Sandbox Definition

A Sandbox Definition is a YAML document that describes the complete topology of a Sandbox: its workloads, networking endpoints, shared volumes, external resources, and customization policies.

The definition is the authoritative source of truth for everything inside a sandbox. It is stored in a Template or directly in a sandbox, and can be edited at any time through the Web Console or the CLI (cs sandbox edit).

Structure Overview

overview: Optional markdown description shown in the Web Console.

env:
- KEY=VALUE             # Shared environment variables

volumes:
- name: ...             # Named volumes shared across workloads

endpoints:
- name: ...             # External-facing HTTP or TCP endpoints

workspaces:
- name: ...             # Developer workspaces

dependencies:
- name: ...             # Managed services (MySQL, Postgres, etc.)

containers:
- name: ...             # Custom Docker containers

resources:
- name: ...             # External cloud resources

customizations:
- flavor: ...           # Flavors, lockdown, MCP, LLM agent, etc.

The name field of every workload — workspace, dependency, or container — must be unique across the entire definition, regardless of type. Endpoints use a separate namespace.

Top-Level Fields

Field Type Description
overview string Optional Markdown overview displayed in the Web Console.
env string[] Shared environment variables in KEY=VALUE format. Environment variable expansion is supported (e.g. PATH=/opt/app:${PATH}).
volumes Volume[] Named volumes that can be mounted into containers.
endpoints Endpoint[] External/Internet-facing endpoints that expose ports from workloads.
workspaces Workspace[] Developer workspace workloads.
dependencies Dependency[] Managed dependency services.
containers Container[] Workloads launched from container images.
resources ResourceGroup[] External resources whose lifecycle is tied to the sandbox.
customizations Customization[] Policies and customizations (flavors, lockdown, MCP servers, etc.).

Environment Variables Example

env:
- APP_ENV=development
- DATABASE_URL=postgres://db:5432/app
- LOG_LEVEL=debug
- FULL_PATH=/opt/app/bin:${PATH}   # Expansion supported

Environment variables defined here are injected into all workloads in the sandbox. Individual workloads can also define their own env entries, which are appended after these.

Workspace

A Workspace is the primary Linux environment for a developer. It has a full root filesystem, a built-in SSH server and WebIDE, support for source code checkouts, automated builds, background daemons, and cron jobs.

See Workspace Automation for full details on the start sequence.

Field Type Description
name string Required. Unique name across all workloads. Also used as the hostname in the sandbox private network.
description string Human-readable description.
base_snapshot string Name of the snapshot or oci://REGISTRY/IMAGE:TAG used as the workspace root filesystem.
home_snapshot string Name of the snapshot used to populate the home directory.
ports PortSpec[] Ports exposed by this workspace, referenced by endpoints.
checkouts Checkout[] Source code repositories to check out automatically.
port_forward_rules PortForwardRule[] Rules that forward remote addresses to localhost inside the workspace.
env string[] Workspace-scoped environment variables (appended to sandbox-level env).
probes ServiceProbes Health and readiness probes for this workspace.
hostnames string[] Additional hostnames for this workspace in the sandbox network.
wait_for string[] Names of workloads that must be ready before this workspace starts.
schedule_spec ScheduleSpec Node pool selector and resource requirements (Enterprise Edition).
system Workspace.System System-level daemons and injected files.
disable_service_linking_envs boolean If true, service linking environment variables are not generated.
restriction Workspace.Restriction Restriction Mode — limits access to admins only during startup or whole lifetime.
lifecycle Workspace.Lifecycle Lifecycle hooks for on_create, on_delete, on_suspend, and on_resume.

Workspace Example

workspaces:
- name: dev
  base_snapshot: ubuntu-dev-base
  home_snapshot: team-home
  ports:
  - name: web
    port: 8080
    protocol: HTTP/TCP
  - name: api
    port: 9000
    protocol: HTTP/TCP
  env:
  - NODE_ENV=development
  wait_for:
  - mysql
  checkouts:
  - path: app
    repo:
      git: git@github.com:example-org/app
    manifest:
      overlays:
      - inline:
          hooks:
            post-checkout:
              cmd: npm install
            build:
              cmd: npm run build
          daemons:
            server:
              run:
                cmd: npm start

In this example, the dev workspace:

  1. Starts with the ubuntu-dev-base root filesystem snapshot.
  2. Waits for mysql to be ready before proceeding with its start sequence.
  3. Checks out app into ~/app.
  4. Runs npm install after checkout, then npm run build.
  5. Launches npm start as a persistent daemon after the build succeeds.
  6. Exposes port 8080 as web and port 9000 as api for use in endpoints.

