Documentation

Everything you need to get started with SandboxKit.

Quickstart

1. Install the CLI

$ npm install -g @sandboxkit/cli
# or
$ curl -fsSL https://sandboxkit.dev/install.sh | sh

2. Authenticate

$ sandboxkit login
# Opens browser for authentication
✓ Logged in as dev@example.com

3. Deploy your agent

$ sandboxkit deploy agent.py
⠿ Provisioning sandbox...
✓ Sandbox sbx_a1b2c3d4 ready in 12.4s

$ sandboxkit logs sbx_a1b2c3d4 --follow

REST API Reference

Base URL: https://api.sandboxkit.dev/v1

POST/sandboxes

Create and start a new sandbox for your agent.

REQUEST BODY

{
  "name": "my-agent",
  "source": "base64-encoded-file-or-git-url",
  "runtime": "python3.12",
  "limits": {
    "cpu": 2,
    "memory_mb": 4096,
    "max_cost_usd": 5.00,
    "timeout_minutes": 60
  },
  "policy": "default"
}

RESPONSE

{
  "id": "sbx_a1b2c3d4",
  "status": "provisioning",
  "created_at": "2026-03-06T08:12:00Z",
  "url": "https://sbx-a1b2c3d4.sandboxkit.dev"
}

GET/sandboxes

List all sandboxes in your account.

RESPONSE

{
  "sandboxes": [
    {
      "id": "sbx_a1b2c3d4",
      "name": "my-agent",
      "status": "running",
      "cpu_usage": 0.45,
      "memory_usage_mb": 1200,
      "uptime_seconds": 3600
    }
  ]
}

GET/sandboxes/{id}/logs

Retrieve logs from a sandbox. Supports streaming via SSE.

QUERY PARAMS

?follow=true      # Stream logs via SSE
&tail=100         # Number of lines from end
&since=2026-03-06T08:00:00Z

DELETE/sandboxes/{id}

Stop and destroy a sandbox. This action is irreversible.

RESPONSE

{
  "id": "sbx_a1b2c3d4",
  "status": "terminated",
  "terminated_at": "2026-03-06T09:12:00Z"
}

Python SDK

import sandboxkit

client = sandboxkit.Client(api_key="sk_live_...")

# Create a sandbox
sandbox = client.sandboxes.create(
    name="my-agent",
    source="./agent.py",
    runtime="python3.12",
    limits={"cpu": 2, "memory_mb": 4096},
)

print(f"Sandbox {sandbox.id} is {sandbox.status}")

# Stream logs
for line in sandbox.logs(follow=True):
    print(line)

# Stop when done
sandbox.stop()

Security Policies

Policies control what your agent can do inside the sandbox. The default policy is restrictive and secure.

Policy	Network	Filesystem	Syscalls
default	No egress	Read-only (except /tmp)	Restricted
relaxed	Allowlisted domains	Read-write in /workspace	Standard Linux
custom	User-defined rules	User-defined mounts	User-defined seccomp