Merge branch 'main' into add-api-ref-to-nav

Author: beran-t

.tool-versions

@@ -0,0 +1 @@
+node 24.11.0

docs.json

@@ -56,6 +56,14 @@
               "docs/agents/amp",
               "docs/agents/claude-code",
               "docs/agents/codex",
+              {
+                "group": "OpenClaw",
+                "icon": "https://mintlify.s3.us-west-1.amazonaws.com/e2b-openclaw-icon/images/icons/openclaw.svg",
+                "pages": [
+                  "docs/agents/openclaw/openclaw-gateway",
+                  "docs/agents/openclaw/openclaw-telegram"
+                ]
+              },
               "docs/agents/opencode"
             ]
           },
@@ -99,6 +107,7 @@
               "docs/sandbox/lifecycle-events-api",
               "docs/sandbox/lifecycle-events-webhooks",
               "docs/sandbox/persistence",
+              "docs/sandbox/snapshots",
               "docs/sandbox/git-integration",
               "docs/sandbox/metrics",
               "docs/sandbox/metadata",

docs.mdx

@@ -10,7 +10,7 @@ import { Quickstart } from '/snippets/Quickstart.jsx';
 
 E2B provides isolated sandboxes that let agents safely execute code, process data, and run tools. Our SDKs make it easy to start and manage these environments.
 
-Spin up a sandbox and run code in a few lines:
+Start a sandbox and run code in a few lines:
 
 <CodeGroup>
 ```bash JavaScript & TypeScript
@@ -50,7 +50,7 @@ A quick overview of the core building blocks you'll interact with when using E2B
 
 The documentation is split into three main sections:
 
-- [**Quickstart**](#quickstart) — Step-by-step tutorials that walk you through spinning up your first E2B sandboxes.
+- [**Quickstart**](#quickstart) — Step-by-step tutorials that walk you through creating your first E2B sandboxes.
 
 - [**Examples**](#examples) — In-depth tutorials focused on specific use cases. Pick the topics that match what you're building.
 

docs/agents/amp.mdx

@@ -1,28 +1,28 @@
 ---
-title: "AMP"
-description: "Run AMP in a secure E2B sandbox with full filesystem, terminal, and git access."
+title: "Amp"
+description: "Run Amp in a secure E2B sandbox with full filesystem, terminal, and git access."
 icon: "/images/icons/amp.svg"
 ---
 
-[AMP](https://ampcode.com) is Sourcegraph's coding agent with multi-model architecture and built-in code intelligence. E2B provides a pre-built `amp` template with AMP already installed.
+[Amp](https://ampcode.com) is a coding agent with multi-model architecture and built-in code intelligence. E2B provides a pre-built `amp` template with Amp already installed.
 
 ## CLI
 
-Spin up a sandbox with the [E2B CLI](/docs/cli).
+Create a sandbox with the [E2B CLI](/docs/cli).
 
 ```bash
 e2b sbx create amp
 ```
 
-Once inside the sandbox, start AMP.
+Once inside the sandbox, start Amp.
 
 ```bash
 amp
 ```
 
 ## Run headless
 
-Use `-x` for non-interactive mode and `--dangerously-allow-all` to auto-approve all tool calls (safe inside E2B sandboxes). AMP uses its own API key from [ampcode.com/settings](https://ampcode.com/settings).
+Use `-x` for non-interactive mode and `--dangerously-allow-all` to auto-approve all tool calls (safe inside E2B sandboxes). Amp uses its own API key from [ampcode.com/settings](https://ampcode.com/settings).
 
 <CodeGroup>
 ```typescript JavaScript & TypeScript
@@ -172,7 +172,7 @@ sandbox.kill()
 
 ## Thread management
 
-AMP persists conversations as threads that can be resumed or continued with follow-up tasks.
+Amp persists conversations as threads that can be resumed or continued with follow-up tasks.
 
 <CodeGroup>
 ```typescript JavaScript & TypeScript

docs/agents/claude-code.mdx

@@ -8,7 +8,7 @@ icon: "/images/icons/claude-code.svg"
 
 ## CLI
 
-Spin up a sandbox with the [E2B CLI](/docs/cli).
+Create a sandbox with the [E2B CLI](/docs/cli).
 