Workspace.System

System-level configuration injected at workspace startup.

Field Type Description
daemons GlobalProcess[] Background processes launched at system level (as root) before checkout tasks.
files SetupFile[] Files injected into the filesystem after snapshots are applied.

File Injection Example

workspaces:
- name: dev
  system:
    files:
    - path: /etc/sandbox.d/setup
      mode: '0755'
      overwrite: true
      content: |
        #!/bin/bash
        echo "Configuring system..."
        apt-get install -y my-tool
    - path: ~/.config/app/config.yaml
      mode: '0644'
      template: |
        user: {{env "$SANDBOX_OWNER_EMAIL"}}
        token: {{secret "api-token"}}

Workspace.Lifecycle

Hooks that run during sandbox lifecycle transitions for this workspace. See Lifecycle for full details.

Field Type Description
on_create Lifecycle.Handler Runs when the sandbox is first created.
on_delete Lifecycle.Handler Runs when the sandbox is deleted.
on_suspend Lifecycle.Handler Runs before the sandbox is suspended.
on_resume Lifecycle.Handler Runs after the sandbox is resumed.

Lifecycle.Handler

Field Type Description
run Run The command to execute. Runs as the owner user in the home directory. The environment variable $SANDBOX_LIFECYCLE is automatically set to CREATING, SUSPENDING, RESUMING, or DELETING.
max_retries integer Maximum number of automatic retries on failure. If unspecified, no retries are attempted.
require_build boolean Only for on_create: if true, waits until all build hooks complete before running.
timeout string Maximum total duration including retries (e.g. 300s). If unspecified, there is no timeout.

Workspace.Restriction

Controls Restriction Mode, which blocks non-admin access to this workspace and mounts Admin Only secrets. See Restriction Mode for full details.

Field Type Description
life_time enum STARTUP — active only during sandbox creation; exits when cs sandbox restriction disable is called. ALWAYS — the workspace is permanently accessible to admins only and never exits Restriction Mode.

Dependency

A managed service (such as a database or cache) that is pre-configured for development use. Dependencies are accessible to all workloads in the sandbox via their name as a hostname.

Field Type Description
name string Required. Unique name across all workloads. Also used as the hostname. Must follow DNS-1123 naming rules.
description string Human-readable description.
service_type string Required. The service type (e.g. mysql, postgres, redis, mongodb). Use cs depsvc list or the Web Console to see available types.
version string Specific version to use. If omitted, a default version is applied.
properties map[string]string Service-specific configuration (e.g. database name, username, password). All are optional; defaults vary by service type.
snapshot string Snapshot name to restore service data from.
schedule_spec ScheduleSpec Node pool selector and resource requirements (Enterprise Edition).
hostnames string[] Additional hostnames for this service in the sandbox network.

Dependency Example

dependencies:
- name: mysql
  service_type: mysql
  version: '8.3'
  properties:
    database: myapp
    username: app
    password: secret
- name: cache
  service_type: redis
  version: '7'

Both mysql and cache are accessible from any workspace directly by hostname:

mysql -h mysql -u app -psecret myapp
redis-cli -h cache

Container

A workload launched from any Docker container image. Unlike typical container runtimes, Crafting containers persist their root filesystem by default — files survive restarts unless volatile: true is set.

Field Type Description
name string Required. Unique name across all workloads. Also used as the hostname.
description string Human-readable description.
image string Required. Container image. Formats: [FOLDER/]NAME[:TAG] (resolved via Docker Hub by default), or HOST/FOLDER/NAME[:TAG] for a specific registry. If TAG is omitted, latest is used.
entrypoint string[] Overrides the image ENTRYPOINT. These are argv[0..] of the process.
args string[] Overrides the image CMD. Appended to argv.
env string[] Environment variables in NAME=VALUE format. Environment expansion is supported.
cwd string Working directory for the container process.
ports PortSpec[] Ports exposed by this container, referenced by endpoints.
probes ServiceProbes Health and readiness probes.
volume_mounts VolumeMount[] Volumes to mount into this container.
run_as UserContext User and/or group to run the container as.
snapshot string Snapshot name to restore volumes from.
hostnames string[] Additional hostnames in the sandbox network.
wait_for string[] Names of workloads that must be ready before this container starts.
schedule_spec ScheduleSpec Node pool selector and resource requirements (Enterprise Edition).
disable_service_linking_envs boolean If true, service linking environment variables are not generated.
volatile boolean If true, the root filesystem resets to the original image on each restart (no persistence).

