Use this for
Lifecycle
Close sessions when work finishes so runtime capacity returns to the pool.
Work surfaces
Agent and tool use
Agents use sandboxes when they need a real filesystem, command-line tools, or external runtimes. Create a session when an agent tool first needs one. Pass project context so billing, isolation, and audit trails stay attached to the right project.Security
- Keep auth tokens server-side.
- Scope sessions to the project that owns the work.
- Reject paths outside the workspace.
- Close idle sessions.
- Store only artifacts the project needs after the session ends.