Skip to main content
The Tembo Sandbox provides a secure, isolated environment where Tembo operates to analyze and modify your code. This environment comes pre-installed with a comprehensive set of development tools and runtime environments to support a wide variety of programming languages and frameworks.

Pre-installed Tools and Runtimes

The Tembo Sandbox includes the following base dependencies and their versions:

System Tools

ToolVersionDescription
curl8.14.1Command-line tool for transferring data with URLs
lsof4.99.4Lists open files and network connections
strace6.15System call tracer for debugging and monitoring

Version Control and Authentication

ToolVersionDescription
git-credential-tembounknownTembo-specific Git credential helper

Code Quality and Analysis

ToolVersionDescription
ShellCheck0.10.0Static analysis tool for shell scripts

HTTP and API Tools

ToolVersionDescription
httpie3.2.4Modern, user-friendly HTTP client for API testing

JavaScript/Node.js Ecosystem

ToolVersionDescription
nodejs22.17.0JavaScript runtime built on Chrome’s V8 engine
bun1.2.18Fast all-in-one JavaScript runtime and toolkit
pnpm10.12.4Fast, disk space efficient package manager

Python Ecosystem

ToolVersionDescription
python33.12.11Modern Python programming language
pipx1.7.1Install and run Python applications in isolated environments

Ruby Ecosystem

ToolVersionDescription
ruby3.3.6Dynamic, object-oriented programming language
bundler-2.6.92.6.9Manages Ruby gem dependencies
ruby3.3-rubocop-1.75.21.75.2Ruby static code analyzer and formatter

Elixir/Erlang Ecosystem

ToolVersionDescription
erlang-28.0.128.0.1Concurrent, fault-tolerant programming platform
elixir1.18.4Dynamic, functional programming language
hex2.2.2Package manager for the Erlang ecosystem
rebar33.25.0Erlang build tool and package manager
erlfmt1.7.0Erlang code formatter

Go Ecosystem

ToolVersionDescription
go1.24.4Open source programming language from Google

Rust Ecosystem

ToolVersionDescription
rustup1.28.2Rust toolchain installer and version management tool

Sandbox Types

Tembo supports multiple sandbox environment types to accommodate different use cases and requirements:

Docker (Default)

The Docker sandbox is the default environment type, offering:
  • Fast startup: Containers start quickly for rapid task execution
  • Wide compatibility: Works with most common development workflows
  • Resource efficient: Lightweight containerization with minimal overhead
  • Best for: Most general-purpose tasks, web applications, and standard development workflows

QEMU

The QEMU sandbox provides full virtual machine isolation using QEMU/KVM virtualization:
  • Complete isolation: Full VM-level isolation for enhanced security
  • System-level access: Support for tasks requiring deeper system integration
  • Custom kernels: Ability to run specialized kernel configurations
  • Best for: Tasks requiring enhanced isolation, system-level operations, or specialized environments
You can configure the sandbox type at the organization, issue, or job level. If not specified, Tembo defaults to the Docker sandbox type.

Environment Characteristics

Isolation and Security

The Tembo Sandbox provides strong isolation and security guarantees:
  • Process isolation: Each task runs in its own isolated environment
  • File system isolation: Changes are contained within the sandbox
  • Network security: Controlled network access for security
  • Resource limits: CPU and memory constraints to ensure stability

Development Workflow Integration

The sandbox environment is designed to integrate seamlessly with your development workflow:
  • Hook support: Execute custom commands at different stages via Tembo Hooks
  • Repository access: Full access to your repository contents and history
  • Build tool compatibility: Support for common build systems and package managers
  • Testing frameworks: Compatible with popular testing tools and frameworks
  • Nix dev shell support: Automatically detects and uses Nix flakes for reproducible development environments

Model Context Protocol (MCP) Support

Tembo supports the Model Context Protocol (MCP), allowing AI agents to access custom tools, resources, and integrations during task execution. MCP servers can be configured to provide agents with additional capabilities such as:
  • Custom API integrations: Connect to internal tools and services
  • Database access: Query and interact with databases directly
  • File system operations: Extended file manipulation capabilities
  • External data sources: Access to documentation, wikis, or knowledge bases
To configure MCP servers for your organization, add them to your organization settings in the Tembo dashboard. Agents will automatically have access to configured MCP servers when working on tasks.

