Code Sandbox
Isolated Python and JavaScript execution for file analysis, transformations, and computations (secure, deleted after use, EU-hosted).
The Code Sandbox is a built-in tool that lets an assistant run real code (Python or JavaScript) instead of just generating text answers. It's especially relevant for tasks the model alone can't reliably handle: exact calculations, processing of Excel/CSV files, file generation.
Why a sandbox?
A language model like GPT or Claude is at its core a text generator: it reads and writes text. Three things it can't reliably do on its own: but that come up constantly in real work:
- Read binary files: an
.xlsxfile is not text, it's a binary format. The model only sees what was extracted as text beforehand. - Calculate reliably: for larger multiplications or multi-step computations, the model can miscalculate, because it "guesses" numbers based on probability.
- Complex data analysis: pivots, filters, aggregations across thousands of rows are simply impossible with text processing alone.
The sandbox solves this by giving the model its own small computer. Instead of estimating the answer textually, the model writes Python code that runs on this machine and returns the real result.
How a sandbox call flows
File upload: You upload a file to the chat (e.g. an Excel sheet, a CSV, a Python script).
Task recognition: The assistant detects from your question that the file needs to be processed directly.
File loaded into the sandbox: The original file (not just extracted text) is copied into the sandbox workspace.
Code generation: The assistant writes Python code that solves the task, e.g. import pandas as pd; df = pd.read_excel('file.xlsx'); print(df['Revenue'].mean()).
Execution: The code runs in the isolated environment. The common libraries are preinstalled (incl. pandas, numpy, matplotlib, openpyxl) – no pip install at the start of a session.
Result back: You get the result in chat, plus optionally generated files (e.g. the modified Excel or a PNG chart) as a download.
Hinweis
Images, screenshots, and individual PDF pages are recognized natively – the model sees the image content directly instead of guessing it via OCR. You can also hand multiple files to the sandbox in a single step.
With sandbox vs. without sandbox
| Use case | Without sandbox | With sandbox |
|---|---|---|
| Excel analysis ("Compute the average of the Revenue column") | Model guesses the numbers, often inaccurate | Python reads the file and calculates exactly |
| Edit Excel ("Add a margin column") | Not possible: the model can't write a file back | The file is modified, formatting and formulas are preserved, you receive the edited .xlsx as a download |
| Charts from data | Only simple text diagrams (Mermaid) | Real PNG charts via matplotlib |
| Run code | Model can show the code but not execute it | Code is run, output comes back |
| Large tables (50,000+ rows) | Doesn't fit in the model's context | Python handles arbitrarily large files |
What you see in the chat
From a user perspective, this all happens automatically. You see:
- A short loading indicator while the sandbox starts and the code runs (typically seconds, for complex analysis 10–30 seconds)
- Optionally a display of the executed code: depending on the workspace setting
- The result as text in the chat or as a download link for generated files
- On errors, an error message; the assistant often tries an alternative approach automatically
Security and hosting
The sandbox is an isolated virtual machine: code running inside it has no access to other customer data, the internet, or the meinGPT system. Even if faulty or malicious code were executed, it could do no damage outside the sandbox.
- Hosting: Frankfurt, Germany (Unikraft Cloud), isolated EU cloud setup
- Lifetime: A sandbox session is bound to your chat. Within the session, files remain in the workspace — across multiple tool calls and messages. When idle, the VM pauses (scale-to-zero); the attached volume keeps the files until the session ends
- Data flow: Original files are temporarily loaded into the sandbox for processing and deleted immediately after execution. For on-premise customers it's important to note that sandbox processing happens in the cloud
- Internet access: disabled by default
- Script libraries: a broad stack is preinstalled (no
pip installneeded). Python for data analysis (pandas,numpy,matplotlib,pyarrow), Excel editing and creation (openpyxl,XlsxWriter), PDF (PyMuPDF,pdfplumber,pypdf,PyPDF2,pdfminer.six,pdf2image,reportlab,fpdf2), Office documents (python-docx,python-pptx), web/HTML (requests,beautifulsoup4,lxml,flask), images (Pillow; OCR viapytesseractas a fallback); for Node incl. SheetJS (xlsx),pdfkit,docx,pptxgenjsplus ZIP operations (archiver,unzipper) - Office skills baked into the image: for
.xlsx,.docx, and.pptx, short skill guides ship directly inside the runtime — the assistant gets not just the libraries but also the right approach hints (e.g. "preserve formatting when editing, work with styles when generating")
Current methods
When the Code Sandbox connector is attached to an assistant, the following methods are available. A sandbox session is created implicitly on the first tool call in a chat (matching runtime: Python or Node); there is no separate "start session" method.
sandbox-write-file: write a chat file into the sandboxsandbox-upload-file: upload an external filesandbox-download-file: fetch a generated file back into the chatsandbox-list-files: list workspace contentssandbox-read-file: read a text file from the workspace with line-level offset/limitsandbox-view-file: let the model look at an image or PDF page from the workspace directly (instead of OCR)sandbox-execute-command: execute a command inside the sandboxsandbox-run: run a short code snippet directly, without writing it to a file firstsandbox-mount-skill: make a prebuilt skill (e.g.xlsx,docx,pptx) available in the running sessionsandbox-create-skill: save a workflow proven in the session as a reusable skillsandbox-end-session: explicitly end the current sandbox session (VM and workspace are released)
Limits
- Session-bound: the workspace belongs to your chat. When you start a new chat, the sandbox starts fresh — files from another chat are not available there
- Split complex workflows: very long compute pipelines are better expressed as multiple smaller steps than one monolithic call
- No outbound internet from inside the sandbox: external APIs are reached via connectors or skills, not from the code itself
Frequent questions
Why does a sandbox response take longer than a regular chat answer?
The sandbox needs to start, code needs to be written and executed. That's more work than plain text generation. Complex analyses take 10–30 seconds, that's normal.
Why is the result sometimes still wrong?
The assistant writes the code. If it misinterprets the data structure or picks the wrong approach, the result can be wrong. Tip: spot-check the result, and when in doubt, sharpen the prompt with concrete constraints (e.g. "filtered on column X = Y").
Which file types work reliably?
Excel (.xlsx, .xls), CSV and Python scripts work reliably. PDF and Word can be parsed with the preinstalled libraries; heavily formatted documents may leave gaps. Images, screenshots, and individual PDF pages are recognized by the model natively — even scanned or photographed PDFs are looked at directly by the model (sandbox-view-file), which usually beats classic OCR. pytesseract is available as a fallback for purely text-heavy scans.
Is this GDPR-compliant?
Yes. The sandbox is isolated (no access to other data), runs in Frankfurt/Germany (Unikraft Cloud), and is released when your chat session ends. Original files are temporarily loaded into the sandbox. If that matters for your compliance setup, get in touch and we'll walk through the data flow in detail.
Where to go next
- Excel: the Excel agent uses the Code Sandbox under the hood
- Skills: your own code packages with libraries and external API access
- Assistants: how to attach the Code Sandbox to an assistant as a tool