From 39b83f34438470d93484bd0c412f75a539b64b00 Mon Sep 17 00:00:00 2001
From: Teknium <teknium1@gmail.com>
Date: Mon, 13 Apr 2026 04:23:18 -0700
Subject: [PATCH] fix: remove sandbox language from tool descriptions
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The terminal and execute_code tool schemas unconditionally mentioned
'cloud sandboxes' in their descriptions sent to the model. This caused
agents running on local backends to believe they were in a sandboxed
environment, refusing networking tasks and other operations. Worse,
agents sometimes saved this false belief to persistent memory, making
it persist across sessions.

Reported by multiple users (XLion, 林泽).
---
 tools/code_execution_tool.py | 3 +--
 tools/terminal_tool.py       | 1 -
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/tools/code_execution_tool.py b/tools/code_execution_tool.py
index 8b5f79455..bed4f2091 100644
--- a/tools/code_execution_tool.py
+++ b/tools/code_execution_tool.py
@@ -1327,8 +1327,7 @@ def build_execute_code_schema(enabled_sandbox_tools: set = None) -> dict:
         f"Available via `from hermes_tools import ...`:\n\n"
         f"{tool_lines}\n\n"
         "Limits: 5-minute timeout, 50KB stdout cap, max 50 tool calls per script. "
-        "terminal() is foreground-only (no background or pty). "
-        "If the session uses a cloud sandbox backend, treat it as resumable task state rather than a durable always-on machine.\n\n"
+        "terminal() is foreground-only (no background or pty).\n\n"
         "Print your final result to stdout. Use Python stdlib (json, re, math, csv, "
         "datetime, collections, etc.) for processing between tool calls.\n\n"
         "Also available (no import needed — built into hermes_tools):\n"
diff --git a/tools/terminal_tool.py b/tools/terminal_tool.py
index 3dfa786e1..90c4a7ea2 100644
--- a/tools/terminal_tool.py
+++ b/tools/terminal_tool.py
@@ -531,7 +531,6 @@ Working directory: Use 'workdir' for per-command cwd.
 PTY mode: Set pty=true for interactive CLI tools (Codex, Claude Code, Python REPL).
 
 Do NOT use vim/nano/interactive tools without pty=true — they hang without a pseudo-terminal. Pipe git output to cat if it might page.
-Important: cloud sandboxes may be cleaned up, idled out, or recreated between turns. Persistent filesystem means files can resume later; it does NOT guarantee a continuously running machine or surviving background processes. Use terminal sandboxes for task work, not durable hosting.
 """
 
 # Global state for environment lifecycle management