Daytona
Service domainCODE SANDBOX
Arcade Optimized
Arcade tools designed for LLMs to interact with Daytona sandboxes
46tools
46require secrets
Arcade's Daytona toolkit lets LLMs provision and manage isolated sandboxes, run code and commands, operate persistent sessions, manage snapshots, and perform Git and file operations inside the sandbox. It streamlines dev-loop automation including port previews and SSH access.
Capabilities
- Full sandbox lifecycle: create (from snapshot or image), start, stop, archive, delete, resize, label, list regions, and configure auto-stop / auto-archive / auto-delete intervals.
- File system and content tools: read, write, move, delete, list, get info, find by glob, search content, replace across files, and create folders.
- Git operations inside the sandbox: clone, status, add, commit, push, pull, log, checkout, and branch create/list/delete.
- Execute code or shell commands directly, or drive persistent sessions with input, logs, and listings for long-running processes.
- Access and sharing: snapshot create/list/get, port listing and preview URLs (standard or signed), and time-boxed SSH access credentials.
OAuth Uses GitHub OAuth for user identification. See the Arcade GitHub auth provider docs for configuration.
Secrets
DAYTONA_API_KEY— authenticates Arcade to the Daytona API. Configure in the Arcade Dashboard per the Arcade secret setup guide. SSH tokens returned byCreateSshAccessare sensitive and should not be logged.
Available tools(46)
46 of 46 tools
Operations
Behavior
| Tool name | Description | Secrets | |
|---|---|---|---|
Archive a stopped sandbox to reduce storage costs.
The sandbox must be stopped first (use stop_sandbox). Can be started again
later, though startup takes longer than from stopped state. | 1 | ||
Configure auto-stop, auto-archive, and/or auto-delete intervals.
Only provided values are updated. WARNING: auto_delete_minutes=0 means
immediate deletion upon stop -- use -1 to disable. | 1 | ||
Create a folder (with parent directories) in the sandbox. | 1 | ||
Create a new isolated sandbox for code execution.
Two creation modes: from a Daytona snapshot or from a Docker image.
If neither snapshot nor image is specified, uses the standard base image.
Resource params (cpu, memory_gb, disk_gb, gpu) only apply to image-based creation.
Returns sandbox name, ID, and status. Ready for run_code / run_command immediately.
Note: A ``region`` parameter is deferred -- the Daytona SDK's
``CreateSandboxFromImageParams`` / ``CreateSandboxFromSnapshotParams`` do not
currently expose a ``target``/``region`` field. | 1 | ||
Create a persistent background session for long-running processes.
Sessions persist across tool calls -- useful for dev servers, watchers, or
multi-step workflows where you need to run commands sequentially. | 1 | ||
Create a new sandbox snapshot (image template).
Snapshots define the base environment for new sandboxes.
The image parameter is required -- it specifies the base Docker image.
Note: snapshot creation can take several minutes as the image must be built. | 1 | ||
Create SSH access credentials for the sandbox.
Returns connection details including host, port, username, and access token
for direct SSH access. Use the token to authenticate SSH connections.
SENSITIVE OUTPUT: The returned token grants SSH access to the sandbox.
Avoid logging or displaying it in contexts where it could be inadvertently
exposed. The token expires after ``expires_in_minutes`` (default 60 min).
Set ``expires_in_minutes=0`` to create a non-expiring token (use with
caution -- increases blast radius from accidental exposure). | 1 | ||
Delete a file or empty directory. Set recursive=True to delete non-empty directories. | 1 | ||
Permanently delete a sandbox and all its contents. | 1 | ||
Search for files by name pattern (glob). Returns matching file paths.
Response includes total count and has_more flag for pagination. | 1 | ||
Get metadata about a file: size, permissions, modified time, type. | 1 | ||
Get a preview URL for a web service running in the sandbox.
Standard URLs require an auth token in the x-daytona-preview-token header.
Signed URLs embed authentication in the URL itself -- useful for sharing. | 1 | ||
Get detailed information about a sandbox.
Returns state, resources, labels, auto-stop/archive settings, and timestamps.
Environment variable values whose keys look secret-like (containing token,
key, secret, password, auth) are redacted by default. Set
include_raw_env_vars=True only when you need the actual values. | 1 | ||
Get output logs from a command running in a session.
Useful for checking output of async commands (servers, builds). | 1 | ||
Get detailed information about a snapshot.
Accepts a snapshot name or ID. Returns full details including state,
image, resources, entrypoint, and timestamps. | 1 | ||
Stage files for the next commit. Accepts file paths or '.' for all changes. | 1 | ||
List all branches. Indicates which branch is currently checked out. | 1 | ||
Switch to a branch, tag, or commit. Optionally create a new branch.
Default mode (create_new_branch=False): switches to an existing ref.
Create mode (create_new_branch=True): creates a new branch named ref
and switches to it, optionally from start_point. | 1 | ||
Clone a Git repository into the sandbox.
For GitHub repos, authentication is handled automatically via Arcade's
OAuth integration — the user is prompted to authorize once, and the
token is managed by Arcade Engine. Consent is one-time; token refresh
is automatic.
Permission requirements by auth mode:
- OAuth Apps mode: the "repo" scope is requested (full repo access).
- GitHub Apps mode: the app installation must have "Contents: read"
permission (for clone/pull) or "Contents: read & write" (for
clone followed by push).
For non-GitHub private repos, provide username + PAT as overrides. | 1 | ||
Commit staged changes. Requires files to be staged first with git_add. | 1 | ||
Create a new branch and switch to it.
Equivalent to git_checkout(ref=branch, create_new_branch=True, start_point=...). | 1 | ||
Delete a local branch. | 1 | ||
Get commit history. Returns commit hash, author, date, and message. | 1 | ||
Pull latest changes from the remote repository.
For GitHub repos, authentication is automatic via OAuth. The SDK path
is used by default. Shell fallback is used only when an explicit
branch is requested.
For non-GitHub remotes, credentials must have been provided during
git_clone or configured manually in the sandbox. | 1 | ||
Push local commits to the remote repository.
For GitHub repos, authentication is automatic via OAuth. The SDK path
is used by default (no token in command args). Shell fallback is used
only when force or explicit branch is requested.
For non-GitHub remotes, credentials must have been provided during
git_clone or configured manually in the sandbox. | 1 |
Page 1 of 2(25 of 46)
Last updated on