Lathe

A coding agent surface for Open WebUI. Your model gets real tools. Your files persist. You never touch a terminal.

Lathe is an Open WebUI toolkit — a single Python file your admin installs once. After that, every model on the server can run shell commands, edit code, preview web apps, transfer files, and SSH into a persistent cloud sandbox. One sandbox per user, survives across conversations.

This video was produced by an agent using Lathe, inside its own sandbox. Story →

Architecture

Chat in, code out

You talk to a model in Open WebUI. The model calls Lathe's tools — bash, write, edit, read, preview, and more. Every tool call executes in a cloud VM that belongs to you, managed by Daytona.

┌─────────────┐ tool calls ┌─────────────┐ API ┌──────────────┐ │ You (chat) │───────────────▶│ Lathe │────────▶│ Your sandbox │ │ Open WebUI │◀───────────────│ (OWUI tool) │◀────────│ (Daytona VM) │ └─────────────┘ tool results └─────────────┘ stdout └──────────────┘

The sandbox starts automatically on your first tool call and persists indefinitely. Files you create in one conversation are still there in the next. The sandbox idles after 15 minutes and archives after an hour, but wakes transparently whenever you need it.

Tools

What your model can do

These are real tools the model calls — not prompt tricks. Each one runs server-side against your sandbox VM.

bash

Run any shell command. Install packages, compile code, run tests, manage git repos.

read

Read files with line numbers. Supports offset/limit for large files.

write

Create or overwrite files. Parent directories are created automatically.

edit

Exact string replacement in files. Safer than rewriting the whole file.

attach

Show a file to you without burning the model's context. Syntax highlighting, image preview, or download card.

ingest

Upload a file from your machine or paste text directly into the sandbox.

preview

Get a live URL for a web server running in your sandbox. See your app in the browser.

ssh

Get a time-limited SSH command for direct terminal access. Works with VS Code Remote too.

onboard

Load project context and agent skills from your repo's conventions.

destroy

Wipe your sandbox and start fresh. Requires explicit confirmation.

Recipes

Things to try

These are starting points — real prompts you can send to a model with Lathe enabled. The model figures out which tools to call.

Build a web app "Build me a simple todo app with FastAPI and HTMX, then preview it."
Analyze data Use ingest to upload a CSV, then ask the model to analyze it with pandas and attach a chart.
Work on a repo "Clone my repo, run the tests, and fix any failures."
Provide credentials Set env_vars in your user settings (e.g. {"GITHUB_TOKEN":"ghp_..."}) — every bash command gets them, the model never sees the values.
Go hands-on "Give me SSH access" — get a command you can paste into your terminal or VS Code.
Share a file "Attach the generated report" — see the file inline without it entering the conversation context.

Persistence

Your workspace survives

Unlike ephemeral code interpreters, your Lathe sandbox is yours. It has your files, your installed packages, your git repos, your running servers. Start a conversation Monday, come back Wednesday — everything is where you left it.

The sandbox sleeps when idle (15 min default) and archives after an hour. The next tool call wakes it transparently. If you want a clean slate, ask the model to destroy it.

Configuration

User settings

Most users need zero configuration. But if you work with APIs or private repos, you can set environment variables that get injected into every shell command:

# In Open WebUI → Settings → Tools → Lathe → env_vars: {"GITHUB_TOKEN": "ghp_...", "OPENAI_API_KEY": "sk-..."}

Values are never shown to the model. They're exported in the shell preamble with single-quoted values to prevent expansion. Your system prompt can reference $GITHUB_TOKEN by name without leaking the secret.

Deployment

For admins

Lathe is a single Python file (lathe.py) deployed as an Open WebUI Tool. It needs a Daytona API key and a deployment label. Configure these as admin Valves after install.

See the README for full deployment instructions, valve reference, testing guide, and design docs.