增加e2b沙盒支持 Feature/add e2b support

[zerob13]

Pull Request Description (中文)

你的功能请求是否与某个问题有关？请描述一下。
参考 https://raw.githubusercontent.com/e2b-dev/mcp-server/refs/heads/main/packages/js/src/index.ts 在powerpack增加了 e2b的支持

桌面应用程序的 UI/UX 更改

Summary by CodeRabbit

• New Features

  • Added support for running Python code in a secure cloud sandbox (E2B) for the "powerpack" in-memory server type.
  • New UI options for enabling E2B and entering an API key when configuring powerpack servers.
  • Python code execution now supports both local and cloud-based (E2B) environments.

• Bug Fixes

  • Improved event handling to ensure server status updates and configuration changes are sent to all app windows.

• Localization

  • Added E2B sandbox configuration strings to all supported languages for improved internationalization.

• Chores

  • Added the E2B code interpreter package as a new dependency.

[coderabbitai]

Walkthrough

This update introduces support for executing Python code in a secure cloud sandbox (E2B) for the "powerpack" in-memory server type. It adds configuration options in the UI, backend integration with E2B, new localization strings in multiple languages, and updates event dispatching to use a unified method targeting all windows.

Changes

File(s)	Change Summary
package.json	Added @e2b/code-interpreter dependency.
src/main/presenter/configPresenter/mcpConfHelper.ts src/main/presenter/mcpPresenter/index.ts src/main/presenter/mcpPresenter/mcpClient.ts	Replaced eventBus.emit with eventBus.send using SendTarget.ALL_WINDOWS for event dispatching.
src/main/presenter/mcpPresenter/inMemoryServers/builder.ts	Passed env parameter to PowerpackServer constructor.
src/main/presenter/mcpPresenter/inMemoryServers/powerpackServer.ts	Integrated E2B Python code execution, added E2BManager, conditional tool registration, config parsing, and error handling.
src/renderer/src/components/mcp-config/mcpServerForm.vue	Added E2B config UI for powerpack servers, validation, state management, and environment variable injection.
src/renderer/src/i18n/en-US/settings.json src/renderer/src/i18n/fa-IR/settings.json src/renderer/src/i18n/fr-FR/settings.json src/renderer/src/i18n/ja-JP/settings.json src/renderer/src/i18n/ko-KR/settings.json src/renderer/src/i18n/ru-RU/settings.json src/renderer/src/i18n/zh-CN/settings.json src/renderer/src/i18n/zh-HK/settings.json src/renderer/src/i18n/zh-TW/settings.json	Added localization strings for E2B sandbox configuration and help in multiple languages.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant UI (mcpServerForm.vue)
    participant Main Process
    participant PowerpackServer
    participant E2BManager
    participant E2B Cloud

    User->>UI (mcpServerForm.vue): Selects powerpack server and enables E2B
    UI (mcpServerForm.vue)->>Main Process: Submits config with USE_E2B and E2B_API_KEY
    Main Process->>PowerpackServer: Starts server with E2B config
    PowerpackServer->>E2BManager: Initialize with API key (if USE_E2B)
    E2BManager->>E2B Cloud: Authenticate and prepare sandbox
    User->>UI (mcpServerForm.vue): Sends Python code execution request
    UI (mcpServerForm.vue)->>PowerpackServer: Request run_code tool
    PowerpackServer->>E2BManager: Create sandbox and execute code
    E2BManager->>E2B Cloud: Run Python code
    E2B Cloud-->>E2BManager: Return output/results
    E2BManager-->>PowerpackServer: Return output
    PowerpackServer-->>UI (mcpServerForm.vue): Return results to user

Loading

Poem

A rabbit hopped into the cloud,
With Python dreams both bold and proud.
E2B sandboxes now in tow,
Across all windows, events now flow.
Powerpack’s magic, UI’s new face,
In every tongue, code finds its place!
🐇✨

✨ Finishing Touches

• 📝 Generate Docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 3

🔭 Outside diff range comments (1)

src/renderer/src/components/mcp-config/mcpServerForm.vue (1)

922-934: Hiding the generic env editor for Powerpack may block advanced users

For powerpack servers the standard env textarea is completely hidden.
Users can no longer tweak unrelated variables (e.g. HTTP_PROXY) without switching to JSON import.

Recommend leaving the textarea visible (perhaps collapsed) or adding an “advanced” toggle so users still have full control.

