Skip to Content

Agent Execution Policies and Sandbox Environments

A comprehensive guide explaining what execution policies are, how to configure Always‑Proceed mode for terminals, reviews, and JavaScript, and why sandboxing remains essential for safe agentic workflows.
2 February 2026 by
Suraj Barman

What are Execution Policies?

Execution policies are configuration settings that define how an autonomous agent may interact with external tools such as terminals, test runners, and JavaScript engines. They act as a contract between the agent and the host system, indicating which actions require explicit approval.

  • Terminal execution policy – controls commands like npm test or uv run pytest.
  • Review execution policy – determines whether implementation plans need manual validation.
  • JavaScript execution policy – governs the ability to run scripts or manipulate browser contexts.

How to Set Up “Always Proceed” Mode

“Always Proceed” disables interactive prompts, allowing the agent to execute approved actions automatically. The steps below assume a sandboxed workstation (e.g., Cloud Workstation) where the risk is contained.

  • 1. Open the configuration file for the agent (often agent.yaml or .env).
  • 2. Set the following keys to always or true:
    • terminal_execution_policy=always
    • review_policy=always
    • js_execution_policy=always
  • 3. Restart the agent service to apply changes.
  • 4. Verify the settings by running a harmless command, such as echo "policy test", and confirm no approval prompt appears.

Why a Sandbox Is Mandatory

Even with “Always Proceed” enabled, the agent can execute arbitrary code. A sandbox isolates that code from production resources, preventing accidental data loss, security breaches, or costly infrastructure changes.

  • Containment – Limits file system, network, and CPU access to a controlled environment.
  • Reproducibility – Guarantees that each run starts from a known state, making debugging easier.
  • Safety – Allows developers to experiment with powerful agents (e.g., Antigravity, Gemini CLI) without endangering real services.

Practical Example: Running a Full Development Loop

When the policies are set to “Always Proceed” inside a sandbox, an agent can:

  • Draft an implementation plan and break it into tasks.
  • Initialize a project (e.g., npm init -y).
  • Execute test suites automatically (npm test, uv run pytest).
  • Iterate until all tests pass, then generate a walkthrough of the created architecture.

Best Practices and Recommendations

Follow these guidelines to keep your agentic workflows secure and productive.

  • Always run agents in a dedicated sandbox or container.
  • Log all commands executed by the agent for audit purposes.
  • Periodically review the “Always Proceed” settings and revert to manual approval for high‑risk actions.
  • Combine automated execution with human code reviews for critical code paths.