 ```bash
 e2b sbx create claude

docs/agents/codex.mdx

@@ -8,7 +8,7 @@ icon: "/images/icons/codex.svg"
 
 ## CLI
 
-Spin up a sandbox with the [E2B CLI](/docs/cli).
+Create a sandbox with the [E2B CLI](/docs/cli).
 
 ```bash
 e2b sbx create codex

docs/agents/openclaw.mdx

@@ -1,14 +1,14 @@
 ---
 title: "OpenClaw"
 description: "Run OpenClaw in a secure E2B sandbox with full filesystem, terminal, and git access."
-icon: "/images/icons/openclaw.svg"
+icon: "/images/icons/openclaw-v2.svg"
 ---
 
 [OpenClaw](https://openclaw.ai) is an open-source personal AI assistant that supports multiple LLM providers and messaging channels. E2B provides a pre-built `openclaw` template with OpenClaw already installed.
 
 ## CLI
 
-Spin up a sandbox with the [E2B CLI](/docs/cli).
+Create a sandbox with the [E2B CLI](/docs/cli).
 
 ```bash
 e2b sbx create openclaw

docs/agents/openclaw/openclaw-gateway.mdx

@@ -0,0 +1,277 @@
+---
+title: "Deploy OpenClaw"
+description: "Start the OpenClaw gateway in an E2B sandbox and connect your browser."
+icon: "globe"
+---
+
+## Quick start
+
+This launches your OpenClaw [gateway](https://docs.openclaw.ai/gateway) site (web UI for chatting with agents).
+
+<CodeGroup>
+```typescript JavaScript & TypeScript
+import { Sandbox } from 'e2b'
+
+const TOKEN = process.env.OPENCLAW_APP_TOKEN || 'my-gateway-token'
+const PORT = 18789
+
+// 1. Create sandbox
+const sandbox = await Sandbox.create('openclaw', {
+  envs: { OPENAI_API_KEY: process.env.OPENAI_API_KEY },
+  timeoutMs: 3600_000,
+})
+
+// 2. Set the default model
+await sandbox.commands.run('openclaw config set agents.defaults.model.primary openai/gpt-5.2')
+
+// 3. Set insecure control UI flags and start the gateway with token auth
+await sandbox.commands.run(
+  `bash -lc 'openclaw config set gateway.controlUi.allowInsecureAuth true && ` +
+    `openclaw config set gateway.controlUi.dangerouslyDisableDeviceAuth true && ` +
+    `openclaw gateway --allow-unconfigured --bind lan --auth token --token ${TOKEN} --port ${PORT}'`,
+  { background: true }
+)
+
+// 4. Wait for the gateway to start listening
+for (let i = 0; i < 45; i++) {
+  const probe = await sandbox.commands.run(
+    `bash -lc 'ss -ltn | grep -q ":${PORT} " && echo ready || echo waiting'`
+  )
+  if (probe.stdout.trim() === 'ready') break
+  await new Promise((r) => setTimeout(r, 1000))
+}
+
+const url = `https://${sandbox.getHost(PORT)}/?token=${TOKEN}`
+console.log(`Gateway: ${url}`)
+```
+```python Python
+import os, time
+from e2b import Sandbox
+
+TOKEN = os.environ.get("OPENCLAW_APP_TOKEN", "my-gateway-token")
+PORT = 18789
+
+# 1. Create sandbox
+sandbox = Sandbox.create("openclaw", envs={
+    "OPENAI_API_KEY": os.environ["OPENAI_API_KEY"],
+}, timeout=3600)
+
+# 2. Set the default model
+sandbox.commands.run("openclaw config set agents.defaults.model.primary openai/gpt-5.2")
+
+# 3. Set insecure control UI flags and start the gateway with token auth
+sandbox.commands.run(
+    f"bash -lc 'openclaw config set gateway.controlUi.allowInsecureAuth true && "
+    f"openclaw config set gateway.controlUi.dangerouslyDisableDeviceAuth true && "
+    f"openclaw gateway --allow-unconfigured --bind lan --auth token --token {TOKEN} --port {PORT}'",
+    background=True,
+)
+
+# 4. Wait for the gateway to start listening
+for _ in range(45):
+    probe = sandbox.commands.run(
