> ## Documentation Index
> Fetch the complete documentation index at: https://docs.cassidyai.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Control Code Execution and File Creation

> Configure whether Agents can access the internet when they analyze data, process files, or install packages.

Admins can control whether an [Agent](/agents/overview)'s **Code Execution & File Creation** setting can access the internet while it analyzes data, processes files, or creates documents. Use these settings to balance security with the flexibility to install packages or reach approved external domains.

<Info>
  Code Execution & File Creation internet access settings apply to new chats and
  new code sessions. Existing chats that already have a running session keep
  their current network access until a new session starts.
</Info>

## Availability

**Code Execution & File Creation** is enabled by default for new custom Agents. You can turn it on or off for an individual Agent from the Agent editor under **Customize** > **Advanced Settings**.

Organization admins control the internet access policy separately from the Agent-level feature toggle. New organizations start with internet access enabled for package managers and any custom domains you add. Organizations created before this setting was introduced keep their existing all-domain internet access until an admin changes it.

## Configure network access

<Steps>
  <Step title="Open organization settings">
    Click your account name at the bottom of the sidebar, then click the gear icon next to your organization name.
  </Step>

  <Step title="Go to Controls">
    In **Organization Settings**, click **Controls** under the **Admin** section.
  </Step>

  <Step title="Choose whether internet access is enabled">
    Use **Enable internet access** to control whether Agent sandboxes can reach the internet at all.

    Turn this off to block all outbound internet access. Agents can still analyze data, process files, and create documents using pre-installed packages.

    More restrictive settings reduce risk, but may prevent package installs or external data access that some file and data tasks need.
  </Step>

  <Step title="Choose allowed domains">
    If internet access is enabled, choose one of the allowed domain options:

    * **None** — Allows only the custom domains you add. If you do not add domains, the sandbox cannot reach external domains.
    * **Package managers + custom domains** — Allows package install domains plus any domains you add.
    * **All domains** — Allows unrestricted outbound internet access.
  </Step>

  <Step title="Add custom domains if needed">
    When using **None** or **Package managers + custom domains**, add any extra domains your Agents need to reach, such as `api.example.com` or `*.example.com`.

    Click **Add** after each domain.
  </Step>
</Steps>

## Choosing a network access level

Start with stricter access when Agents handle sensitive files or should not contact external systems while processing data. Expand access only when a team needs package installs, approved APIs, or company-approved data sources.

* **Internet access off** gives the strongest isolation.
* **None** allows only the custom domains you add.
* **Package managers + custom domains** gives teams controlled flexibility.
* **All domains** gives the most flexibility, but carries the highest risk.

## Important limitations

Network access controls apply to Code Execution & File Creation sessions. They do not control Web Search, web fetch, MCP connectors, or other Connectors.

<Tip>
  If you change code execution internet access while testing an Agent, start a
  new chat before verifying the new behavior.
</Tip>

## Related

<CardGroup cols={2}>
  <Card title="Code Execution & File Creation" icon="terminal" href="/agents/advanced/code-execution-file-creation">
    Learn how Agents analyze data, generate files, and process large results.
  </Card>

  <Card title="Enterprise readiness" icon="building-shield" href="/security/enterprise-readiness">
    Review Cassidy security, governance, and admin controls.
  </Card>

  <Card title="Assign roles and groups" icon="users-gear" href="/settings/roles-and-groups">
    Control who can access organization settings.
  </Card>
</CardGroup>
