Sandboxes
Sandboxes are isolated workspace runtimes managed by infrastrActure.
They exist to give users or agents a controlled execution environment without turning every workload into a long-lived shared service.
Role in the Platform
Lifecycle
| Stage | Meaning |
|---|---|
| create | allocate sandbox + metadata |
| running | runtime is active |
| paused | suspended to save resources |
| resumed | returned to active use |
| destroyed | fully removed |
Endpoints
| Method | Path |
|---|---|
GET | /api/sandboxes |
POST | /api/sandboxes |
GET | /api/sandboxes/:id |
PATCH | /api/sandboxes/:id |
DELETE | /api/sandboxes/:id |
POST | /api/sandboxes/:id/:action |
Runtime Access
The platform also exposes:
- runtime config
- runtime proxy auth
- runtime proxy routes
That allows the client to reach the sandbox runtime without directly knowing every internal detail of the container.
Security Model
Sandboxes are not shared tools.
They are:
- user or tenant scoped
- lifecycle managed
- isolated from one another
- represented separately in integration responses
For deeper internal hardening notes, see: