> ## Documentation Index
> Fetch the complete documentation index at: https://docs.qoder.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Container reference

> Container types, network policies, and preinstalled packages.

Agent Sessions run inside isolated sandbox containers. This page lists the operating system, preinstalled tools, and resource limits for the runtime.

## Operating system

| Item         | Value                                                             |
| ------------ | ----------------------------------------------------------------- |
| Distribution | Ubuntu 22.04 LTS (Jammy)                                          |
| Architecture | x86\_64 (amd64)                                                   |
| Kernel       | Linux 5.10.134 (LIFSEA container engine, based on Linux 5.10 LTS) |

## Preinstalled tools

### System tools

| Tool        | Version      | Description     |
| ----------- | ------------ | --------------- |
| git         | 2.34+        | Version control |
| curl        | 7.81+        | HTTP client     |
| wget        | 1.21+        | File download   |
| jq          | 1.6+         | JSON processing |
| vim         | 8.2+         | Text editor     |
| unzip / tar | system       | Archive tools   |
| ssh         | OpenSSH 8.9+ | SSH client      |
| make        | 4.3+         | Build tool      |

### Language runtimes

| Language | Version  | Package manager |
| -------- | -------- | --------------- |
| Python   | 3.12.x   | pip 24+         |
| Node.js  | 20.x LTS | npm 10+         |
| Go       | 1.22.x   | go mod          |

### Package managers

| Tool | Description               |
| ---- | ------------------------- |
| apt  | System package management |
| pip  | Python packages           |
| npm  | Node.js packages          |

## Working directory

```
/app
```

The Agent's default cwd is `/app`. Note that `$HOME` points to `/data` (a different directory), so `~/` expands to `/data`, not the cwd. For uploaded file mount paths, see [Files and Mounts](/cloud-agents/files).

## Installing extra software

Use the Environment's `packages` field to install additional dependencies:

```json theme={null}
{
  "config": {
    "packages": {
      "apt": ["postgresql-client", "redis-tools", "ffmpeg"]
    }
  }
}
```

At container startup, the `apt`/`pip`/`npm` keys install system packages, Python packages, and Node.js packages respectively.

<Note>
  You can also instruct the Agent in its system prompt to install additional dependencies on demand.
</Note>

## Networking

Network access is governed by the Environment's `config.networking` field (object form required):

| Type            | Description                                                        |
| --------------- | ------------------------------------------------------------------ |
| `unrestricted`  | The container can reach the public internet (default)              |
| `limited`       | Only known-safe public services and package managers are reachable |
| `allowed_hosts` | Only the listed hosts are reachable                                |

Example:

```json theme={null}
{
  "config": {
    "networking": {
      "type": "allowed_hosts",
      "allowed_hosts": [
        "api.github.com",
        "registry.npmjs.org"
      ]
    }
  }
}
```

See [Cloud Environments — Networking Policies](/cloud-agents/environments#networking-policies) for the full field reference.

## Resource limits

| Resource       | Default limit | Description                                            |
| -------------- | ------------- | ------------------------------------------------------ |
| CPU            | 4 vCPU        | Allocated processor cores                              |
| Memory         | 8 GB          | Available RAM                                          |
| Disk           | 25 GB         | Workspace storage (overlay filesystem, \~18 GB usable) |
| Execution time | 30 minutes    | Maximum duration of a single turn                      |

<Note>
  When memory or disk limits are exceeded, the process is OOM-killed or writes fail. Consider reminding the Agent in the system prompt to be mindful of resource usage.
</Note>

## File persistence

* Within the same Session, files persist across turns.
* **Container temporary storage is retained for 24 hours only.** For Sessions inactive beyond 24 hours, the container disk may be reclaimed and files on disk are not guaranteed to be preserved.
* After disk reclamation, the Session itself remains usable — the platform re-initializes the container environment on demand, but files previously produced on disk (e.g., cloned repositories, generated intermediate artifacts) will be lost.
* When the Session lifecycle ends, the container and its files are destroyed immediately.
* For long-term persistence, upload files to platform storage via the Files API.

<Warning>
  Disk reclamation does not terminate the Session. If your workflow depends on intermediate files persisting across days, upload critical artifacts to the Files API at the end of each turn and re-mount them when resuming.
</Warning>

## Execution user

All commands run as **root** inside the container. `whoami` returns `root`, but the `USER` environment variable is not set (empty string). Agents can install system packages and write to any system directory without `sudo`. If restrictions are needed, specify them in the Agent's system prompt.

## Environment variables

Variables preset in the container:

| Variable | Value                   | Description                                                                                                          |
| -------- | ----------------------- | -------------------------------------------------------------------------------------------------------------------- |
| HOME     | /data                   | User home directory (`~/` expands here, different from cwd `/app`)                                                   |
| USER     | (not set, empty string) | Note: the `USER` environment variable is not injected; use `whoami` to get the actual identity, which returns `root` |
| SHELL    | /bin/bash               | Default shell                                                                                                        |
| LANG     | en\_US.UTF-8            | Locale                                                                                                               |

Vault credentials are injected as environment variables when you link a Vault to the Session.

## Next steps

<CardGroup cols={2}>
  <Card title="Cloud environment setup" icon="server" href="/cloud-agents/environments">
    Environment configuration reference.
  </Card>

  <Card title="Attach and download files" icon="paperclip" href="/cloud-agents/files">
    File management.
  </Card>

  <Card title="Authenticate with vaults" icon="key" href="/cloud-agents/vaults">
    Credential injection.
  </Card>

  <Card title="Start a session" icon="play" href="/cloud-agents/sessions">
    Run an agent against an environment.
  </Card>
</CardGroup>