+        f'bash -lc \'ss -ltn | grep -q ":{PORT} " && echo ready || echo waiting\''
+    )
+    if probe.stdout.strip() == "ready":
+        break
+    time.sleep(1)
+
+url = f"https://{sandbox.get_host(PORT)}/?token={TOKEN}"
+print(f"Gateway: {url}")
+```
+</CodeGroup>
+
+Visit the printed `Gateway` URL in your browser.
+
+If you run in secure mode (set `gateway.controlUi.dangerouslyDisableDeviceAuth false`), run this after opening the URL to poll pending pairing requests and approve the first one.
+
+<CodeGroup>
+```typescript JavaScript & TypeScript
+// 5. Poll for the browser's pending device request and approve it
+for (let i = 0; i < 30; i++) {
+  try {
+    const res = await sandbox.commands.run(
+      `openclaw devices list --json --url ws://127.0.0.1:${PORT} --token ${TOKEN}`
+    )
+    const data = JSON.parse(res.stdout)
+    if (data.pending?.length) {
+      const rid = data.pending[0].requestId
+      await sandbox.commands.run(
+        `openclaw devices approve ${rid} --token ${TOKEN} --url ws://127.0.0.1:${PORT}`
+      )
+      console.log(`Device approved: ${rid}`)
+      break
+    }
+  } catch {}
+  await new Promise((r) => setTimeout(r, 2000))
+}
+```
+```python Python
+import json
+
+# 5. Poll for the browser's pending device request and approve it
+for _ in range(30):
+    try:
+        res = sandbox.commands.run(
+            f"openclaw devices list --json --url ws://127.0.0.1:{PORT} --token {TOKEN}"
+        )
+        data = json.loads(res.stdout)
+        if data.get("pending"):
+            rid = data["pending"][0]["requestId"]
+            sandbox.commands.run(
+                f"openclaw devices approve {rid} --token {TOKEN} --url ws://127.0.0.1:{PORT}"
+            )
+            print(f"Device approved: {rid}")
+            break
+    except Exception:
+        pass
+    time.sleep(2)
+```
+</CodeGroup>
+
+Once approved, the browser connects and the gateway UI loads.
+
+## How it works
+
+| Step | What happens |
+|------|-------------|
+| `--bind lan` | Gateway listens on `0.0.0.0` so E2B can proxy it |
+| `--auth token` | Requires `?token=` on the URL for HTTP and WebSocket auth |
+| Browser opens URL | Gateway serves the UI, browser opens a WebSocket |
+| `code=1008 pairing required` | Gateway closes the WebSocket until the device is approved (secure mode only) |
+| `devices approve` | Approves the browser's device fingerprint (secure mode only) |
+| Browser reconnects | WebSocket connects successfully, UI is live |
+
+## Gateway flags reference
+
+| Flag | Purpose |
+|------|---------|
+| `--allow-unconfigured` | Start without a full config file |
+| `--bind lan` | Bind to `0.0.0.0` (required for E2B port proxying) |
+| `--auth token` | Enable token-based authentication |
+| `--token <value>` | The auth token (passed as `?token=` in the URL) |
+| `--port <number>` | Gateway listen port (default: `18789`) |
+
+## How to restart the gateway
+
+Use this when the gateway is already running and you want a clean restart (for example, after changing model or env settings).
+
+<Info>
+We can't use the `openclaw gateway restart` command here. Some SDK environments cannot target a specific Unix user in `commands.run`. The commands below use the default command user context.
+</Info>
+
+<CodeGroup>
+```typescript JavaScript & TypeScript
+const TOKEN = process.env.OPENCLAW_APP_TOKEN || 'my-gateway-token'
