A sandbox
per request.
The cloud-sandboxes plugin gives an agent a fresh Linux per request — Frontier, tenant-isolated, snapshot-resumable, signed at exit. Tree-sitter awareness in the shell tags each command with its language; reproducible filesystems mean the same input gives the same output, byte-for-byte.
one sandbox per request
frontier
tree-sitter-scoped
opt-in · clock + RNG pinned
The properties
that matter.
Hardened Linux (noble-aarch64 / noble-amd64). Frontier MicroVM per request.
Tree-sitter-aware bash. Each command tagged with its language; outputs structured.
Content-addressed overlay. Same inputs → same FS hash. Diffable, reproducible.
Opt-in: clock pinned, RNG seeded from request ID, network deterministic.
On exit, the full sandbox state is snapshotted, signed, and stored.
Per-request (default), per-conversation (opt-in), per-user (Habitat).
Agents drive the sandbox over the same CDP-style wire. Stream stdout/err/exit.
How you
describe it.
[brane.sandbox] substrate = "gaia" capability = "frontier" image = "omega/cloud-sandboxes:2.4.0" guest = "noble-aarch64"
What you
can rely on.
One sandbox per request
Bring-up is fast (Frontier with snapshot resume — 121 ms cold). Tear-down captures the full state. There's no shared mutable state between requests by default.
Reproducible filesystems and outputs
Opt into deterministic execution; the same agent input produces the same FS hash and the same stdout. CI for AI agents.
The shell understands code
Each shell line is parsed. The agent gets back structured outputs (stdin, stdout, stderr, exit, language) instead of raw bytes. Errors carry source spans.
Every artifact carries a chain
snapshot.vm + fs.diff + trace.span all signed by the brane and the substrate. Replay on a clean substrate; bisect failures byte-for-byte.