SANDBOXES

Safe code execution for AI agents

Persistent container environments with warm pools, resource limits, and full audit trails. Hardened by default.

Get Started
Sandboxes list showing running and stopped instances with resource usage and recent activity

Sandbox instances with live status, resource allocation, and recent commands

HOW IT WORKS

Production-grade execution environments

Persistent Containers

Each sandbox gets a dedicated volume that survives stops and restarts. Session affinity ensures the same agent session reuses the same sandbox via session keys — no work is ever lost between tool calls.

Sandbox settings showing provider configuration, resource quotas, and timeout policies

Configure sandbox provider, resource quotas, and idle timeouts

Warm Pool Architecture

Pre-warmed containers sit ready in a pool. When an agent needs a sandbox, allocation is sub-second — no cold starts. The lifecycle manager automatically replenishes the pool and cleans up idle sandboxes.

Warm Pool

Pre-warmed containers ready

Allocate

Sub-second, no cold start

Execute

Agent runs code safely

↻ Lifecycle Manager: auto-replenish pool · stop idle · destroy expired

Security Hardened

Every sandbox is locked down by default. No network access, no root privileges, no writable system files. Every command execution is logged with exit code, stdout, stderr, duration, and file changes.

Read-only root filesystem
Non-root user (uid 1000)
Network disabled by default
Dropped Linux capabilities
Path traversal protection
Full execution audit log
Resource limits (CPU/mem)
Configurable timeouts

File Management

Upload data files, execute code against them, and download results. The API tracks every file created or modified during execution. Build multi-step workflows: upload CSV → analyze → download chart.

POST/api/v1/sandboxes/{id}/exec
// Request
{
"command": "python analyze.py --input data.csv",
"timeout_seconds": 300
}
200 OK · 2.3s
{
"exit_code": 0,
"stdout": "Analysis complete. 1,234 rows.",
"duration_ms": 2341,
"files_changed": [{
"path": "outputs/chart.png",
"action": "created",
"size_bytes": 45678
}]
}
Tracks every file change automatically

Pre-built Image Catalog

Choose from pre-built sandbox images: Skills Runtime (Python, Node.js, pre-installed packages) or Data Science (pandas, numpy, scipy, scikit-learn). Import with one click — the image builds locally from included package specs.

Sandbox image catalog — Skills Runtime and Data Science images ready to import

API REFERENCE

Complete REST API

Create, execute, and manage sandboxes. Upload files, install skills, track every operation.

POST/api/v1/sandboxes
// Request
{
"image": "mcpgateway/sandbox-python:3.12",
"memory_mb": 512,
"idle_timeout_seconds": 1800,
"session_key": "agent-session-abc"
}
201 Created
{
"id": "f1e2d3c4-...",
"status": "running",
"workspace_path": "/workspace"
}
Session affinity via session_key
POST/api/v1/sandboxes/{id}/exec
// Request
{
"command": "python main.py"
}
200 OK · 1.2s
{
"exit_code": 0,
"stdout": "Done.",
"duration_ms": 1234
}
Structured output with timing
POST/api/v1/sandboxes/{id}/skills
// Request
{
"skill_ids": ["abc123..."]
}
200 OK
{
"installed": ["data-analyzer"],
"already_installed": []
}
Skills extracted to /workspace
PUT/api/v1/sandboxes/{id}/files/data.csv
// Headers
Content-Type: application/octet-stream
[raw binary body]
204 No Content
// No response body
Upload any file to /workspace
GET/api/v1/sandboxes/{id}/files?path=/workspace/outputs
// No request body
200 OK
[
{ "name": "chart.png", "type": "file", "size": 45678" },
{ "name": "report.csv", "type": "file", "size": 12345 }
]
Browse sandbox filesystem via API

Ready to give your agents a safe place to execute?

Persistent sandboxes with warm pools, security hardening, and full audit trails.

Get StartedTalk to Us