This document explains how EXECUTION_ENVIRONMENT affects runtime behavior and
the prerequisites for running claude_code / codex safely in sandbox mode.
Related:
Common Lookup Path (state vocabulary -> transition -> owner -> implementation, when entering from execution env config)
When tracing incidents from host/sandbox config, follow: state vocabulary -> transition -> owner -> implementation.
- state-model (state vocabulary)
- flow (runtime transitions and recovery)
- operations (API procedures and operation shortcuts)
- agent/README (owning agent and implementation tracing)
EXECUTION_ENVIRONMENT is a system_config key with two values:
hostsandbox
Internally it maps to launch mode:
host->LAUNCH_MODE=processsandbox->LAUNCH_MODE=docker
- Dashboard System page (
Execution_Environmentselector) - Process manager startup flow (
/system/processes/:name/start) - Dispatcher worker launch
- Claude auth check API (
/system/claude/auth) - Codex auth check API (
/system/codex/auth)
- Worker/Tester/Docser run as host processes
- Claude auth check runs on host (
claude -p ...) - Codex auth check runs on host (
codex login status) - Suited for fast local development iteration
- Task execution runs inside Docker container
- Host Worker/Tester/Docser startup is skipped
- Claude auth check runs in container (
docker run ... claude -p ...) - Codex auth check runs in container (
docker run ... codex login status) - Suited for higher isolation requirements
Sandbox worker image must include:
opencode-ai@anthropic-ai/claude-code@openai/codex
Default image:
openTiger/worker:latest
To use a different tag:
SANDBOX_DOCKER_IMAGE=<your-image>
Default network:
bridge
Override if needed:
SANDBOX_DOCKER_NETWORK=<your-network>
When host login state is usable, claude_code can run without ANTHROPIC_API_KEY.
Mounted auth dirs (read-only):
~/.claude->/home/worker/.claude~/.config/claude->/home/worker/.config/claude
Override if needed:
CLAUDE_AUTH_DIRCLAUDE_CONFIG_DIR
Recommended steps:
- Run
claude /loginon host - Set
EXECUTION_ENVIRONMENT=sandbox - Start dispatcher and run tasks
Codex can run with either login state or API key mode (OPENAI_API_KEY / CODEX_API_KEY).
Mounted auth dir (read-only):
~/.codex->/home/worker/.codex
Override if needed:
CODEX_AUTH_DIR
Recommended steps:
- Run
codex loginon host (or configure API key mode) - Set
EXECUTION_ENVIRONMENT=sandbox - Start dispatcher and run tasks
If auth mount is not found and key mode is not configured, dispatcher logs a warning.
Dispatcher rewrites loopback destinations at sandbox container start:
localhost/127.0.0.1/::1->host.docker.internal
This allows container workers to reach host services.
Endpoints:
GET /system/claude/authGET /system/codex/auth
Query (optional):
environment=host|sandbox
Behavior:
- Uses current
EXECUTION_ENVIRONMENTwhen query omitted - Returns
available,authenticated,checkedAt,executionEnvironment - For sandbox, classifies typical errors:
- Docker daemon unavailable
- Sandbox image missing
- CLI missing in image
- Authentication required
Access:
- This is a system-control API
api-key/bearerallowed- Local operation: allowed when
OPENTIGER_ALLOW_INSECURE_SYSTEM_CONTROL !== "false"
- Claude: confirm
claude /loginon host and auth mount - Codex: confirm
codex loginor key mode, and~/.codexmount when using login mode
- Build/pull image specified by
SANDBOX_DOCKER_IMAGE - Align default tag with local/CI policy
- Start Docker Desktop or
dockerd - Verify
dockerexecution permissions
- Rebuild worker image from
ops/docker/worker.Dockerfile