Skip to main content

Sandbox (Guarded Actions)

Run a safe, pre‑defined action on the device — no raw shell, no hand‑written JSON. You pick an action, fill in a couple of fields, and it goes through an approval + audit path before the agent runs it.

Run an action

  1. Open the device → Sandbox and choose an action:

    ActionFields
    Run a script / commandthe command/script (e.g. sudo systemctl restart nginx), Run with (interpreter: bash/…), and an optional Undo command for rollback
    Restart a serviceService name (e.g. nginx) and OS
    Install a packagePackage name (e.g. htop) and package manager
    Remove a packagePackage name and package manager
  2. Fill in the fields (and a rollback command if offered).

  3. Submit. The action is tagged with a risk level (Low / Medium / High / Critical).

Approval and execution

Actions move through a clear status flow: Awaiting approval → Approved → Executing → Completed (or Failed / Rejected / Cancelled). Higher‑risk actions wait for approval before the agent picks them up and runs them; the result comes back inline and is logged in Ops Replay.

tip

Reach for the Sandbox for repeatable, well‑scoped fixes (restart this service, install that package). For ad‑hoc "just do X in words" use NL Ops; for a full interactive shell use the Terminal.