Runtimes
Glue runs commands through a CommandExecutor abstraction. Today that's your host shell or an ephemeral Docker container. Cloud runtimes are planned — see the runtime boundary plan in the repo for details.
Canonical source: docs/reference/runtime-capabilities.yaml.
The ladder
host → Docker → cloud planned- Host shipping — fastest; uses your tools, your env.
- Docker shipping — ephemeral containers for risky or messy work. Sandbox polish is experimental.
- Cloud planned — E2B, Modal, Daytona, custom SSH or container workers. Tracked by the runtime boundary plan.
Capability matrix
| Runtime | command_capture | command_streaming | background_jobs | filesystem_read | filesystem_write | mount_host_paths | browser_cdp | artifacts | secrets | snapshots | internet | gpu |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
host shipping Runs in your shell on your machine. | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ◐ | ✓ | — | — | ✓ | ✓ |
docker shipping Ephemeral container; workspace mounted in. | ✓ | ✓ | ◐ | ✓ | ✓ | ✓ | ◐ | ✓ | — | — | ✓ | ◐ |
cloud planned E2B, Modal, Daytona, SSH, or custom workers. | ◌ | ◌ | ◌ | ◌ | ◌ | — | ◌ | ◌ | ◌ | ◌ | ◌ | ◌ |
✓ yes◐ partial◌ planned— no
Choosing a runtime
- Default to host. Fastest feedback loop, direct access to your tools.
- Switch to Docker when you're about to run code you haven't audited — third-party dependency installs, generated scripts, anything grabbing network resources you don't recognize. The container goes away when the session ends.
- Cloud runtimes are planned for workloads that shouldn't touch your host at all: scraping at volume, suspicious artifacts, long-running or GPU-heavy agent work.
Enabling Docker
~/.glue/config.yaml — enable Docker sandbox
yaml
docker:
enabled: true
image: ubuntu:24.04
shell: sh
fallback_to_host: true
mounts:
- /abs/path/to/workspacefallback_to_host: true keeps the session usable if Docker isn't running locally — the executor drops back to host with a visible notice instead of failing.