Loading...
Loading...
Create isolated execution environments for AI agents with configurable resource limits, network isolation levels, and comprehensive execution logging.
Choose an isolation level based on your security requirements. Higher isolation provides stronger guarantees but increases startup latency and resource overhead.
| Level | Technology | Startup Time | Use Case |
|---|---|---|---|
| process | Linux namespaces + seccomp | < 100ms | Quick tests, development iteration |
| container | OCI containers with gVisor | < 2s | Integration testing, CI/CD pipelines |
| microvm | Firecracker microVM | < 5s | Security-sensitive testing, untrusted agents |
| enclave | AWS Nitro / Intel SGX enclave | < 30s | Highest isolation, confidential computing |
Default Isolation
New sandboxes default to container isolation. This provides a strong security boundary suitable for most testing scenarios. Use microvm or enclave when testing untrusted or third-party agents.
Create a sandbox with resource limits, network policies, and an optional agent image. The sandbox is provisioned asynchronously and enters the ready state when available.
{
"name": "content-scanner-test",
"isolation": "container",
"agentId": "019agent-scanner-...",
"resources": {
"cpu": "2.0",
"memoryMb": 4096,
"diskMb": 10240,
"gpuEnabled": false
},
"network": {
"egressPolicy": "restricted",
"allowedDomains": [
"api.openai.com",
"api.anthropic.com",
"*.drd.io"
],
"blockLocalNetwork": true
},
"timeout": {
"maxDurationSeconds": 3600,
"idleTimeoutSeconds": 300
},
"environment": {
"DRD_ENV": "sandbox",
"MODEL_VERSION": "v2.1.0"
}
}
// Response
{
"ok": true,
"data": {
"id": "019sandbox-abcd-1234-...",
"name": "content-scanner-test",
"status": "provisioning",
"isolation": "container",
"resources": { "cpu": "2.0", "memoryMb": 4096, "diskMb": 10240 },
"endpoints": {
"exec": "wss://sandbox.drd.io/019sandbox-abcd-1234-.../exec",
"logs": "wss://sandbox.drd.io/019sandbox-abcd-1234-.../logs",
"metrics": "https://api.drd.io/v1/sandboxes/019sandbox-abcd-1234-.../metrics"
},
"createdAt": "2026-02-14T09:00:00Z"
}
}Resource limits prevent sandboxed agents from consuming excessive compute, memory, or storage. Limits are enforced at the runtime level and cannot be exceeded.
| Resource | Default | Maximum | Enforcement |
|---|---|---|---|
| CPU | 1.0 vCPU | 8.0 vCPU | Throttled at limit |
| Memory | 2048 MB | 32768 MB | OOM kill at limit |
| Disk | 5120 MB | 51200 MB | Write blocked at limit |
| Network Egress | 100 Mbps | 1 Gbps | Traffic shaped |
| Max Processes | 64 | 512 | Fork blocked at limit |
| Max Open Files | 1024 | 65536 | EMFILE at limit |
Sandboxes progress through defined lifecycle states. Each transition is recorded for audit purposes and emits a webhook event.
| State | Description | Transitions To |
|---|---|---|
| provisioning | Resources being allocated | ready, failed |
| ready | Sandbox available for use | running, terminated |
| running | Agent is actively executing | paused, completed, failed, terminated |
| paused | Execution suspended (preserves state) | running, terminated |
| completed | Agent finished execution normally | terminated |
| failed | Sandbox encountered an error | terminated |
| terminated | Resources released and cleaned up | (terminal) |
Execute commands or inject prompts into a running sandbox. All execution activity is logged with full stdout/stderr capture and resource utilization metrics.
{
"command": "python3 /app/agent.py --prompt 'Analyze this document'",
"stdin": "Document content here...",
"timeout": 60,
"captureOutput": true
}
// Response
{
"ok": true,
"data": {
"executionId": "019exec-mnop-...",
"exitCode": 0,
"stdout": "Analysis complete. The document contains...",
"stderr": "",
"durationMs": 3420,
"resourceUsage": {
"peakMemoryMb": 1247,
"cpuTimeMs": 2890,
"networkEgressBytes": 45200
}
}
}Execution Timeout
Commands that exceed the specified timeout are forcefully terminated. The sandbox itself remains running unless the overall sandbox timeout has been reached. Set appropriate timeouts to prevent runaway processes.
The DRD TypeScript SDK provides a streamlined interface for sandbox management with automatic cleanup and streaming log support.
import { DRDClient } from "@drd.io/sdk";
const drd = new DRDClient({ apiKey: process.env.DRD_API_KEY! });
// Create and start a sandbox
const sandbox = await drd.sandboxes.create({
name: "test-agent-v2",
isolation: "container",
agentId: "019agent-scanner-...",
resources: { cpu: "2.0", memoryMb: 4096 },
network: { egressPolicy: "restricted" },
});
await drd.sandboxes.start(sandbox.id);
// Execute a command
const result = await drd.sandboxes.exec(sandbox.id, {
command: "python3 /app/agent.py --test-suite full",
timeout: 120,
});
console.log(`Exit code: ${result.exitCode}`);
console.log(`Output: ${result.stdout}`);
// Stream logs in real-time
const logStream = drd.sandboxes.logs(sandbox.id, { follow: true });
for await (const line of logStream) {
console.log(`[${line.timestamp}] ${line.message}`);
}
// Clean up
await drd.sandboxes.terminate(sandbox.id);Capture sandbox state at any point and restore from snapshots for reproducible testing. Snapshots include filesystem state, environment variables, and execution context.
{
"name": "pre-adversarial-test",
"description": "Baseline state before adversarial prompt testing"
}
// Response
{
"ok": true,
"data": {
"snapshotId": "019snap-qrst-...",
"sandboxId": "019sandbox-abcd-1234-...",
"name": "pre-adversarial-test",
"sizeMb": 847,
"createdAt": "2026-02-14T10:00:00Z"
}
}
// Restore from snapshot
// POST /api/v1/sandboxes/:id/restore
{
"snapshotId": "019snap-qrst-..."
}
// Response
{
"ok": true,
"data": {
"id": "019sandbox-abcd-1234-...",
"state": "ready",
"restoredFrom": "019snap-qrst-...",
"restoredAt": "2026-02-14T10:05:00Z"
}
}