♻️ Duplicate comments (1)

src/main/presenter/mcpPresenter/mcpClient.ts (1)

567-570: Replicate the above fix for the failure branch

When the connection fails you emit the stopped status with the same argument order.
If the order needs swapping (see previous comment) remember to adjust here as well to keep behaviour symmetrical.

🧹 Nitpick comments (19)

src/main/presenter/mcpPresenter/index.ts (1)

384-386: Possible duplicate SERVER_STOPPED event

If stopServer() succeeds it already calls eventBus.send(MCP_EVENTS.SERVER_STOPPED …).
When the subsequent startServer() fails, this extra send emits the same event twice.

Not harmful, but listeners doing state transitions or analytics could double-count.
Wrap the second send with a guard:

-        eventBus.send(MCP_EVENTS.SERVER_STOPPED, SendTarget.ALL_WINDOWS, serverName)
+        if (!this.serverManager.isServerRunning(serverName)) {
+          eventBus.send(MCP_EVENTS.SERVER_STOPPED, SendTarget.ALL_WINDOWS, serverName)
+        }

src/main/presenter/configPresenter/mcpConfHelper.ts (1)

249-255: Broadcast OK – but consider debouncing CONFIG_CHANGED

Every write to ElectronStore now emits CONFIG_CHANGED immediately. Bulk edits (e.g. import JSON) trigger many rapid sends and can flood renderer IPC.

Add a short debounce/throttle around eventBus.send inside setters (setMcpServers, add/remove/toggle…) to coalesce updates.

No functional bug, just performance polish.

src/renderer/src/i18n/ja-JP/settings.json (1)

380-386: Minor JP localisation fixes

Typo & consistency:

-"useE2B": "E2Bサンドボックスを有効にします",
-"e2bDescription": "E2Bサンドボックスを使用してPythonコードを実行します",
-"e2bApiKey": "E2B Apikey",
-"e2bApiKeyPlaceholder": "e2b_1111xx *******など、E2B APIキーをこちらから入力してください。",
-"e2bApiKeyHelp": "e2b.devにアクセスして、アピケイを取得します",
-"e2bApiKeyRequired": "E2B関数を有効にするには、Apikeyを入力する必要があります"
+"useE2B": "E2Bサンドボックスを有効化",
+"e2bDescription": "E2Bサンドボックスで Python コードを実行します",
+"e2bApiKey": "E2B APIキー",
+"e2bApiKeyPlaceholder": "例: e2b_************",
+"e2bApiKeyHelp": "e2b.dev で APIキーを取得してください",
+"e2bApiKeyRequired": "E2B を有効にするには APIキーが必要です"

(“Apikey”→“APIキー”, “アピケイ” typo).

src/main/presenter/mcpPresenter/mcpClient.ts (1)

6-6: Unused named import SendTarget before first usage

SendTarget is imported here, but the first usage is ~530 lines later.
Consider re-ordering the import list alphabetically or grouping by package to avoid large temporal gaps between declaration and usage.
(This is only a style/readability concern; feel free to ignore if your code-style rules already allow this.)

src/renderer/src/i18n/en-US/settings.json (1)

388-395: Terminology consistency: API key vs ApiKey

Across the English locale file the phrase is always written as “API Key” (e.g. lines 164-166).
The newly added strings use “ApiKey”/“Api Keys”.

- "e2bApiKey": "E2B ApiKey",
- "e2bApiKeyPlaceholder": "Enter your E2B Api Keys here, such as e2b_1111xx*******",
- "e2bApiKeyHelp": "Go to e2b.dev to get your ApiKey",
- "e2bApiKeyRequired": "ApiKey must be entered to enable E2B function"
+ "e2bApiKey": "E2B API Key",
+ "e2bApiKeyPlaceholder": "Enter your E2B API key here, e.g. e2b_1111xx*******",
+ "e2bApiKeyHelp": "Visit e2b.dev to obtain your API key",
+ "e2bApiKeyRequired": "An API key is required to enable the E2B sandbox"

src/renderer/src/i18n/zh-CN/settings.json (1)

