---
title: "Sandboxing"
description: "Sandboxing workflow execution"
---

Sandboxes isolate agent execution from the host machine. When an agent runs a shell command, edits a file, or searches code, it does so inside a sandbox — preventing unintended side effects on the host and providing a reproducible environment for each run.

Fabro supports three sandbox providers: `local` (no isolation), `docker` (container-level), and `daytona` (cloud VM). See [Environments](/execution/environments) for full provider-specific configuration.

## Network access control

For cloud sandboxes (Daytona), you can control outbound network access with the `network` field in `[run.sandbox.daytona]`. Three modes are available: `"allow_all"` (default), `"block"`, and `{ allow_list = ["..."] }` for CIDR-based egress filtering.

Server defaults in `settings.toml` apply when a run config doesn't specify `network`. Individual run configs can override the server default.

See [Environments — Network access](/execution/environments#network-access) for syntax examples and the full reference.