II.
Sandbox overview
Reference · livesandbox:default-container
Default container sandbox overview
Standard container-backed sandbox with a workspace-only filesystem overlay, a curated network allowlist for package managers, and a deny-list for the obvious shell-out vectors.
Attributes
displayName
Default container sandbox
filesystemPolicy
sandboxed
networkPolicy
allowlist
description
Standard container-backed sandbox with a workspace-only filesystem
overlay, a curated network allowlist for package managers, and a
deny-list for the obvious shell-out vectors.
fsAllowList
- /workspace/**
- /tmp/**
- /home/agent/.cache/**
fsDenyList
- /etc/shadow
- /root/**
- **/.ssh/**
netAllowList
- registry.npmjs.org
- *.pypi.org
- github.com
- api.anthropic.com
- api.openai.com
netDenyList
- 169.254.169.254
execAllowedBinaries
- node
- npm
- python
- python3
- pip
- git
- bash
execDeniedBinaries
- sudo
- su
- mount
- kmod
envVarScope
inherit-allowlist
secretAccessScope
named
auditLogPolicy
structured-jsonl
policyEvaluationPoint
pre-call
Outgoing edges
realizes1
- layer:9-sandbox·LayerSandbox
Incoming edges
executes_in1
- invocation:01kqex-invocation-001·Invocation
sandboxed_by1
- execution:docker-default·ExecutionDocker (default container)