e2b-dev · mishushakov · Apr 22, 2026 · Apr 22, 2026 · Apr 23, 2026 · Apr 23, 2026
@@ -58,6 +58,9 @@ export type {
   SandboxListOpts,
   SandboxPaginator,
   SandboxNetworkOpts,
+  SandboxNetworkRule,
+  SandboxNetworkRuleTransform,
+  SandboxNetworkEntry,
   SandboxLifecycle,
   SandboxInfoLifecycle,
   SnapshotInfo,

@@ -33,15 +33,44 @@ export type GitHubMcpServer = {
   }
 }
 
+/**
+ * Transform applied to outbound requests matching a {@link SandboxNetworkRule}.
+ */
+export type SandboxNetworkRuleTransform = {
+  /**
+   * Headers to inject into the outbound request. Values override any headers
+   * already present on the request.
+   */
+  headers?: Record<string, string>
+}
+
+/**
+ * Structured egress rule for {@link SandboxNetworkOpts.allowOut}.
+ */
+export type SandboxNetworkRule = {
+  /** Host, CIDR block, or IP address the rule applies to. */
+  host: string
+  /** Ordered list of transforms to apply to requests matching this rule. */
+  transform?: SandboxNetworkRuleTransform[]
+}
+
+export type SandboxNetworkEntry = string | SandboxNetworkRule
+
 export type SandboxNetworkOpts = {
   /**
    * Allow outbound traffic from the sandbox to the specified addresses.
    * If `allowOut` is not specified, all outbound traffic is allowed.
    *
+   * Each entry is either a string (CIDR block, IP address, or host) or a
+   * structured {@link SandboxNetworkRule} that can additionally describe
+   * per-host request transforms (for example, header injection).
+   *
    * Examples:
-   * - To allow traffic to a specific addresses: `["1.1.1.1", "8.8.8.0/24"]`
+   * - Allow traffic to specific addresses: `["1.1.1.1", "8.8.8.0/24"]`
+   * - Allow a host and inject a header on matching requests:
+   *   `[{ host: "api.openai.com", transform: [{ headers: { Authorization: "Bearer ..." } }] }]`
    */
-  allowOut?: string[]
+  allowOut?: SandboxNetworkEntry[]
 
   /**
    * Deny outbound traffic from the sandbox to the specified addresses.

@@ -193,6 +193,50 @@ describe('allowPublicTraffic=true', () => {
   )
 })
 
+describe('allowOut transform injects headers', () => {
+  const injectedHeader = 'X-E2B-Test-Token'
+  const injectedValue = 'e2b-transform-value-123'
+
+  sandboxTest.scoped({
+    sandboxOpts: {
+      network: {
+        allowOut: [
+          {
+            host: 'httpbin.org',
+            transform: [
+              {
+                headers: {
+                  [injectedHeader]: injectedValue,
+                },
+              },
+            ],
+          },
+        ],
+      },
+    },
+  })
+
+  sandboxTest.skipIf(isDebug)(
+    'injected header is reflected by httpbin.org/headers',
+    async ({ sandbox }) => {
+      const result = await sandbox.commands.run(
+        'curl -sS --max-time 10 https://httpbin.org/headers'
+      )
+      assert.equal(result.exitCode, 0)
+
+      const parsed = JSON.parse(result.stdout) as {
+        headers: Record<string, string>
+      }
+      const reflected = parsed.headers[injectedHeader]
+      assert.equal(
+        reflected,
+        injectedValue,
+        `expected httpbin to reflect ${injectedHeader}=${injectedValue}, got headers: ${JSON.stringify(parsed.headers)}`
+      )
+    }
+  )
+})
+
 describe('maskRequestHost option', () => {
   sandboxTest.scoped({
     sandboxOpts: {

@@ -79,7 +79,10 @@
     SandboxInfoLifecycle,
     SandboxMetrics,
     SandboxLifecycle,
+    SandboxNetworkEntry,
     SandboxNetworkOpts,
+    SandboxNetworkRule,
+    SandboxNetworkRuleTransform,
     SandboxQuery,
     SandboxState,
     SnapshotInfo,
@@ -183,6 +186,9 @@
     "FileType",
     # Network
     "SandboxNetworkOpts",
+    "SandboxNetworkRule",
+    "SandboxNetworkRuleTransform",
+    "SandboxNetworkEntry",
     "SandboxLifecycle",
     "ALL_TRAFFIC",
     # Snapshot