/claude-code.mdx b/docs/agents/claude-code.mdx index 68c3423a..d401fe36 100644 --- a/docs/agents/claude-code.mdx +++ b/docs/agents/claude-code.mdx @@ -22,7 +22,11 @@ claude ## Run headless -Use `-p` for non-interactive mode and `--dangerously-skip-permissions` to auto-approve all tool calls (safe inside E2B sandboxes). +Use `-p` for non-interactive mode and `--dangerously-skip-permissions` to auto-approve all tool calls. The sandbox isolates the agent from your host machine, but sandboxes can reach the open internet by default — restrict outbound traffic with [network rules](/docs/network/internet-access) if the agent processes untrusted input or handles secrets. + + +Auto-approving tool calls is contained by the sandbox: the agent cannot touch your host machine, local files, or credentials. It can still make outbound network requests — internet access is enabled by default. To limit where an auto-approved agent can connect, configure [outbound network rules](/docs/network/internet-access) (`allowInternetAccess`, plus allow/deny lists by CIDR or hostname). Hostname rules apply to HTTP(S) traffic only; use CIDR rules for other protocols. + ```typescript JavaScript & TypeScript diff --git a/docs/agents/codex.mdx b/docs/agents/codex.mdx index 7b6f854f..f51b1b26 100644 --- a/docs/agents/codex.mdx +++ b/docs/agents/codex.mdx @@ -22,7 +22,11 @@ codex ## Run headless -Use `codex exec` for non-interactive mode and `--full-auto` to auto-approve tool calls (safe inside E2B sandboxes). Pass `--skip-git-repo-check` to bypass git directory ownership checks inside the sandbox. Pass `CODEX_API_KEY` as an environment variable. +Use `codex exec` for non-interactive mode and `--full-auto` to auto-approve tool calls. The sandbox isolates the agent from your host machine, but sandboxes can reach the open internet by default — restrict outbound traffic with [network rules](/docs/network/internet-access). Pass `--skip-git-repo-check` to bypass git directory ownership checks inside the sandbox. Pass `CODEX_API_KEY` as an environment variable. + + +Auto-approving tool calls is contained by the sandbox: the agent cannot touch your host machine, local files, or credentials. It can still make outbound network requests — internet access is enabled by default. To limit where an auto-approved agent can connect, configure [outbound network rules](/docs/network/internet-access) (`allowInternetAccess`, plus allow/deny lists by CIDR or hostname). Hostname rules apply to HTTP(S) traffic only; use CIDR rules for other protocols. + ```typescript JavaScript & TypeScript diff --git a/docs/agents/devin.mdx b/docs/agents/devin.mdx index aeab69b8..180fc9fe 100644 --- a/docs/agents/devin.mdx +++ b/docs/agents/devin.mdx @@ -25,6 +25,10 @@ source /home/user/.bashrc After installation and login, use `devin -p` for non-interactive mode and `--permission-mode dangerous` to auto-approve tool calls. + +Auto-approving tool calls is contained by the sandbox: the agent cannot touch your host machine, local files, or credentials. It can still make outbound network requests — internet access is enabled by default. To limit where an auto-approved agent can connect, configure [outbound network rules](/docs/network/internet-access) (`allowInternetAccess`, plus allow/deny lists by CIDR or hostname). Hostname rules apply to HTTP(S) traffic only; use CIDR rules for other protocols. + + ```bash mkdir -p /home/user/project cd /home/user/project diff --git a/docs/agents/grok.mdx b/docs/agents/grok.mdx index e5c9437a..9eb8fbb4 100644 --- a/docs/agents/grok.mdx +++ b/docs/agents/grok.mdx @@ -22,7 +22,11 @@ grok ## Run headless -Use `-p` for non-interactive mode and `--always-approve` to auto-approve all tool calls (safe inside E2B sandboxes). Grok Build authenticates with an API key from the [xAI console](https://console.x.ai) via the `XAI_API_KEY` environment variable. +Use `-p` for non-interactive mode and `--always-approve` to auto-approve all tool calls. The sandbox isolates the agent from your host machine, but sandboxes can reach the open internet by default — restrict outbound traffic with [network rules](/docs/network/internet-access). Grok Build authenticates with an API key from the [xAI console](https://console.x.ai) via the `XAI_API_KEY` environment variable. + + +Auto-approving tool calls is contained by the sandbox: the agent cannot touch your host machine, local files, or credentials. It can still make outbound network requests — internet access is enabled by default. To limit where an auto-approved agent can connect, configure [outbound network rules](/docs/network/internet-access) (`allowInternetAccess`, plus allow/deny lists by CIDR or hostname). Hostname rules apply to HTTP(S) traffic only; use CIDR rules for other protocols. + ```typescript JavaScript & TypeScript