387-394: 用词统一：ApiKey → API密钥

当前新增字段与同文件中 272 行的 “API密钥” 不一致，建议保持统一：

- "useE2B": "启用E2B沙盒",
- "e2bDescription": "使用E2B沙盒执行Python代码",
- "e2bApiKey": "E2B ApiKey",
- "e2bApiKeyPlaceholder": "这里输入你的E2B Api Keys，如 e2b_1111xx*****",
- "e2bApiKeyHelp": "前往 e2b.dev 获取你的 ApiKey",
- "e2bApiKeyRequired": "启用E2B功能必须要输入 ApiKey"
+ "useE2B": "启用 E2B 沙盒",
+ "e2bDescription": "使用 E2B 沙盒执行 Python 代码",
+ "e2bApiKey": "E2B API 密钥",
+ "e2bApiKeyPlaceholder": "请输入 E2B API 密钥，例如 e2b_1111xx*****",
+ "e2bApiKeyHelp": "前往 e2b.dev 获取 API 密钥",
+ "e2bApiKeyRequired": "启用 E2B 功能必须输入 API 密钥"

src/renderer/src/i18n/zh-TW/settings.json (1)

380-387: 統一專有名詞大小寫

建議將 ApiKey 全文改為「API 金鑰」以符合 272 行等處既有用法；同時微調語句以符合同文件格式。

src/renderer/src/i18n/fr-FR/settings.json (1)

380-386: Accent & capitalisation corrections

Pour rester cohérent :

- "useE2B": "Activer E2B Sandbox",
- "e2bDescription": "Exécuter le code Python à l'aide de Sandbox E2B",
- "e2bApiKey": "E2B APIKEY",
- "e2bApiKeyPlaceholder": "Entrez ici vos touches API E2B, comme E2B_1111XX *******",
- "e2bApiKeyHelp": "Allez sur e2b.dev pour obtenir votre apikey",
- "e2bApiKeyRequired": "Apikey doit être entré pour activer la fonction E2B"
+ "useE2B": "Activer le bac à sable E2B",
+ "e2bDescription": "Exécuter du code Python via le bac à sable E2B",
+ "e2bApiKey": "Clé API E2B",
+ "e2bApiKeyPlaceholder": "Saisissez votre clé API E2B, ex. e2b_1111xx*******",
+ "e2bApiKeyHelp": "Visitez e2b.dev pour obtenir votre clé API",
+ "e2bApiKeyRequired": "Une clé API est requise pour activer la fonctionnalité E2B"

src/renderer/src/i18n/fa-IR/settings.json (1)

388-394: Key casing is inconsistent with the rest of the file

Most keys follow camelCase starting with a lower-case letter (e.g. noFoldersSelected).
The newly-added Persian keys start with lower-case except e2bApiKey where the prefix e2b is lower-case and ApiKey is capitalised.
Please align with existing style (e2bApiKey → e2bApiKey is fine) or change all languages consistently (e.g. stick to e2bApiKey) to avoid lookup mistakes in the UI.

src/renderer/src/i18n/zh-HK/settings.json (1)

380-386: Minor translation placeholder typo

e2bApiKeyPlaceholder currently reads 這裡輸入你的E2B Api Keys，如 e2b_1111xx*****.

1. “Keys” plural may confuse users – the backend expects one key.
2. Missing space after E2B.

Consider: 在此輸入你的 E2B API Key，例如 e2b_1111xx*****

src/renderer/src/i18n/ru-RU/settings.json (1)

380-386: Mixed letter-case in new keys

"e2bApiKey" is lower-camelCase while the help string says Apikey.
For consistency and to help translators reuse keys, use the same casing everywhere (APIKey or apiKey, but be consistent across all locales).

src/renderer/src/components/mcp-config/mcpServerForm.vue (2)

595-600: Watcher leaves stale API key when E2B toggle is cleared

When a user unchecks “use E2B”, useE2B becomes false but e2bApiKey retains the previous value.
If the form is re-opened later, the key re-appears although E2B is off.

Option: automatically clear the key when useE2B switches from true→false.

watch(useE2B, checked => {
  if (!checked) e2bApiKey.value = ''
})

---

283-287: Validation ignores leading/trailing whitespace

isE2BConfigValid only checks .trim().length > 0 in the main form check, but the rule itself returns raw .length.
Calling trim() here avoids relying on the outer guard and guarantees consistency.

-  return e2bApiKey.value.trim().length > 0
+  return e2bApiKey.value.trim().length > 0

src/main/presenter/mcpPresenter/inMemoryServers/powerpackServer.ts (6)

55-67: Tighten the E2B input schema.

language is accepted as any string but only 'python' is supported. Restrict via .literal('python') or an enum to surface invalid requests early.

