Skip to main content
Use the sandbox.git helper to run common git operations inside a sandbox. The helper is non-interactive, so pass credentials explicitly or store them.
Git is available in the default sandbox template. If you’re using a custom or minimal template without git, install it first. See the install custom packages guide or add git in your template definition.
All examples below assume you already created a sandbox instance.

Clone a repository

import { Sandbox } from '@e2b/code-interpreter'

const sandbox = await Sandbox.create()

await sandbox.git.clone('https://git.example.com/org/repo.git', {
  path: '/workspace/repo',
  branch: 'main',
  depth: 1,
})

Check status and branches

status() returns a structured object with branch, ahead/behind, and file status details. branches() returns the branch list and the current branch. 
const status = await sandbox.git.status('/workspace/repo')
console.log(status.currentBranch, status.ahead, status.behind)
console.log(status.fileStatus)

const branches = await sandbox.git.branches('/workspace/repo')
console.log(branches.currentBranch)
console.log(branches.branches)

Create and manage branches

await sandbox.git.createBranch('/workspace/repo', 'feature/new-docs')
await sandbox.git.checkoutBranch('/workspace/repo', 'main')
await sandbox.git.deleteBranch('/workspace/repo', 'feature/old-docs', { force: true })

Stage and commit

await sandbox.git.add('/workspace/repo', { all: true })
await sandbox.git.commit('/workspace/repo', 'Initial commit', {
  authorName: 'E2B Bot',
  authorEmail: 'bot@example.com',
})

Pull and push (with credentials)

For private repos over HTTP(S), pass username and password (token) to the command that needs it. A username is required whenever you pass a password/token. 
await sandbox.git.push('/workspace/repo', {
  remote: 'origin',
  branch: 'main',
  setUpstream: true,
  username: process.env.GIT_USERNAME,
  password: process.env.GIT_TOKEN,
})

await sandbox.git.pull('/workspace/repo', {
  remote: 'origin',
  branch: 'main',
  username: process.env.GIT_USERNAME,
  password: process.env.GIT_TOKEN,
})

Manage remotes

await sandbox.git.remoteAdd('/workspace/repo', 'origin', 'https://git.example.com/org/repo.git', {
  fetch: true,
  overwrite: true,
})

Authenticate once (credential helper)

If you want to avoid passing credentials on each command, you can store them in the git credential helper inside the sandbox.
dangerouslyAuthenticate() / dangerously_authenticate() stores credentials on disk inside the sandbox. Any process or agent with access to the sandbox can read them. Use only when you understand the risk.
await sandbox.git.dangerouslyAuthenticate({
  username: process.env.GIT_USERNAME,
  password: process.env.GIT_TOKEN,
  host: 'git.example.com',
  protocol: 'https',
})

// After this, HTTPS git operations can use the stored credentials.
await sandbox.git.clone('https://git.example.com/org/private-repo.git', {
  path: '/workspace/repo',
})
await sandbox.git.push('/workspace/repo', { remote: 'origin', branch: 'main' })

Keep credentials in the remote URL

If you intentionally want to keep credentials in the cloned repository, set the dangerouslyStoreCredentials / dangerously_store_credentials flag.
Storing credentials in the repository remote persists them in the repo config. Any process or agent with access to the sandbox can read them. Only use this when required.
await sandbox.git.clone('https://git.example.com/org/private-repo.git', {
  username: process.env.GIT_USERNAME,
  password: process.env.GIT_TOKEN,
  dangerouslyStoreCredentials: true,
})

Configure identity and config

Set the global git author and other config values as needed. 
await sandbox.git.configureUser('E2B Bot', 'bot@example.com')
await sandbox.git.setConfig('pull.rebase', 'false')
const rebase = await sandbox.git.getConfig('pull.rebase')