Skip to main content
A sandbox runtime is an isolated workspace for project work. Use it when work needs files, shell commands, or long-running execution.

Use this for

Lifecycle

Close sessions when work finishes so runtime capacity returns to the pool.

Work surfaces

Agent and tool use

Agents use sandboxes when they need a real filesystem, command-line tools, or external runtimes. Create a session when an agent tool first needs one. Pass project context so billing, isolation, and audit trails stay attached to the right project.

Security

  • Keep auth tokens server-side.
  • Scope sessions to the project that owns the work.
  • Reject paths outside the workspace.
  • Close idle sessions.
  • Store only artifacts the project needs after the session ends.

API reference