Lathe

ChatGPT has code interpreter. Claude has artifacts and computer use. Lathe brings the same class of capability to Open WebUI, with any model you choose, on infrastructure you control. One Python file, installed once by an admin. After that, every model on the server gets a full coding agent toolkit backed by a persistent cloud sandbox: shell, file editing, code search, web services, SSH, and a browser IDE. One sandbox per user, survives across conversations.

Why

The tools you expect, where you already work

Proprietary chat platforms bundle their coding agent capabilities behind closed ecosystems. Terminal-native agents like Claude Code and Codex are powerful but leave non-developers behind. Lathe occupies the space between: the conversational interface of a web chat with the full sandbox capabilities of a coding agent.

Like ChatGPT Code Interpreter

The model writes and runs code in a sandbox, right inside your chat conversation. No terminal needed. Users just talk.

Like Claude Code / Codex CLI

Full Linux VM with bash, file editing, git, package managers, and persistent state across sessions. Not a toy: a real machine.

Your models, your server

Works with any model your Open WebUI instance can reach, open-weight or proprietary. No vendor lock-in on the intelligence.

Multi-user from day one

Every user gets their own isolated sandbox. Admins install once; users don't configure anything. Built for shared deployments.

Explainer

What Lathe does

Narrated explainer, rendered from source on every push. Source

Demo

A real session

Live session capture: a real conversation on a real deployment. Source

Tools

What your agent can do

Thirteen tools, same caliber as the best proprietary agents. Each one runs against a persistent Linux sandbox that follows you anywhere your browser does.

lathe

Built-in manual. The model calls this to learn the sandbox model, workflows, and gotchas before its first real tool use.

bash

Run any shell command. Install packages, compile code, run tests, manage git repos.

read

Read files with line numbers. Supports offset/limit for large files.

write

Create or overwrite files. Parent directories are created automatically.

edit

Exact string replacement in files. Safer than rewriting the whole file.

glob

Search for files by pattern. Returns a hierarchical listing that collapses dense directories.

grep

Search file contents by regex. Returns matches grouped by file with line numbers.

interpret

Persistent Python REPL. Variables, imports, and definitions survive across calls within the same conversation. Built for iterative data exploration.

expose

One-step file browser ("dufs"), browser IDE ("code-server"), public URL for any web service ("http:<port>"), or time-limited SSH command ("ssh").

delegate

Hand off a multi-step task to a sub-agent that works the same sandbox in its own context window and reports back with a summary.

onboard

Load project context: always lists the directory, plus any agent instructions and skills it finds in the repo.

destroy

Wipe your sandbox VM and start fresh. Persistent volume data survives. Requires explicit confirmation.

handoff

Wrap up a long session. The model writes a structured handoff document you paste into a new conversation to pick up where you left off.

Delegation

Offloading multi-step work

Some tasks take many steps: cloning a repo, reading a dozen files, running tests, fixing failures, re-running. If the main agent does all of that inline, every intermediate result accumulates in the conversation, crowding out the parts you care about.

delegate() hands that work to a sub-agent: same model, same sandbox, but its own context window. The sub-agent works autonomously through however many steps it needs (up to 30), then sends a concise summary back as a single tool result.

Each delegated job runs in the foreground for a configurable timeout (default 30 seconds). If the sub-agent finishes quickly, the result comes back immediately. If it takes longer, the job moves to the background automatically, and the main agent stays responsive to you while the sub-agent keeps working. Background results are written to sidecar files in the sandbox that the main agent can check later.

The sub-agent gets bash, read, write, edit, glob, and grep. It can't expose URLs, destroy the sandbox, or spawn further sub-agents. Pass context_files to inject project docs directly into the sub-agent's prompt so it doesn't waste steps on orientation.

Interpreter

Persistent Python REPL

interpret() runs Python code in a persistent session tied to your conversation. Variables, imports, and function definitions survive across calls: define a DataFrame in one message, filter it in the next, plot it in a third. No re-importing, no re-loading.

This is the closest Lathe gets to ChatGPT's code interpreter experience. The model writes Python, executes it, sees the output, and iterates, all without leaving the chat. State resets when you start a new conversation (your sandbox files still persist, only the in-memory REPL session is per-chat).

When to use interpret vs bash

interpret()

Iterative exploration, data analysis, incremental computation. State carries over between calls. Pure Python.

bash()

Shell commands, package installs, git, running servers, anything that isn't Python or needs process isolation.

Limitations

Python only. For other languages, use bash().
No top-level await. The REPL runs synchronous Python. Use asyncio.run() if you need async.
No stdin. Interactive prompts (input()) will hang. Provide values in code.
Chat-scoped. State resets with each new conversation. Files written to disk persist; in-memory variables do not.

Recipes

Things to try

Real prompts you can send to a model with Lathe enabled. The model figures out which tools to call.

Build a web app "Build me a simple todo app with FastAPI and HTMX, then expose it so I can try it."
Browse & transfer files "Set up a file browser": one tool call installs dufs, starts it, and gives you a URL with drag-and-drop upload/download.
Work on a repo "Clone my repo, run the tests, and fix any failures."
Provide credentials Set env_vars in your user settings (e.g. {"GITHUB_TOKEN":"ghp_..."}). Every bash command gets them; the model never sees the values.
Go hands-on "Give me SSH access": get a command you can paste into your terminal or VS Code.
Full IDE in the browser "Set up code-server": one tool call installs code-server and gives you VS Code in a browser tab.
Explore data interactively "Load this CSV and show me the distribution of values in the status column": the model uses the persistent Python REPL to load, transform, and plot your data across multiple steps.
Delegate the hard stuff "Run the test suite and fix any failures": the model can hand this off to a sub-agent that works through the problem without cluttering your conversation.
Hand off a long session "Let's hand off to a fresh conversation": the model writes a structured summary you paste into a new chat. Your sandbox files are already there; the new agent picks up where you left off.

Persistence

Your workspace survives

ChatGPT's code interpreter resets every conversation. Lathe doesn't. Your sandbox is yours: files, installed packages, git repos, running servers. Start a conversation Monday, come back Wednesday, everything is where you left it.

The sandbox stops after ~15 minutes of idle, then archives about an hour later. Either way, the next tool call wakes it transparently: your files and installed packages survive both. Only running processes are lost. If you want a clean slate, ask the model to destroy it.

Your files persist, but conversation context doesn't. Every new chat starts cold. When a session runs long, ask the model to handoff: it writes a structured summary you paste into a fresh conversation, and the new agent picks up with full access to your sandbox.

Under the hood

Lathe takes a filesystem snapshot on the first tool call of each conversation, so it can detect what changed during the session. If a delegated task finishes in the background, a completion notice is automatically prepended to the next tool result the model sees, so it can reference background work without being explicitly told about it.

Configuration

User settings

Most users need zero configuration. But if you work with APIs or private repos, you can set environment variables that get injected into every shell command:

# In Open WebUI → Settings → Tools → Lathe → env_vars: {"GITHUB_TOKEN": "ghp_...", "OPENAI_API_KEY": "sk-..."}

Values are never shown to the model. They're exported in the shell preamble with single-quoted values to prevent expansion.

Deployment

For admins

Lathe is a single Python file (lathe.py) deployed as an Open WebUI Tool. It needs a Daytona API key and a deployment label. Configure these as admin Valves after install.

See the README for full deployment instructions, valve reference, and testing guide.