Container Example

containers:
- name: sqlpad
  image: sqlpad/sqlpad:latest
  env:
  - SQLPAD_AUTH_DISABLED=true
  - SQLPAD_CONNECTIONS__mysql__name=MySQL
  - SQLPAD_CONNECTIONS__mysql__driver=mysql2
  - SQLPAD_CONNECTIONS__mysql__host=mysql
  - SQLPAD_CONNECTIONS__mysql__database=myapp
  - SQLPAD_CONNECTIONS__mysql__username=app
  wait_for:
  - mysql
- name: docs
  image: nginx:alpine
  volatile: true          # Reset on every restart
  volume_mounts:
  - name: docs-content
    path: /usr/share/nginx/html

The sqlpad container automatically connects to the mysql dependency using its hostname. It waits for MySQL to be ready before starting. The docs container is stateless — its filesystem resets to the base image on each restart.

Endpoint

Endpoints expose workload ports to the external network. Each endpoint is assigned a DNS name and is accessible via HTTPS (HTTP endpoints) or TLS (TCP endpoints). See Endpoints for full details.

Field Type Description
name string Required. Unique name within the endpoints namespace. Used to construct the external DNS name.
hostname string Overrides name for composing the DNS record. The special value @ means no prefix is added.
type enum DEFAULT (public) or INTERNAL (only accessible from within sandbox workloads in the same org).
http HTTPRouter HTTP endpoint configuration. Mutually exclusive with tcp.
tcp TCPRouter TCP endpoint configuration. Mutually exclusive with http.

HTTPRouter

Field Type Description
routes HTTPRoutingRule[] Required. Path-based routing rules. The rule with the longest matching prefix wins.
auth_proxy AuthProxy Authentication settings. If unspecified, only org members can access the endpoint (secure by default).
path string Default path appended to the URL when the endpoint is opened in a browser (informational only).
request_headers map[string]string Headers injected into all incoming requests.
response_headers map[string]string Headers injected into all outgoing responses.

HTTPRoutingRule

Each rule routes requests matching a path pattern to a backend workload. Exactly one of path_prefix, path, or header_regexp must be specified.

Field Type Description
path_prefix string Match requests whose path starts with this prefix. Use longest-prefix semantics.
path string Match requests with exactly this path.
header_regexp HeaderRegexp Match requests by a specific header value (regex).
backend TargetPort Required. The workload and port to forward matched requests to.

TCPRouter

Field Type Description
backend TargetPort Required. The workload and named port to forward TCP connections to.
tls_passthrough boolean If true, TLS is not terminated at the endpoint — the connection is passed through as-is. The backend must handle TLS.

AuthProxy

Controls who can access an HTTP endpoint.

Field Type Description
disabled boolean If true, the endpoint is publicly accessible without authentication.
disable_defaults boolean If true, the default policy (allow org members) is not applied. Only explicitly ACCEPT rules grant access.
rules AuthProxy.Rule[] Access control rules evaluated against the visitor's email address.
logout_path string Custom logout path. If unspecified, the default /.logout is used.
mode enum DEFAULT (standard auth flow) or PASSTHROUGH (skip auth, use header-matching or OAuth dispatch).
passthrough AuthProxy.Passthrough Configuration for passthrough mode.

AuthProxy.Rule

Rules are evaluated in order. The first matching rule's action determines the outcome.

Field Type Description
action enum ACCEPT, REJECT, or NONE (no match).
pattern string Glob-style email pattern (e.g. *@vendor.com).
regexp string Regular expression matched against the email address.

AuthProxy.Passthrough

Field Type Description
required_headers HeaderRegexp[] Headers that must be present and match the given regex. Requests not matching return 401.
fallback_to_login boolean If true and headers don't match, fall back to the standard login flow instead of returning 401.
oauth_callback_path string Path used as the OAuth callback. Allows all sandbox endpoints to share a single OAuth callback URL registered with the provider (https://login.SYS-DOMAIN/oauth/callback).

