Vibengine
Sandbox

Sandbox Overview

Understanding Vibengine cloud sandboxes

Sandbox Overview

A Vibengine Sandbox is a secure, isolated cloud environment powered by a lightweight Linux virtual machine. Each sandbox runs independently with its own filesystem, network stack, and process tree — giving you a safe space to execute arbitrary code without affecting your host infrastructure.

What is a Sandbox?

Think of a sandbox as an on-demand Linux server that spins up in milliseconds. You can:

  • Execute shell commands and scripts
  • Read and write files
  • Install packages and dependencies
  • Run web servers and access them over the internet
  • Interact with external APIs and services

Each sandbox is fully isolated. Code running in one sandbox cannot access or interfere with another sandbox.

Architecture

┌─────────────────────────────────────────────┐
│              Vibengine Cloud                 │
│                                             │
│  ┌───────────┐  ┌───────────┐  ┌─────────┐ │
│  │ Sandbox A │  │ Sandbox B │  │Sandbox C│ │
│  │           │  │           │  │         │ │
│  │ Filesystem│  │ Filesystem│  │Filesystem│ │
│  │ Network   │  │ Network   │  │Network  │ │
│  │ Processes │  │ Processes │  │Processes│ │
│  └───────────┘  └───────────┘  └─────────┘ │
│                                             │
│         Secure Isolation Layer               │
└─────────────────────────────────────────────┘

Key Concepts

Isolation

Every sandbox runs in its own microVM. This means:

  • Filesystem isolation — files in one sandbox are invisible to others
  • Process isolation — processes cannot escape the sandbox boundary
  • Network isolation — each sandbox gets its own network namespace

Sandbox ID

When you create a sandbox, it receives a unique Sandbox ID (e.g., sb_abc123). You can use this ID to:

  • Reconnect to a running sandbox from a different client
  • Monitor sandbox status
  • Share sandbox access across your application

Timeouts

Sandboxes have a configurable timeout that controls how long they stay alive:

  • Default timeout: 60 seconds
  • Maximum timeout: 24 hours
  • You can extend the timeout at any time while the sandbox is running using keepAlive

If no client is connected and the timeout expires, the sandbox is automatically stopped and its resources are reclaimed.

Templates

Sandboxes are created from templates. A template defines the base environment:

  • The default template provides a minimal Ubuntu environment
  • Custom templates let you pre-install languages, tools, and dependencies
  • Templates are built using ve template build from a Dockerfile

Lifecycle

Every sandbox follows a predictable lifecycle:

  1. Create — a new sandbox is provisioned from a template
  2. Running — the sandbox is active and accepting commands
  3. Timeout / Kill — the sandbox stops after timeout or explicit termination
  4. Stopped — resources are released

Sandboxes are ephemeral by default. When a sandbox stops, its filesystem and state are lost unless you explicitly use persistence features like pause and resume.

What Can You Build?

Vibengine sandboxes are designed for use cases such as:

  • AI code execution — let LLMs write and run code safely
  • Code interpreters — build interactive coding environments
  • CI/CD pipelines — run builds and tests in isolated environments
  • Data analysis — execute untrusted data processing scripts
  • Prototyping — spin up disposable dev environments on the fly

Next Steps

Upload Files

Upload files from your local machine into a Vibengine sandbox

Create a Sandbox

Different ways to create and configure sandboxes

On this page

Sandbox OverviewWhat is a Sandbox?ArchitectureKey ConceptsIsolationSandbox IDTimeoutsTemplatesLifecycleWhat Can You Build?Next Steps