Skip to content
Codegen Sandbox Codegen Sandbox

Extending

The sandbox is deliberately modular so new capabilities land without surgery on existing code. Three common extensions:

Adding a new tool

Section titled “Adding a new tool”

  1. Create internal/tools/my_tool.go. Define RegisterMyTool(s ToolAdder, deps *Deps) and HandleMyTool(deps *Deps) func(...).

  2. Add handler tests in internal/tools/my_tool_test.go. Follow the black-box pattern (package tools_test) and reuse the shared helpers newTestDeps / textOf declared in read_test.go.

  3. Register in server.New:

    tools.RegisterMyTool(reg, deps)

    This automatically wraps the handler in scrubMiddleware because reg is the scrubbingRegistrar.

  4. Add a docs page under docs/src/content/docs/tools/my-tool.md and link it from the sidebar (autogenerated from the tools/ directory).

Adding a language detector

Section titled “Adding a language detector”

See the Detector interface reference for the interface shape. Concretely:

  1. Create internal/verify/<language>.go with a struct implementing Detector.
  2. Extend Detect in internal/verify/verify.go to check for the marker file.
  3. Update the Dockerfile to install the runtime (apk add nodejs npm, etc.).
  4. If the linter output format differs from <file>:<line>:<col>: <msg> (<rule>), either update verify.ParseLint (for a universal parser) or add a per-detector parser method.
  5. Add unit tests for the detector and an integration test for run_lint with a seeded project.

Adding a scrub pattern

Section titled “Adding a scrub pattern”
  1. Add an entry to the patterns slice in internal/scrub/scrub.go. Order matters — more specific patterns first (e.g., Anthropic’s sk-ant- before OpenAI’s generic sk-).
  2. Add a test case to internal/scrub/scrub_test.go showing both a positive match and a plausible non-match (to guard against future pattern-interaction surprises).
  3. No other code changes. The scrubber iterates all patterns; new ones fire automatically.

Target: common shapes (API keys from well-known providers, PEM private keys, basic-auth URLs). Entropy-based detection (TruffleHog, gitleaks’ generic rule) is out of scope.

Adding a deny pattern

Section titled “Adding a deny pattern”

Same shape as scrub patterns — regex only, fixed set. Edit denyPattern in internal/tools/bash.go. Add the token to the alternation (put specific variants before general ones, e.g. mkfs.ext4 via an optional .\w+ group). Add a test in bash_internal_test.go’s table of match cases.

A note on web tools

Section titled “A note on web tools”

WebSearch / WebFetch are not in this sandbox — agents connect a sibling MCP server (Brave / Exa / Tavily / the official fetch server) alongside. See Non-sandbox tools. To control outbound behaviour, configure the agent runtime’s MCP server list and/or your container runtime’s egress policy.