Endpoint Examples

HTTP endpoint with path-based routing:

endpoints:
- name: app
  http:
    routes:
    - path_prefix: /api
      backend:
        target: dev
        port: api
    - path_prefix: /
      backend:
        target: dev
        port: web
    path: /dashboard         # Browser opens this path by default
    request_headers:
      X-Foo: Bar

HTTP endpoint open to external users:

endpoints:
- name: preview
  http:
    routes:
    - path_prefix: /
      backend:
        target: frontend
        port: http
    auth_proxy:
      rules:
      - action: ACCEPT
        pattern: '*@partner.com'
      - action: REJECT
        pattern: 'blocked@partner.com'

The blocked@partner.com rule is evaluated first (rules run in order), so that address is rejected even though it matches *@partner.com.

Internal endpoint (accessible only within the org's sandboxes):

endpoints:
- name: internal-api
  type: INTERNAL
  http:
    routes:
    - path_prefix: /
      backend:
        target: backend
        port: api
    auth_proxy:
      disabled: true

TCP endpoint with TLS passthrough:

endpoints:
- name: db
  tcp:
    backend:
      target: dev
      port: postgres
    tls_passthrough: true

Volume

Named volumes that can be mounted into workspaces and containers. Volumes must be declared here before they can be referenced in a volume_mounts entry.

Each volume must specify exactly one source: content, secret, or workload.

Field Type Description
name string Required. Unique volume name. Referenced by VolumeMount.from.volume_name.
description string Human-readable description.
content Volume.Content Volume containing static content (text or binary).
secret Volume.Secret Volume whose content comes from a shared secret.
workload Volume.Workload Volume backed by another workload's filesystem path.

Volume.Content

Field Type Description
text string Plain text content.
binary string Base64-encoded binary content.

Volume.Secret

Field Type Description
name string Name of the shared secret to mount as volume content.

Volume.Workload

Field Type Description
name string Name of the workload whose filesystem path is mounted.
prefix string Optional path prefix within the workload's filesystem.

VolumeMount

A mountpoint declaring where a volume should appear in a container's filesystem.

Field Type Description
name string Required. Unique mount name. Also used as the volume name when from is not specified.
path string Absolute path where the volume is mounted inside the container.
sub_path string Mount from a sub-path within the volume, rather than its root.
from VolumeMount.VolumeFrom Reference to the volume to mount. If omitted, the volume named name is used.

VolumeMount.VolumeFrom

Exactly one of volume_name or volume must be specified.

Field Type Description
volume_name string Name of a volume declared in the top-level volumes list.
volume Volume Inline volume definition (does not need to be declared in volumes).

ResourceGroup

External resources whose lifecycle is tied to the sandbox — for example, cloud infrastructure provisioned via Terraform or custom scripts. See External Resources for full details.

Each ResourceGroup must specify exactly one of handlers or terraform.

Field Type Description
name string Required. Unique resource name.
description string Human-readable description.
brief string Short Markdown template for rendering summary information.
details string Markdown template for detailed information.
handlers ResourceGroup.Handlers Custom script handlers for lifecycle events.
terraform ResourceGroup.Terraform Terraform-based lifecycle handler.
wait_for string[] Names of other resources or workloads that must be ready before this resource is handled.

ResourceGroup.Handlers

Each handler field is an ExecHandler.

Field Type Description
on_create ExecHandler Execute on sandbox creation.
on_delete ExecHandler Execute on sandbox deletion.
on_suspend ExecHandler Execute before the sandbox is suspended.
on_resume ExecHandler Execute after the sandbox is resumed.

ExecHandler

Field Type Description
use_workspace ExecHandler.UseWorkspace Required. Specifies which workspace runs the handler.
max_retries integer Maximum number of retries on failure.
timeout string Total timeout including retries (e.g. 300s).
save_state boolean If true, the handler's output is saved as the resource state at /run/sandbox/fs/resources/NAME.

ExecHandler.UseWorkspace:

Field Type Description
name string Name of the workspace to run the command in.
run Run The command to execute.
require_build boolean If true, waits for the initial build to complete before running.
artifacts string[] Informational list of artifacts produced (e.g. terraform or terraform:dir/terraform.state).

ResourceGroup.Terraform

Field Type Description
workspace string Required. Name of the workspace where Terraform runs.
dir string Directory of the Terraform main module (absolute or relative to $HOME).
require_build boolean If true, waits until the first build completes before running.
run Terraform.Exec Default Terraform execution spec for on_create and on_resume.
on_suspend Terraform.Exec Runs terraform apply during suspension. When specified, on_resume is also enabled automatically.
on_delete Terraform.Exec Additional arguments for running terraform destroy on deletion.
output string Terraform output name. The value of terraform output -json $output is used as the event output.
save_state boolean If true, the output value is saved as resource state (only for on_create and on_resume).