---

88-127: apiKey field is dead-code.

this.apiKey is assigned but never read – static analysis already flags it. Either drop the property or pass it to Sandbox.create({ apiKey }) (if the lib supports) to prevent bit-rot.

---

137-143: env.USE_E2B parsing misses common truthy values.

You treat only true/'true'. Consider also '1', 'yes', etc., or coerce via ['true','1','yes'].includes(String(env.USE_E2B).toLowerCase()) for robustness.

---

212-221: Logging path ignores the “Node only” case.

When both Bun and E2B are absent but Node exists, the warning message triggers before the later console.info. Move the “no runtime” branch after E2B/Node/Bun checks to avoid mixed logs.

---

223-234: Race-condition when multiple calls initialise E2B.

initialize() has a cheap early-exit but two concurrent startServer calls could both pass the isInitialized() check before either sets initialized. Guard with a mutex/Promise cache for certainty.

---

543-566: Return early for unsupported tool when E2B off.

You already gate the tool in ListTools, but defensive checks here are good. Consider returning a specific error code (e.g., UNSUPPORTED_TOOL) instead of a generic 400-style message to help the front-end distinguish config vs. execution failures.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 58da015 and 8384994.

📒 Files selected for processing (16)

• package.json (1 hunks)
• src/main/presenter/configPresenter/mcpConfHelper.ts (1 hunks)
• src/main/presenter/mcpPresenter/inMemoryServers/builder.ts (1 hunks)
• src/main/presenter/mcpPresenter/inMemoryServers/powerpackServer.ts (9 hunks)
• src/main/presenter/mcpPresenter/index.ts (1 hunks)
• src/main/presenter/mcpPresenter/mcpClient.ts (4 hunks)
• src/renderer/src/components/mcp-config/mcpServerForm.vue (8 hunks)
• src/renderer/src/i18n/en-US/settings.json (1 hunks)
• src/renderer/src/i18n/fa-IR/settings.json (1 hunks)
• src/renderer/src/i18n/fr-FR/settings.json (1 hunks)
• src/renderer/src/i18n/ja-JP/settings.json (1 hunks)
• src/renderer/src/i18n/ko-KR/settings.json (1 hunks)
• src/renderer/src/i18n/ru-RU/settings.json (1 hunks)
• src/renderer/src/i18n/zh-CN/settings.json (1 hunks)
• src/renderer/src/i18n/zh-HK/settings.json (1 hunks)
• src/renderer/src/i18n/zh-TW/settings.json (1 hunks)

🧰 Additional context used

🪛 GitHub Check: build-check (x64)

src/main/presenter/mcpPresenter/inMemoryServers/powerpackServer.ts

[failure] 92-92:
'apiKey' is declared but its value is never read.

🔇 Additional comments (6)

package.json (1)

55-59: Dependency version should be pinned or ranged more defensively

@e2b/code-interpreter is a network-facing package that ships fast-moving releases.
Using the loose caret range ^1.5.1 means any future minor bump (e.g. 1.6.x) will be installed automatically and could break the sandbox flow or Electron bundling without warning.

-    "@e2b/code-interpreter": "^1.5.1",
+    "@e2b/code-interpreter": "1.5.1",

Pinning the exact version keeps build reproducibility; you can upgrade deliberately once release-notes are reviewed.
Consider adding a renovate/dep-update rule instead of relying on semver guarantees.

src/main/presenter/mcpPresenter/mcpClient.ts (2)

538-545: eventBus.send argument order – double-check against the EventBus API

The new calls use the order (eventName, SendTarget.ALL_WINDOWS, payload).
If the internal signature is (target, eventName, payload) (very common in pub/sub helpers), these events will silently be lost or mis-routed.

Please verify:

// hypothetical definition
send(target: SendTarget, eventName: string, payload?: unknown)

If that’s the case, swap the first two arguments:

- eventBus.send(MCP_EVENTS.SERVER_STATUS_CHANGED, SendTarget.ALL_WINDOWS, {...})
+ eventBus.send(SendTarget.ALL_WINDOWS, MCP_EVENTS.SERVER_STATUS_CHANGED, {...})

---

589-592: Consistent shutdown status event

Good call emitting a final “stopped” status on explicit disconnect().
Once the order issue is verified/fixed, this part looks correct.

src/renderer/src/i18n/ko-KR/settings.json (1)

380-386: Double-byte vs ASCII underscore

E2B_1111XX in the placeholder contains ASCII underscore; ensure it is not accidentally replaced by a full-width character in some editors, otherwise copy-pasting may fail validation.

src/main/presenter/mcpPresenter/inMemoryServers/powerpackServer.ts (2)

14-14: Ensure packaging includes @e2b/code-interpreter.

