sandbox‑bot / docs
Telegram bot · @sandboxgptbot

A private Linux sandbox
that lives inside one Telegram chat.

Send a message, a photo, or a voice note. The bot's AI reads it, decides what needs doing, and actually does it — inside a Linux directory and shell that belong only to you. No app to install, no server to rent.

@sandboxgptbot · private sandbox session
How it works

One message becomes a real, running loop.

This is the actual order of events, every time you send something — not marketing steps, the real pipeline.

1

You send something

Plain text, a photo, or a voice note. Nothing needs a special format — talk to it like you'd talk to a person.

2

The AI reads it and decides

A language model (hosted on Ollama) looks at your message plus the recent conversation, and works out whether it can just answer, or whether it needs to do something first.

3

If it needs to act, it calls a tool

Run a shell command, read or write a file, list a folder, look at an image, or open a public link for a web app you started — the model picks exactly one tool and the arguments for it.

4

The bot actually runs it

Inside your own sandbox directory and persistent shell — python3, pip, node, and npm are already installed. Real output, real errors, nothing simulated.

5

The result goes straight back to the model

Command output, file contents, an image description, a transcript — whatever came back is fed to the AI so it can judge what to do next.

6

It repeats, then answers you

The loop continues — fix, re-run, check again — until the model has something worth telling you. You watch it happen live, in one message that updates as it works.

What you can do

Everything runs where you'd expect — a real shell, not a chatbot pretending.

Each of these is a tool the AI can reach for on its own, or you can drive directly with a command.

💻

Run & debug code

A persistent bash shell that remembers your working directory between messages. Ask it to run something, read the error, and fix it — it will, on its own.

📦

Upload files

Send anything — a script, a dataset, a zip. Archives (.zip, .tar, .tar.gz) are extracted automatically.

🌐

Go live

Start a web app or API and get back a real, clickable public URL through a Cloudflare Tunnel — no deployment step required.

🖼️

Show it a picture

Send a photo — a screenshot, an error, a diagram — and ask what's in it, or let the AI look at its own output to sanity-check itself.

🎤

Talk instead of typing

Voice notes are transcribed and handled exactly like a typed message — same tools, same sandbox, same conversation.

🗂️

Manage your space

Check your storage, list or download files, and wipe everything clean whenever you want a fresh start.

Getting started

Or skip the AI entirely and drive it yourself.

Every command below works at any time, even mid-conversation with the AI — nothing blocks anything else.

CommandWhat it does
/startIntroduction and quick orientation.
/helpFull command list, right in the chat.
/shell <cmd>Run one command in your persistent sandbox shell.
/run <code>Quick one-off Python, e.g. /run print(1+1).
/stopInterrupt whatever's currently running.
/files [path]List files in your sandbox.
/storageShow how much of your quota you've used.
/download <path>Get a file back out of your sandbox.
/expose <port>Get a public URL for a local app you're running.
/tunnelsList your currently active public links.
/resetWipe your sandbox completely and start clean. Irreversible.
/newchatClear the AI's memory of your conversation — your files stay put.
/pwdShow your current sandbox path.
Privacy & security

What actually happens to what you send.

Written plainly, not as a legal document. If something here would change your mind about what you upload, that's the point of reading it first.

Your messages, photos, and voice notes go to AI providers

Text and images are sent to an Ollama-hosted model to generate a response; voice notes are sent to Groq's transcription service to turn them into text. Both are outside processing, the same way any AI chatbot works — don't send anything you wouldn't want handled by a third-party service.

!

Your sandbox is isolated, not invisible

Each user gets their own directory and shell, kept apart with OS-level limits — timeouts, memory caps, path checks. That stops accidents and casual overreach between users. It is not a hardware or VM-grade security boundary, and it doesn't hide your data from whoever runs the bot's server.

Whoever operates the bot can access server-side data

Sandbox files, command output, and logs live on the server this bot runs on. Treat it like any shared server you don't personally control — fine for code, experiments, and public data; not the place for passwords, personal documents, or anything sensitive.

Conversation memory is temporary and limited

The AI remembers recent messages so it can hold a conversation, capped to a fixed number of turns and cleared on a bot restart. Send /newchat any time to clear it yourself — your files aren't affected.

You control deletion

/reset wipes your entire sandbox — files, running processes, public links — immediately and irreversibly. There's no undo, so use it deliberately.

Storage is quota-limited, not unlimited

Every account gets a fixed amount of space. Check /storage any time to see what you're using, and clean up with /reset if you hit the ceiling.

In short: use it the way you'd use any shared development server — great for running, testing, and debugging code, sketchy for anything you need kept private or confidential.