[ ai agent sandbox · isolated compute ]
Give your AI agent a sandbox it cannot escape
When an agent writes code, it needs somewhere safe to run it. CrowNest hands each agent run an isolated Linux sandbox with real compute and a filesystem, walled off from your infrastructure and gone on a TTL.
[ why a sandbox ]
What an agent actually needs to run code
Isolation by default
Every sandbox is its own boxed Linux environment. Nothing is shared between runs and nothing leaks back to your stack.
A real computer
Not a stripped eval. The agent gets a filesystem, a package manager, and processes, so it can build and run what it writes.
Streamed feedback
Stream stdout and stderr back into the agent loop as the command runs, so the model can react to errors mid-task.
Gone on a TTL
Sandboxes expire on a requested lifetime. Logs and collected artifacts stay; the live machine does not linger or bill.
[ the loop ]
Drop it straight into the agent loop
Create a sandbox with a short TTL, run the model's code, stream the output back so the agent can self-correct, then tear it down. The same pattern works for one agent or thousands of parallel runs.
import { createCrowNestClient } from "@crownest/sdk";
const client = createCrowNestClient();
const sandbox = await client.sandboxes.create({
template: "python",
ttlMs: 5 * 60_000, // five-minute blast radius
});
// hand the model's code to a real machine and stream the result back
const run = await sandbox.commands.run("python3 solution.py", {
onStdout: (chunk) => agent.observe(chunk),
});
if (run.exitCode !== 0) await agent.repair(run.stderr);
await sandbox.kill();[ control ]
Control the blast radius
Scoped API keys
Issue keys with singular resource:action scopes, restricted to a project. Keys cannot create more keys.
Quotas and caps
Meter compute_unit_seconds per second and set hard caps per bucket so an agent loop cannot run away.
Audit events
Every create, run, revoke, and kill is recorded, tombstones included, so a misbehaving run is traceable.
Authenticated previews
If the agent starts a server, expose it as a URL that still requires an API key or a token-mode session.
[ questions ]
AI agent sandbox FAQ
- What is an AI agent sandbox?
- It is an isolated Linux environment where an AI agent can run the code it writes without touching your infrastructure. The agent creates a sandbox, runs commands, reads the output, and the sandbox is destroyed on a TTL or when the agent kills it.
- Why not let the agent run code on my own servers?
- Model-generated code is untrusted by default. A sandbox contains it: each run is boxed, scoped to one /workspace, and removed afterward, so a bad command cannot reach your data or other runs.
- Can the agent install packages and write files?
- Yes. The sandbox is a real machine. The agent can pip or npm install, write files in /workspace, run a build, and start a server, all within the limits you set.
- How do I keep one agent run from spending too much?
- Set per-second quotas and hard caps per bucket, restrict API keys to a project, and give every sandbox a short TTL. Usage is metered in compute_unit_seconds so you can see exactly where credits go.
Run your agent's code somewhere safe
Start with a free $10 credit and no card. Wire one sandbox into your agent and watch it run code in minutes.