Electron ASAR bundling can drop native/optional deps. Verify this module is declared in package.json (runtime & dev) and included in the build, otherwise the import will crash at runtime.

---

432-473: Tool list duplication when E2B disabled & no JS runtime.

If !useE2B and no Bun/Node, run_node_code is not pushed but run_python_code is always added. That is fine; however, the description for run_node_code remains in localisation even though the tool may be absent, potentially confusing the UI that lists all strings.

[coderabbitai]

Actionable comments posted: 3

♻️ Duplicate comments (2)

src/main/presenter/mcpPresenter/inMemoryServers/powerpackServer.ts (2)

318-327: Still unsafe access to stdout / stderr – same issue flagged previously

result.logs.stdout & stderr are dereferenced without checking they exist or are arrays. This reproduces the crash reported in the earlier review.

-      if (result.logs.stdout.length > 0) {
+      if (result.logs?.stdout?.length) {
...
-      if (result.logs.stderr.length > 0) {
+      if (result.logs?.stderr?.length) {

---

292-342: One sandbox per call – heavy cold-start cost

Sandbox.create() is invoked for every request, incurring ~1-2 s cold-start plus billing overhead. Unless you have strong isolation requirements, pooling a single sandbox (with idle-timeout / explicit kill) reduces latency & cost dramatically.
(Flagged in the previous review as well.)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8384994 and a8d6be0.

📒 Files selected for processing (1)

• src/main/presenter/mcpPresenter/inMemoryServers/powerpackServer.ts (9 hunks)

🧰 Additional context used

🪛 Gitleaks (8.26.0)

src/main/presenter/mcpPresenter/inMemoryServers/powerpackServer.ts

123-123: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: build-check (x64)

[coderabbitai]

🛠️ Refactor suggestion

run_code handler ignores the language argument & offers no timeout controls

The schema exposes language (default python) yet the handler:

const { code } = parsed.data
const result = await this.executeE2BCode(code)

• silently discards language – misleading for callers.
• offers no per-execution timeout; long-running notebooks will block the server.

Consider:

-            const { code } = parsed.data
-            const result = await this.executeE2BCode(code)
+            const { code, language } = parsed.data
+            if (language !== 'python') {
+              throw new Error(`Unsupported language "${language}". Currently only 'python' is allowed.`)
+            }
+            const result = await this.executeE2BCode(code /*, timeout? */)

🤖 Prompt for AI Agents

In src/main/presenter/mcpPresenter/inMemoryServers/powerpackServer.ts lines 480
to 502, the 'run_code' handler parses a 'language' argument but does not use it,
causing confusion, and lacks timeout controls for code execution, risking server
blocking. Update the handler to extract and pass the 'language' parameter to the
executeE2BCode method or equivalent, ensuring the execution respects the
specified language. Additionally, implement a timeout mechanism for the code
execution to prevent long-running tasks from blocking the server, such as using
a timer or cancellation token to abort execution after a set duration.

[coderabbitai]

⚠️ Potential issue

API key must be passed to Sandbox.create

Sandbox.create() supports { apiKey }. Omitting it means:

• The call will 401/403 in production.
• Users have no way to override via the UI even though you request it.

-      sandbox = await Sandbox.create()
+      sandbox = await Sandbox.create({ apiKey: this.e2bApiKey })

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	let sandbox: Sandbox | null = null
	try {
	sandbox = await Sandbox.create()
	const result = await sandbox.runCode(code)
	let sandbox: Sandbox | null = null
	try {
	sandbox = await Sandbox.create({ apiKey: this.e2bApiKey })
	const result = await sandbox.runCode(code)

🤖 Prompt for AI Agents

In src/main/presenter/mcpPresenter/inMemoryServers/powerpackServer.ts around
lines 292 to 296, the call to Sandbox.create() is missing the required apiKey
parameter. To fix this, modify the call to Sandbox.create() to include the
apiKey argument, passing the appropriate API key value so that the sandbox can
authenticate properly and avoid 401/403 errors in production.