Terraform.Exec

Field Type Description
max_retries integer Maximum number of retries.
timeout string Total execution timeout including retries (e.g. 1800s).
command string The Terraform binary path. Defaults to terraform.
args string[] Additional arguments passed to the Terraform command.
env string[] Additional environment variables in KEY=VALUE format.
vars map[string]string Terraform variables passed via -var key=value on the command line.

ResourceGroup Example

resources:
- name: aws
  brief: AWS infrastructure for this sandbox
  terraform:
    workspace: dev
    dir: infra/aws
    require_build: true
    run:
      max_retries: 3
      timeout: 1800s
      vars:
        sandbox_id: '$SANDBOX_ID'
    save_state: true
- name: k8s-deploy
  wait_for:
  - aws
  handlers:
    on_create:
      use_workspace:
        name: dev
        run:
          dir: infra/k8s
          cmd: kubectl apply -f manifests/
    on_delete:
      use_workspace:
        name: dev
        run:
          dir: infra/k8s
          cmd: kubectl delete -f manifests/ || true
    on_suspend:
      use_workspace:
        name: dev
        run:
          cmd: kubectl scale --replicas=0 deploy --all -n sandbox-${SANDBOX_ID}
    on_resume:
      use_workspace:
        name: dev
        run:
          cmd: kubectl scale --replicas=1 deploy --all -n sandbox-${SANDBOX_ID}

Here, k8s-deploy waits for aws to complete (using wait_for), so AWS infrastructure is always provisioned before the Kubernetes deployment begins.

Customization

Customizations allow advanced configuration of a sandbox or template. Each entry in the customizations list must specify exactly one type.

Type Description
flavor A named set of overrides for the sandbox (env vars, checkout branches, excluded workloads).
env Expose an environment variable as a user-configurable input at sandbox creation.
kubernetes Define a Kubernetes interception plan.
property_set Opaque key/value pairs for activating external functionality.
settings Apply org-level settings overrides by name.
lockdown Apply security hardening policies to selected workloads.
detach_env Detach sandbox-specific metadata from the environment (for pooled sandboxes).
mcp_server Declare this sandbox as an MCP server for the org.
llm_agent Declare this sandbox/template as an LLM agent.

Flavor

A Flavor is a named preset that overrides parts of the sandbox at creation time. Users can select a flavor when creating a sandbox to get a specific configuration. See also Customization.

Field Type Description
name string Required. Display name of the flavor.
description string Description shown to the user when selecting this flavor.
default boolean If true, this flavor is pre-selected by default in the Web Console.
env string[] Environment variables appended at the sandbox level when this flavor is selected.
workspaces map[string]Flavor.Workspace Per-workspace overrides. The key is the workspace name.
excludes string[] Names of workloads or resources to exclude entirely from the sandbox.
kubernetes_plan string Name of a Kubernetes customization plan to activate automatically at sandbox creation.

Flavor.Workspace:

Field Type Description
auto boolean Set the workspace to Auto Mode (automatically pulls new commits).
env string[] Workspace-scoped environment variables added for this flavor.
checkouts Flavor.Workspace.Checkout[] Override checkout configuration.

Flavor.Workspace.Checkout:

Field Type Description
path string Matches the checkout by its path field.
version_spec string Override the branch, tag, or commit to check out.

Flavor Example:

customizations:
- flavor:
    name: frontend-only
    description: Only the frontend workspace; no backend services.
    env:
    - DISABLE_BACKEND=true
    excludes:
    - backend
    - mysql
    workspaces:
      frontend:
        checkouts:
        - path: ui
          version_spec: next
- flavor:
    name: full-stack
    description: All services running end-to-end.
    default: true

Env (Customization)

Exposes an environment variable defined in the top-level env list as a configurable field in the sandbox creation UI.

Field Type Description
name string Required. Name of the environment variable to expose (must be defined in the top-level env).
display_name string Label shown in the Web Console creation form.
description string Explanation of the variable and its expected value.
validators Validator[] Validation rules (currently supports regexp).
choice StringChoice Constrain the value to a set of options.

StringChoice:

Field Type Description
options string[] List of allowed values.
default string Default selected value. If omitted, the value from env or the first option is used.
editable boolean If true, users can also type a custom value in addition to selecting from options.

Customization Env Example:

env:
- REGION=us-east-1

customizations:
- env:
    name: REGION
    display_name: AWS Region
    description: The AWS region where sandbox resources will be provisioned.
    choice:
      options:
      - us-east-1
      - us-west-2
      - eu-west-1
      default: us-east-1

Lockdown

Applies security hardening policies to selected workloads. See Lockdown for full details.

