strands.sandbox.not_a_sandbox_local_environment

Host execution environment used as the default when no sandbox is configured.

:class:NotASandboxLocalEnvironment runs commands, code, and file operations directly on the host with no isolation. The deliberately blunt name (mirrored from strands-ts/src/sandbox/not-a-sandbox-local-environment.ts) is a warning: this is the fallback an :class:~strands.agent.agent.Agent uses when no sandbox is passed, not a security boundary.

Mirroring the TypeScript oracle, this extends :class:~strands.sandbox.base.Sandbox directly: file operations use native :mod:pathlib/:mod:os calls (avoiding a shell and reporting real size metadata), while command and code execution spawn a local sh.

NotASandboxLocalEnvironment

class NotASandboxLocalEnvironment(Sandbox)

Defined in: src/strands/sandbox/not_a_sandbox_local_environment.py:31

Run commands, code, and file operations on the host with no isolation.

Used as the default execution environment when an :class:Agent is created without a sandbox. Command and code execution spawn a local sh; file operations use the host filesystem directly.

.. warning:: This provides no isolation. Commands run with the full privileges of the host process. Pass an explicit sandbox (e.g. :class:~strands.sandbox.docker.DockerSandbox) when isolation matters.

execute_streaming

async def execute_streaming(
        command: str,
        *,
        timeout: float | None = None,
        cwd: str | None = None,
        env: dict[str, str] | None = None,
        **kwargs: Any) -> AsyncGenerator[StreamChunk | ExecutionResult, None]

Defined in: src/strands/sandbox/not_a_sandbox_local_environment.py:49

Execute a command on the host via sh -c, streaming output.

Arguments:

• command - The shell command to execute.
• timeout - Maximum execution time in seconds. None means no timeout.
• cwd - Working directory for this command. Defaults to the process’s current working directory.
• env - Environment variables to set, applied via a shell export prefix.
• **kwargs - Additional keyword arguments for forward compatibility.

Yields:

:class:StreamChunk objects for output, then a final :class:ExecutionResult.

Raises:

• ValueError - If an environment variable name is invalid.
• SandboxTimeoutError - If execution exceeds timeout seconds.

execute_code_streaming

async def execute_code_streaming(
        code: str,
        language: str,
        *,
        timeout: float | None = None,
        cwd: str | None = None,
        env: dict[str, str] | None = None,
        **kwargs: Any) -> AsyncGenerator[StreamChunk | ExecutionResult, None]

Defined in: src/strands/sandbox/not_a_sandbox_local_environment.py:82

Execute code on the host by piping it to a language interpreter via sh.

The code is base64-encoded and decoded inside a quoted heredoc, then piped to the interpreter (base64 -d << 'EOF' | <lang>), so arbitrary source — including shell metacharacters, quotes, and newlines — reaches the interpreter without injection risk. language is validated against :data:~strands.sandbox.constants.LANGUAGE_PATTERN first.

Arguments:

• code - The source code to execute.
• language - The interpreter to use (e.g., "python3", "node").
• timeout - Maximum execution time in seconds. None means no timeout.
• cwd - Working directory for execution. Defaults to the process’s current working directory.
• env - Environment variables to set, applied via a shell export prefix.
• **kwargs - Additional keyword arguments for forward compatibility.

Yields:

:class:StreamChunk objects for output, then a final :class:ExecutionResult.

Raises:

• ValueError - If language contains invalid characters or an environment variable name is invalid.
• SandboxTimeoutError - If execution exceeds timeout seconds.

read_file

async def read_file(path: str, **kwargs: Any) -> bytes

Defined in: src/strands/sandbox/not_a_sandbox_local_environment.py:126

Read a file from the host filesystem as raw bytes.

Arguments:

• path - Path to the file. Relative paths resolve against the current working directory.
• **kwargs - Additional keyword arguments for forward compatibility.

Returns:

The file contents as raw bytes.

Raises:

• FileNotFoundError - If the file does not exist.
• OSError - If the file cannot be read.

write_file

async def write_file(path: str, content: bytes, **kwargs: Any) -> None

Defined in: src/strands/sandbox/not_a_sandbox_local_environment.py:143

Write raw bytes to a file on the host, creating parent directories.

Arguments:

• path - Path to the file. Relative paths resolve against the current working directory.
• content - The content to write.
• **kwargs - Additional keyword arguments for forward compatibility.

Raises:

• OSError - If the file cannot be written.

remove_file

async def remove_file(path: str, **kwargs: Any) -> None

Defined in: src/strands/sandbox/not_a_sandbox_local_environment.py:159

Remove a file from the host filesystem.

Arguments:

• path - Path to the file. Relative paths resolve against the current working directory.
• **kwargs - Additional keyword arguments for forward compatibility.

Raises:

• FileNotFoundError - If the file does not exist.

list_files

async def list_files(path: str, **kwargs: Any) -> list[FileInfo]

Defined in: src/strands/sandbox/not_a_sandbox_local_environment.py:172

List directory contents from the host filesystem, sorted by name.

Unlike the shell-based base implementation, this reports native is_dir and size metadata. If an entry’s metadata cannot be read, it is still listed with is_dir/size left as None.

Arguments:

• path - Path to the directory. Relative paths resolve against the current working directory.
• **kwargs - Additional keyword arguments for forward compatibility.

Returns:

A list of :class:FileInfo entries for the directory contents.

Raises:

• SandboxPathNotFoundError - If the directory does not exist or path is not a directory. Permission and other errors propagate so callers can surface them.