EnterpriseP1PARTIAL
Sandbox OS
Every agent action runs in an isolated sandbox — Docker, SSH, Modal, Daytona, Vercel — auto-selected by risk class.
Agent run requests sandbox; policy.ts selects backend based on skill risk + tenant default; lease provisioned, run scoped to it, cost flows to ledger.
AI systems that power this domain
- risk-class → backend selector (shipped — DESTRUCTIVE forces DOCKER minimum)
- cost-ledger integration (shipped — SandboxLease.costUsd → cost-ledger.ts)
- lease lifecycle audit emission (shipped — sandbox_lease_completed event)
Category leaders we benchmark against
E2B · Modal · Daytona · RunPod · Replit Agent