Platform
Sandboxes
Safe, isolated execution.
A sandbox is the isolated environment where an agent's code runs. Each run gets its own sandbox, provisioned at start and torn down at the end.
What isolation gives you
- Containment. A run can't affect other runs, other workspaces, or the host.
- Reproducibility. Every run starts from the same base image with the same dependencies.
- Resource quotas. CPU, memory, disk, and network are bounded per sandbox.
What's inside
Every sandbox is provisioned with the things the agent needs and nothing else:
- The agent's code and current version.
- The resources you've declared.
- The tools it's allowed to call.
- Credentials to reach your own model provider, or ours.
Sandboxes are ephemeral by default: they're destroyed when the run finishes. Anything the agent needs to keep goes into the session or a durable resource.
Inspecting a sandbox
While a run is live, you can query its sandbox to see real-time resource use:
GET /api/v1/sandboxes/lists every sandbox in your workspace.GET /api/v1/sandboxes/{sandbox_id}returns status, resource use, and the run it's attached to.
Direct sandbox interaction is uncommon in day-to-day use; the endpoints above are mainly for inspection and debugging.