Skip to main content
CI/CD pipelines can use AI agents to review pull requests, generate tests, and validate code changes automatically. E2B sandboxes provide the secure, isolated execution environment where these agents can safely clone repositories, run untrusted code, and report results — all triggered by GitHub Actions on every pull request. Each run uses its own isolated sandbox, so malicious or buggy PR code never touches your CI runner.

GitHub Actions workflow

The workflow triggers on pull request events and runs a review script. E2B_API_KEY and the LLM API key are stored as GitHub Actions secrets, while the built-in GITHUB_TOKEN is available automatically. The permissions block grants write access so the script can post PR comments.

Review script

The workflow calls this script on every PR. It runs five steps inside an E2B sandbox, keeping all untrusted code isolated from the CI runner.
  1. Create sandboxSandbox.create() creates an isolated Linux environment for the review
  2. Clone the PRsandbox.git.clone() checks out the PR branch using x-access-token + GITHUB_TOKEN for authentication
  3. AI review — runs git diff inside the sandbox, sends the output to an LLM — swap the model for any provider via Connect LLMs
  4. Run testscommands.run() streams output in real time and throws on failure (CommandExitError / CommandExitException)
  5. Post results — comments the review on the PR via the GitHub REST API, then shuts down the sandbox

Git integration

Clone repos, manage branches, and push changes from sandboxes

Connect LLMs

Integrate AI models with sandboxes using tool calling

Custom templates

Build reproducible sandbox environments for your pipelines