Sandboxes

Sandboxes are the core primitive of Akira - isolated execution environments where untrusted code can run safely.

What is a Sandbox?

A sandbox is a lightweight, hardware-isolated micro-VM that provides:

Full Linux environment - Standard shell, filesystem, networking
Complete isolation - No access to host system or other sandboxes
Fast startup - Boot in under a second
Resource controls - CPU and memory limits

Think of sandboxes as disposable computers. Create them, use them, delete them. Perfect for running untrusted AI-generated code.

Architecture

┌────────────────────────────────────────────────┐
│                  Host System                    │
│  ┌──────────────────────────────────────────┐  │
│  │            Hardware Isolation             │  │
│  │  ┌────────┐ ┌────────┐ ┌────────┐       │  │
│  │  │Sandbox │ │Sandbox │ │Sandbox │  ...  │  │
│  │  │  VM    │ │  VM    │ │  VM    │       │  │
│  │  │        │ │        │ │        │       │  │
│  │  │ Linux  │ │ Linux  │ │ Linux  │       │  │
│  │  │ + Code │ │ + Code │ │ + Code │       │  │
│  │  └────────┘ └────────┘ └────────┘       │  │
│  └──────────────────────────────────────────┘  │
└────────────────────────────────────────────────┘

Each sandbox runs in its own micro-VM with hardware-level isolation. A compromised sandbox cannot affect:

The host system
Other sandboxes
Your infrastructure

Isolation Model

Hardware Isolation

Sandboxes use hardware virtualization (not containers) for strong isolation:

Approach	Isolation Level	Escape Risk
Containers	Process-level	Moderate - kernel vulnerabilities
VMs	Hardware-level	Low - hypervisor bugs only
Akira Sandboxes	Hardware-level	Low - micro-VM with minimal attack surface

Network Isolation

By default, sandboxes have:

Outbound internet access - Can reach external services
No inbound access - Cannot be reached from outside
No inter-sandbox access - Sandboxes cannot communicate

Filesystem Isolation

Each sandbox has its own filesystem:

Root filesystem from the selected image
Writable overlay for modifications

Sandbox Lifecycle

Create → Running → Execute → Delete
           ↑          ↓
           ├── Snapshot (save state)
           └── Clone (duplicate)

Create - Provision VM with image and configuration
Running - Sandbox is ready for commands
Execute - Run commands, upload/download files
Snapshot - (Optional) Save state for later
Clone - (Optional) Create an identical copy
Delete - Terminate and release resources

Images

Sandboxes boot from images - pre-built filesystem snapshots:

Image	Contents
`akiralabs/akira-default-sandbox`	Ubuntu base, common tools

Resource Management

CPU

Sandboxes are allocated CPU cores:

const sandbox = await client.sandboxes.create({
  image: 'akiralabs/akira-default-sandbox',
  resources: {
    cpus: 2,  // 2 CPU cores
  },
});

Memory

Memory is allocated in MB:

const sandbox = await client.sandboxes.create({
  image: 'akiralabs/akira-default-sandbox',
  resources: {
    cpus: 2,
    memory: 4096,
    storage: 20,  // 20 GB storage
  },
});

Best Practices

Treat Sandboxes as Disposable

Don't store important data in sandbox filesystems. Use snapshots for persistence.

Right-size resources - Don't over-provision CPU/memory
Set timeouts - Prevent runaway sandboxes
Use snapshots - Save state before important changes
Delete promptly - Clean up when work is complete
Snapshot important states - Backup before risky operations

Use Cases

AI Code Execution - Run LLM-generated code safely
Build Pipelines - Isolated CI/CD environments
Development - Throwaway dev environments
Testing - Parallel test execution
Exploration - Safe environment for experiments

Next Steps

Create your first sandbox
Learn about snapshots for persistence
Understand the security model

Execute Commands Security