Nix Development Shells

Tembo’s sandbox environment supports Nix flakes for reproducible development environments. To use this feature, your repository must have a flake.nix file in the root directory that defines a development shell named default for the x86_64-linux platform. Requirements:
  • Your flake.nix must specify devShells.x86_64-linux.default
  • The development shell must target the x86_64-linux platform (Tembo’s sandbox runs on x86_64 Linux)
  • The flake must be in your repository’s root directory
Example flake.nix: 
{
  description = "My project development environment";

  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
  };

  outputs = { self, nixpkgs }: {
    devShells.x86_64-linux.default = nixpkgs.legacyPackages.x86_64-linux.mkShell {
      packages = with nixpkgs.legacyPackages.x86_64-linux; [
        nodejs
        python3
        # Add any other tools your project needs
      ];
    };
  };
}
When configured correctly, Tembo will:
  • Automatically detect your flake.nix file at the repository root
  • Load the default devshell for the x86_64-linux platform
  • Make available all packages and environment variables defined in your Nix development shell
  • Ensure reproducibility across different tasks and environments
How it works: When a coding agent executes commands in the sandbox, it automatically runs them within your Nix development shell if a flake.nix is detected. This means all build commands, tests, and scripts will have access to the exact dependencies specified in your flake, ensuring consistent behavior across all task executions.

Best Practices

When working with the Tembo Sandbox environment:

Dependency Management

  • Use existing tools: Leverage the pre-installed package managers and tools when possible
  • Specify versions: When installing additional dependencies, pin to specific versions for reproducibility
  • Cache efficiently: Use package manager caching features to improve build times

Resource Optimization

  • Minimize installations: Avoid installing large dependencies unless necessary
  • Clean up: Remove temporary files and build artifacts when possible
  • Use lightweight alternatives: Choose lighter-weight tools when multiple options are available

Compatibility Considerations

  • Version awareness: Be aware of the pre-installed tool versions when writing build scripts
  • Cross-language support: Take advantage of the multi-language environment for polyglot projects
  • Tool conflicts: Be mindful of potential conflicts between different language ecosystems

Nix Development Shell Tips

  • Use Nix for complex dependencies: If your project requires specific tool versions or uncommon dependencies, consider using a Nix development shell instead of relying on pre-installed tools
  • Test locally: Use nix develop locally to verify your flake configuration before relying on it in Tembo
  • Keep flakes minimal: Include only the dependencies your project needs to reduce environment setup time

Support and Updates

The Tembo Sandbox environment is regularly updated to include:
  • Security patches for all installed tools
  • Updates to major language runtimes and package managers
  • New tools based on community feedback and usage patterns
If you need a specific tool or version that isn’t currently available, please reach out to the Tembo team through your dashboard or contact support.

Complete Dependency List

Below is the complete list of all pre-installed tools and their versions in the Tembo Sandbox environment: 
System Tools:
- curl: 8.14.1
- lsof: 4.99.4
- strace: 6.15

Version Control & Authentication:
- git-credential-tembo: unknown

Code Quality & Analysis:
- ShellCheck: 0.10.0

HTTP & API Tools:
- httpie: 3.2.4

JavaScript/Node.js Ecosystem:
- nodejs: 22.17.0
- bun: 1.2.18
- pnpm: 10.12.4

Python Ecosystem:
- python3: 3.12.11
- pipx: 1.7.1

Ruby Ecosystem:
- ruby: 3.3.6
- bundler-2.6.9: 2.6.9
- ruby3.3-rubocop-1.75.2: 1.75.2

Elixir/Erlang Ecosystem:
- erlang-28.0.1: 28.0.1
- elixir: 1.18.4
- hex: 2.2.2
- rebar3: 3.25.0
- erlfmt: 1.7.0

Go Ecosystem:
- go: 1.24.4

Rust Ecosystem:
- rustup: 1.28.2