+const PORT = 18789
+
+// 1) Kill existing gateway processes if present
+await sandbox.commands.run(
+  `bash -lc 'for p in "[o]penclaw gateway" "[o]penclaw-gateway"; do for pid in $(pgrep -f "$p" || true); do kill "$pid" >/dev/null 2>&1 || true; done; done'`
+)
+await new Promise((r) => setTimeout(r, 1000))
+
+// 2) Start gateway again
+await sandbox.commands.run(
+  `openclaw gateway --allow-unconfigured --bind lan --auth token --token ${TOKEN} --port ${PORT}`,
+  { background: true }
+)
+
+// 3) Wait for listening socket
+for (let i = 0; i < 45; i++) {
+  const probe = await sandbox.commands.run(
+    `bash -lc 'ss -ltn | grep -q ":${PORT} " && echo ready || echo waiting'`
+  )
+  if (probe.stdout.trim() === 'ready') break
+  await new Promise((r) => setTimeout(r, 1000))
+}
+```
+```python Python
+import os, time
+
+TOKEN = os.environ.get("OPENCLAW_APP_TOKEN", "my-gateway-token")
+PORT = 18789
+
+# 1) Kill existing gateway processes if present
+sandbox.commands.run(
+    """bash -lc 'for p in "[o]penclaw gateway" "[o]penclaw-gateway"; do
+for pid in $(pgrep -f "$p" || true); do
+  kill "$pid" >/dev/null 2>&1 || true
+done
+done'"""
+)
+time.sleep(1)
+
+# 2) Start gateway again
+sandbox.commands.run(
+    f"openclaw gateway --allow-unconfigured --bind lan --auth token --token {TOKEN} --port {PORT}",
+    background=True,
+)
+
+# 3) Wait for listening socket
+for _ in range(45):
+    probe = sandbox.commands.run(
+        f'bash -lc \'ss -ltn | grep -q ":{PORT} " && echo ready || echo waiting\''
+    )
+    if probe.stdout.strip() == "ready":
+        break
+    time.sleep(1)
+```
+</CodeGroup>
+
+## Turn insecure flags off (recommended after testing)
+
+Use this to restore secure device authentication after initial testing.
+
+<CodeGroup>
+```typescript JavaScript & TypeScript
+const TOKEN = process.env.OPENCLAW_APP_TOKEN || 'my-gateway-token'
+const PORT = 18789
+
+await sandbox.commands.run(
+  `bash -lc 'openclaw config set gateway.controlUi.allowInsecureAuth false && ` +
+    `openclaw config set gateway.controlUi.dangerouslyDisableDeviceAuth false'`
+)
+
+await sandbox.commands.run(
+  `bash -lc 'for p in "[o]penclaw gateway" "[o]penclaw-gateway"; do for pid in $(pgrep -f "$p" || true); do kill "$pid" >/dev/null 2>&1 || true; done; done'`
+)
+
+await sandbox.commands.run(
+  `openclaw gateway --allow-unconfigured --bind lan --auth token --token ${TOKEN} --port ${PORT}`,
+  { background: true }
+)
+```
+```python Python
+import os
+
+TOKEN = os.environ.get("OPENCLAW_APP_TOKEN", "my-gateway-token")
+PORT = 18789
+
+sandbox.commands.run(
+    "bash -lc 'openclaw config set gateway.controlUi.allowInsecureAuth false && "
+    "openclaw config set gateway.controlUi.dangerouslyDisableDeviceAuth false'"
+)
+
+sandbox.commands.run(
+    """bash -lc 'for p in "[o]penclaw gateway" "[o]penclaw-gateway"; do
+for pid in $(pgrep -f "$p" || true); do
+  kill "$pid" >/dev/null 2>&1 || true
+done
+done'"""
+)
+
+sandbox.commands.run(
+    f"openclaw gateway --allow-unconfigured --bind lan --auth token --token {TOKEN} --port {PORT}",
+    background=True,
+)
+```
+</CodeGroup>
+
+## Related
+
+<CardGroup cols={1}>
+  <Card title="OpenClaw Telegram" icon="message-circle" href="/docs/agents/openclaw/openclaw-telegram">
+    Connect OpenClaw to Telegram and approve pairing
+  </Card>
+</CardGroup>