Field Type Description
apply_to string[] Workload names or glob patterns to apply the policy to. If empty, applies to all workloads.
allow_api_access boolean If true, allows the workload to call the Crafting API. Default: false.
allow_ssh_keypair boolean If true, allows the workspace SSH agent to use the managed keypair. Default: false.
accessible_secrets string[] Names or glob patterns of shared secrets that may be mounted. Secrets not listed are blocked.
outbound_ip_filters IPFilter[] Outbound connection filter rules evaluated in order.
dns_filters DNSFilter[] DNS resolution filter rules evaluated in order.

IPFilter:

Field Type Description
cidrs string[] CIDR ranges matching the destination IP. If empty, matches any IP.
ports integer[] Port numbers to match. If both ports and port_ranges are empty, matches any port.
port_ranges PortRange[] Port ranges (start and end, inclusive) to match.
block boolean Required. If true, matching traffic is blocked. If false, it is explicitly allowed.

DNSFilter:

Field Type Description
names string[] DNS name patterns. * matches a single label (one level), ** matches multiple levels. If empty, matches any name.
block boolean Required. If true, matching names return NXDOMAIN.

Lockdown Example:

customizations:
- lockdown:
    apply_to:
    - agent-*
    allow_api_access: false
    allow_ssh_keypair: false
    accessible_secrets:
    - github-token
    outbound_ip_filters:
    - cidrs:
      - 0.0.0.0/0
      ports:
      - 22
      block: true           # Block all outbound SSH
    dns_filters:
    - names:
      - '**.internal.corp'
      block: true           # Block resolution of internal corporate DNS

Kubernetes

Defines a Kubernetes interception plan for routing traffic between the sandbox and a connected Kubernetes cluster. See Kubernetes Dev Experience for full details.

Field Type Description
plan string Required. Name of this plan. Referenced by Flavor.kubernetes_plan.
cluster string Name of the connected cluster. Optional if only one cluster is connected.
namespace string Current namespace in the ClusterNetwork configuration.
workloads Kubernetes.Workload[] Mapping between sandbox workloads and Kubernetes workloads to intercept.
ingresses Kubernetes.Ingress[] Kubernetes Ingress or Service resources to mirror as sandbox endpoints.
intercept_condition Kubernetes.InterceptCondition When specified, interception is conditional. An empty object enables standard header-based routing.
network_via string Tunnel cluster network via a specific workload. Format: KIND/NAMESPACE/NAME.

Kubernetes.Workload:

Field Type Description
kind string Required. Kubernetes workload kind: Deployment, StatefulSet, DaemonSet, or Pod.
name string Required. Name of the Kubernetes workload.
namespace string Kubernetes namespace (default: default). Environment variable substitution is supported.
container string Container name within the workload. If omitted, the first container is used.
workload string Required. Name of the sandbox workload that replaces the Kubernetes workload.
port_forward Kubernetes.Workload.PortForward[] Port forwarding rules between the sandbox and the Kubernetes workload.

Kubernetes.Ingress:

Field Type Description
kind string Ingress (copy routing rules from a Kubernetes Ingress resource) or Service (single path_prefix=/ rule).
name string Required. Name of the Kubernetes resource.
namespace string Kubernetes namespace (default: default).
endpoint_name string Name of the sandbox endpoint to create.
custom_headers map[string]string Headers to inject into all ingress requests.
service_port string When kind is Service, the port name or number to use (default: first port).

Kubernetes.InterceptCondition:

Field Type Description
custom_headers map[string]string Only intercept requests matching these headers.

Detach Env

Detaches sandbox-specific and owner-specific information from the environment inside the sandbox. This allows pooled sandboxes to keep their processes running while in STANDBY state, enabling instant availability when claimed.

When enabled:

Field Type Description
enabled boolean Required. Enable detached environment mode. This setting is permanent and cannot be changed after sandbox creation.

MCP Server

Declares that this sandbox exposes an MCP (Model Context Protocol) server, making it discoverable for authorization as an org-level MCP server. See MCP Servers for full details.

Field Type Description
endpoint string Required. Name of the INTERNAL endpoint exposing the MCP server. Use http.path to specify a sub-path if the server is not at /.
protocol enum Transport protocol: AUTO (default), SSE (Server-Sent Events), or STREAM.

