Skip to main content
Every agent run executes in an isolated container (sandbox) with a pre-configured environment. The sandbox is created fresh for each run and destroyed after completion.

What’s pre-installed

ComponentVersionDescription
AI AgentLatestAI coding agent with tool use, file editing, and web fetching
casedev CLIv0.1.1+Pre-authenticated CLI for all Case.dev services
Node.js22Runtime for scripts and tools
curlSystemHTTP requests

The casedev CLI

The CLI is pre-authenticated with a scoped API key — no login required. The agent can call any Case.dev service:

Vault operations

Vault operations
# List vaults
casedev vault list

# Search a vault
casedev search vault "force majeure clauses" --vault vault_abc

# Upload a file
casedev vault upload ./report.md --vault vault_abc

# Download files
casedev vault download --vault vault_abc --object obj_xyz
Legal research
# Search case law
casedev search legal "employment discrimination ADA"

# Deep research with multiple queries
casedev search legal "trade secret misappropriation" --deep

# Search patents
casedev search patent "natural language processing" --assignee "Google"

# Search similar cases
casedev search cases --url "https://case-url" --after 2020-01-01
Web search
# Web search
casedev search web "recent SCOTUS rulings on digital privacy"

# Fetch and summarize a webpage
casedev search webfetch https://example.com/ruling.pdf

Other services

Other services
# OCR a document
casedev ocr process --document-url "https://..."

# Transcribe audio
casedev transcribe run --object obj_xyz --vault vault_abc

# Call any API endpoint directly
casedev api GET /vault/vault_abc
casedev api POST /llm/v1/chat/completions --body '{"model": "...", "messages": [...]}'
Run casedev --help inside the sandbox to see all available commands. The CLI covers every Case.dev service.

Agent tools

The AI agent has access to these tools for working within the sandbox:
ToolDescription
bashExecute shell commands (including the casedev CLI)
readRead files from the sandbox filesystem
writeCreate or overwrite files
editMake targeted edits to existing files
globFind files by pattern
grepSearch file contents
webfetchFetch and parse web pages
todowriteTrack multi-step task progress
The agent uses these tools autonomously to complete your prompt. For example, when asked to “search a vault and compile a report,” it will:
  1. Run casedev vault list via bash to find vaults
  2. Run casedev search vault to find relevant content
  3. Use write to create a markdown report
  4. Run casedev vault upload to upload the report
  5. Run casedev api to get a presigned download URL

Sandbox resources

ResourceDefaultConfigurable
CPU2 coresYes, via sandbox.cpu
Memory2048 MiBYes, via sandbox.memoryMiB
Timeout30 minutesNo
DiskEphemeralNo
NetworkFull outboundNo
Configure resources when creating the agent: 
const agent = await client.agents.create({
  name: 'Heavy Processor',
  instructions: 'Process large document sets.',
  sandbox: {
    cpu: 4,
    memoryMiB: 4096,
  },
})

Filesystem

The sandbox starts in /workspace with a clean filesystem. The agent can create, read, and modify files freely. Key paths:
PathPurpose
/workspaceWorking directory
/workspace/agent.jsonAgent configuration (auto-generated)
/usr/local/bin/casedevCLI binary
The sandbox filesystem is ephemeral. Files are destroyed when the run completes. To persist results, upload them to a vault using casedev vault upload.

Security model

Each sandbox is fully isolated:
  • Dedicated container — no shared state between runs
  • Scoped API key — the agent’s key only has access to authorized vaults and services
  • Network isolation — outbound access only, no inbound connections
  • Auto-cleanup — sandbox is destroyed after run completes or times out
The agent’s API key is automatically revoked if the agent is deleted.

Limitations

LimitationDetails
No inbound networkingThe sandbox cannot receive incoming connections
30-minute timeoutLong-running tasks must complete within this window
No GPUCPU-only environment
No persistent storageUse vaults for any data that needs to survive the run
Single sessionOne agent session per run