Skip to content
mistral.rs

Code and shell execution

SandboxPolicy

Section titled “SandboxPolicy”

OS-level sandbox applied to code-execution and shell subprocesses on Linux/macOS.

Pass to CodeExecutionConfig(sandbox_policy=...) or ShellConfig(sandbox_policy=...) to enable the sandbox; omit (or pass None) to disable it. See the sandbox reference for the layered defenses: env scrub, namespaces, Landlock FS allowlist, rlimits, seccomp deny-list, and optional cgroup v2 on Linux.

  • max_memory_mb: per-session memory cap (default 2048).
  • max_cpu_secs: per-session CPU time cap (default 300). When rlimits apply, this is raised to at least the configured tool timeout.
  • max_procs: per-session process/thread cap (default 64).
  • max_open_fds: per-session open-fd cap (default 1024).
  • max_file_sz_mb: per-session max written-file size (default 256).
  • network: NetworkMode.NoNetwork, .Loopback, or .Full.
  • extra_fs_read: additional paths the sandboxed process may read.
  • extra_fs_write: additional paths the sandboxed process may read/write.
  • extra_env: additional environment variable names allowed through.
  • strict: fail initialization if requested filesystem or network isolation is unavailable.

SandboxPolicy.__init__

Section titled “SandboxPolicy.__init__”
__init__(
    max_memory_mb: int = 2048,
    max_cpu_secs: int = 300,
    max_procs: int = 64,
    max_open_fds: int = 1024,
    max_file_sz_mb: int = 256,
    network: NetworkMode = NetworkMode.Loopback,
    extra_fs_read: list[str] = [],
    extra_fs_write: list[str] = [],
    extra_env: list[str] = [],
    strict: bool = False,
) -> None

CodeExecutionConfig

Section titled “CodeExecutionConfig”

Configuration for the built-in Python code execution tool.

Pass to Runner(code_execution_config=...) to enable the execute_python tool. Per-request, set ChatCompletionRequest.enable_code_execution=True.

All fields are optional:

  • python_path: interpreter to run. Defaults to python on Windows, python3 elsewhere.
  • timeout_secs: per-call timeout. Defaults to 60.
  • working_directory: shared working directory. Defaults to a per-session temp directory.
  • sandbox_policy: an OS-level sandbox to apply to the spawned interpreter on Linux/macOS. None (default) disables the sandbox; passing a SandboxPolicy enables it with the configured limits.
  • permission: CodeExecutionPermission.Auto, .Ask, or .Deny. For new code, prefer ChatCompletionRequest.agent_permission.
  • approval_callback: code-execution-specific callback. For new code, prefer ChatCompletionRequest.agent_approval_callback, which applies to all agent actions.

CodeExecutionConfig.__init__

Section titled “CodeExecutionConfig.__init__”
__init__(
    python_path: str | None = None,
    timeout_secs: int | None = None,
    working_directory: str | None = None,
    sandbox_policy: SandboxPolicy | None = None,
    permission: CodeExecutionPermission | None = None,
    approval_callback: Callable[[dict[str, object]], bool] | None = None,
) -> None

ShellConfig

Section titled “ShellConfig”

Configuration for the built-in shell execution tool.

Pass to Runner(shell_config=...) to enable the shell tool. Per-request, set ChatCompletionRequest.enable_shell=True or provide ChatCompletionRequest.shell_skills.

All fields are optional:

  • shell_path: shell executable. Defaults to cmd on Windows, /bin/sh elsewhere.
  • timeout_secs: per-call timeout. Defaults to 600.
  • working_directory: shared working directory. Defaults to a per-session temp directory.
  • sandbox_policy: an OS-level sandbox to apply to the spawned shell on Linux/macOS. None (default) disables the sandbox; passing a SandboxPolicy enables it with the configured limits.
  • permission: AgentPermission.Auto, .Ask, or .Deny. For per-request control, prefer ChatCompletionRequest.agent_permission.

ShellConfig.__init__

Section titled “ShellConfig.__init__”
__init__(
    shell_path: str | None = None,
    timeout_secs: int | None = None,
    working_directory: str | None = None,
    sandbox_policy: SandboxPolicy | None = None,
    permission: AgentPermission | None = None,
) -> None

ShellSkillMount

Section titled “ShellSkillMount”

Local skill directory mount using the OpenAI-compatible Skill directory shape.

Pass instances in ChatCompletionRequest.shell_skills for in-process requests. Server users normally upload Skills through /v1/skills.

ShellSkillMount.__init__

Section titled “ShellSkillMount.__init__”
__init__(name: str, description: str, source_path: str) -> None

Generated from mistralrs-pyo3/mistralrs.pyi.