MCP Server Example:

endpoints:
- name: mcp
  type: INTERNAL
  http:
    routes:
    - path_prefix: /
      backend:
        target: dev
        port: mcp
    auth_proxy:
      disabled: true

customizations:
- mcp_server:
    endpoint: mcp
    protocol: SSE

LLM Agent

Declares that this sandbox or template can be used as an LLM agent. See Agentic Sessions for context.

Field Type Description
name string Display name of the agent. If omitted, the template or sandbox name is used.
brief string Short description of what the agent does.
scope enum DEFAULT or SANDBOX — the scope where the definition is applied.
workload string Name of the workload where the agent runs. If omitted, the first workload is used.
run Run Command to start the agent. Required if the workload is not a workspace; otherwise, the built-in workspace agent runs by default.

Property Set

Defines opaque key/value pairs used to activate external functionality. The type field identifies which functionality should react to this property set.

Field Type Description
type string Required. Unique identifier for the functionality (e.g. crafting.dev/sandbox/express).
properties map[string]string Key/value configuration for the functionality.

Settings Override

Applies named org-level settings overrides to the sandbox.

Field Type Description
overrides string[] Required. List of org settings override names to apply, in order.

Checkout

A checkout declares a source code repository that a workspace automatically clones and manages.

Field Type Description
path string Required. Local directory under $HOME where the code is checked out (relative path).
repo Checkout.Repo Remote repository definition. Mutually exclusive with template.
version_spec string Branch, tag, or commit to check out. Defaults to the repository's default branch.
disable_recursive_checkout boolean If true, submodules are not checked out recursively. By default, recursive checkout is enabled.
history Checkout.History Limit the depth of history fetched (for large repositories).
manifest Checkout.Manifest Automation configuration (hooks, daemons, jobs) for this checkout.

Checkout.Repo

Exactly one of git or github must be specified.

Field Type Description
git string Git remote URL. SSH format (e.g. git@github.com:org/repo) uses the workspace's managed SSH keypair. HTTPS format works for public repos.
github Checkout.Repo.GitHub GitHub App integration for private repositories (requires the org GitHub App).

Checkout.Repo.GitHub:

Field Type Description
org string Required. GitHub organization name.
repo string Required. Repository name.

Checkout.History

Limits the amount of git history fetched, useful for large repositories.

Field Type Description
depth integer Number of recent commits to fetch. Maps to git clone --depth.
since string Fetch commits more recent than this date or duration (e.g. 2025-01-01). Maps to git clone --shallow-since.

Checkout.Manifest

Defines the automation configuration for a checkout. When overlays is specified, the default .sandbox/manifest.yaml file in the repository is ignored.

Field Type Description
overlays Manifest.Overlay[] Ordered list of manifest overlays merged together.

Checkout.Manifest.Overlay

Exactly one of file, content, or inline must be specified.

Field Type Description
file string Path (with extension) relative to the repository root to load as the manifest.
content string Inline YAML or JSON manifest content. Prefer inline which is validated against the schema.
inline Repo.Manifest Directly embedded manifest object.
optional boolean If true, a missing file is not treated as an error.

Repo.Manifest

The manifest defines the automation that runs inside a checkout: hooks, daemons, jobs, commands, and tests.

Field Type Description
env string[] Environment variables shared by all commands in this manifest. Each entry is KEY=VALUE; expansion is supported.
hooks map[string]Run Override built-in hooks. Keys: post-checkout (runs after clone or incremental pull), build (runs after post-checkout).
daemons map[string]Repo.Daemon Background processes started after the build completes. The workspace restarts them if they stop.
jobs map[string]Repo.Job Cron jobs activated after the build completes.

Run

The run schema is used by hooks, daemons, jobs, and lifecycle handlers.

Field Type Description
cmd string Shell command executed as $SHELL -c CMD.
dir string Working directory (relative path under the checkout folder). Must exist when the command runs.
env string[] Additional environment variables appended after manifest-level env.

Repo.Daemon

Field Type Description
run Run Required. Command to start the daemon.
disable_on_start boolean If true, the daemon is not started automatically when the workspace starts.

Repo.Job

Field Type Description
run Run Required. Command to execute on the cron schedule.
schedule string Required. Cron schedule expression (e.g. 0 * * * * for every hour).
disable_on_start boolean If true, the job is not scheduled automatically when the workspace starts.

