[ about · security ]
Real compute for code you can't trust
Agents and AI apps write code that has to run somewhere. CrowNest runs it in an isolated Linux sandbox, sealed off from your infrastructure and from every other sandbox.
[ why we built this ]
Why CrowNest exists
Letting an agent run the code it writes is useful and risky in equal measure. The code is untrusted by default, and one bad command should not be able to reach your infrastructure or another customer's sandbox. CrowNest makes that boundary the default, so you do not have to build it yourself.
[ security ]
How CrowNest contains the code it runs
Isolated by default
Every sandbox is its own boxed Linux environment with a private /workspace. Nothing is shared between runs or tenants, and it disappears when its TTL ends.
Scoped API keys
Keys carry singular resource:action scopes and can be restricted to a single project. Keys cannot mint more keys, so a leaked key has a bounded blast radius.
Authenticated previews
Exposing a port returns a URL that still requires an API key or a token-mode session to open.
Per-second metering and caps
Compute is metered in compute_unit_seconds and billed per second, with hard caps per bucket so a runaway loop cannot run up an unbounded bill.
Idempotent mutations
Create and run requests accept a Stripe-style idempotency key, so a retry resolves to the same result for 24 hours instead of doing the work twice.
Audit events
Every create, run, revoke, and kill is recorded, tombstones included, so you can reconstruct exactly what a sandbox did after it is gone.
[ contact ]
Security and contact
Found a vulnerability, or have questions about how we isolate and handle your data? Email tristan@crowlabs.tech. For how scopes, quotas, and usage work in practice, see the usage and billing docs.
Try it with your own code
Free $10 credit, no card. Create your first sandbox and run a command in minutes.