Skip to main content

Overview

Code executors wrap your agent’s code and intercept API calls. They allow your AI agent to write normal code targeting production APIs (like https://slack.com/api/*) while actually hitting isolated test environments.

Flow

1

Agent Writes Code

requests.post('https://slack.com/api/chat.postMessage', json={...})
2

Code executor Proxy

  1. Wraps code with interception logic
  2. Detects API URL patterns
  3. Rewrites URLs to route into the isolated environment
https://slack.com/api/* 
 http://localhost:8000/api/env/{env_id}/services/slack/*
3

Environment

Real API responses from your sandboxed environment

URL Transformation Rules

The executor transforms URLs based on these patterns:
Original URLTransformed URL
https://slack.com/api/*http://localhost:8000/api/env/{id}/services/slack/*
https://api.slack.com/api/*http://localhost:8000/api/env/{id}/services/slack/*
https://api.linear.app/*http://localhost:8000/api/env/{id}/services/linear/*

Available Executors

Python

Intercepts requests and urllib

TypeScript

Intercepts fetch API

Bash

Intercepts curl commands

How Interception Works

Python Executor

The Python executor wraps code with a custom URL opener: 
# What gets prepended to your code:
import urllib.request
import urllib.parse
from urllib.request import Request, urlopen

_original_urlopen = urllib.request.urlopen

def _intercepting_urlopen(url, *args, **kwargs):
    if isinstance(url, str):
        url = _transform_url(url)
    elif hasattr(url, 'full_url'):
        url.full_url = _transform_url(url.full_url)
    return _original_urlopen(url, *args, **kwargs)

urllib.request.urlopen = _intercepting_urlopen

# Also patches requests library
import requests
_original_request = requests.Session.request

def _intercepting_request(self, method, url, *args, **kwargs):
    return _original_request(self, method, _transform_url(url), *args, **kwargs)

requests.Session.request = _intercepting_request

TypeScript Executor

The TypeScript executor overrides global fetch: 
// What gets prepended to your code:
const originalFetch = globalThis.fetch;

globalThis.fetch = async (url: string | URL, init?: RequestInit) => {
  const transformedUrl = transformUrl(url.toString());
  return originalFetch(transformedUrl, init);
};

Bash Executor

The Bash executor uses sed to transform curl URLs: 
# Original curl command:
curl https://slack.com/api/chat.postMessage -d '{"text":"hello"}'

# Transformed:
curl http://localhost:8000/api/env/{id}/services/slack/chat.postMessage -d '{"text":"hello"}'

Security Considerations

Code executors run arbitrary code. In production, consider:
  • Running executors in sandboxed containers
  • Implementing timeouts
  • Restricting network access
  • Validating code before execution

Next Steps

Python Executor

Detailed Python executor guide

TypeScript Executor

Detailed TypeScript executor guide