# car-sandbox
Sandboxed execution environment for [Common Agent Runtime](https://github.com/Parslee-ai/car) agents.
## What it does
`SandboxExecutor` is a `ToolExecutor` implementation that runs tool commands inside an isolated Docker container. The container has:
- Full filesystem access to a mounted working directory
- **No safety policy restrictions** — the isolation IS the safety
- Ability to run tests, install deps, and iterate freely
- Automatic cleanup on drop
## Usage
```rust,ignore
let sandbox = SandboxExecutor::new(working_dir, image).await?;
let runtime = Runtime::new().with_executor(Arc::new(sandbox));
```
## Where it fits
Used by Tokhn (the agent that drives CAR for autonomous work) when it wants to give an agent permission to run arbitrary shell without putting the host filesystem at risk. CAR's normal `car-policy` rules (deny_tool, deny_tool_param) are appropriate when tools touch the user's machine; the sandbox is appropriate when you want to remove guardrails entirely inside a contained environment.