Manifest Example

checkouts:
- path: app
  repo:
    git: git@github.com:example-org/app
  manifest:
    overlays:
    - inline:
        env:
        - NODE_ENV=development
        hooks:
          post-checkout:
            cmd: npm install
          build:
            cmd: npm run build
        daemons:
          server:
            run:
              cmd: node dist/server.js
              env:
              - PORT=8080
        jobs:
          cleanup:
            run:
              cmd: ./scripts/cleanup.sh
            schedule: '0 3 * * *'   # Every day at 3am

GlobalProcess

A system-level background process (daemon) launched as root before checkout tasks run. Defined under workspace.system.daemons.

Exactly one of run or spec must be specified.

Field Type Description
name string Required. Unique name for this global process.
run Run Shell command to execute.
spec Process.Spec Low-level process specification (argv, user, restart policy).

SetupFile

A file to inject into the workspace filesystem on every startup (after snapshots are applied). Defined under workspace.system.files.

Exactly one of content, template, symlink, or secret must be specified.

Field Type Description
path string Required. Absolute path where the file is created. Paths starting with ~/ or /home/owner are in the home directory and are created after the home snapshot is applied. Intermediate directories are created automatically.
owner string File ownership as uid:gid. Defaults to 0:0 for system paths and 1000:1000 for home directory paths.
mode string Octal file permission mode (e.g. 0755). Default: 0644.
overwrite boolean If true, the file is always overwritten on startup. If false (default), the file is skipped if it already exists.
content string Raw file content, written as-is.
template string Go template rendered to produce the file content. Supported functions: env "VAR" (expand env var), secret "NAME" (replace with secret value).
symlink string Creates a symbolic link at path pointing to this value.
secret SetupFile.Secret Mounts the content of a named shared secret as the file.

SetupFile.Secret:

Field Type Description
name string Required. Name of the shared secret.

PortSpec

Declares a port exposed by a workload (workspace or container).

Field Type Description
name string Required. Unique port name within this workload. Referenced by endpoint backend.port.
port integer Required. Port number the workload listens on.
protocol string Protocol in L7/L4 format: HTTP/TCP, GRPC/TCP, TCP, UDP. Defaults to TCP.

TargetPort

References a named port on a workload, used in endpoint backends and port-forward rules.

Field Type Description
target string Name of the workload. May also be a URL to reference an external service; in that case, port should be omitted.
port string Name of the port, as defined in the workload's ports list.

PortForwardRule

Maps a remote address to a local address inside a workspace, enabling direct access to sandbox services from the developer's local machine.

Field Type Description
local string Local listening address. Formats: PORT (TCP on localhost), +PORT (TCP on primary interface), *PORT (TCP on all interfaces), /PATH (Unix socket).
remote TargetPort Remote workload and port to forward to.

ServiceProbes

Defines health, readiness, and activity probes for a workload.

Field Type Description
health Probe[] Health probes. A failing health probe marks the workload as unhealthy.
readiness Probe[] Readiness probes. A workload is considered ready only when all readiness probes are positive.
activity Probe[] Activity probes. Used to detect active use for auto-suspension purposes.
activity_detection ServiceProbes.ActivityDetection Fine-grained control over which session types count as activity for auto-suspension.

Probe

Each probe must specify exactly one check method: command, tcp_port, or http_get.

Field Type Description
name string Optional name for this probe.
command string A shell command run inside the container. Exit code 0 is positive; non-zero is negative.
tcp_port integer Attempt to connect to this TCP port. Success is positive; failure is negative.
http_get Probe.HttpGet Perform an HTTP GET request. A 2xx or 3xx response is positive.
interval string Interval between probe evaluations (e.g. 10s).
positive_threshold integer Consecutive positive results needed to transition to a positive state.
negative_threshold integer Consecutive negative results needed to transition to a negative state.
initial_delay string Delay before the first probe evaluation (e.g. 5s).
initial_negative_threshold integer Consecutive negative results allowed during initialization before reporting negative. Use a larger value than negative_threshold if startup is slow.

Probe.HttpGet:

Field Type Description
port integer TCP port to send the HTTP GET request to.
path string URL path for the request (e.g. /healthz).

Probe Example

containers:
- name: api
  image: myapp/api:latest
  ports:
  - name: http
    port: 8080
    protocol: HTTP/TCP
  probes:
    readiness:
    - http_get:
        port: 8080
        path: /healthz
      interval: 5s
      positive_threshold: 2
      negative_threshold: 3
      initial_delay: 10s
    health:
    - tcp_port: 8080
      interval: 30s
      negative_threshold: 3

ScheduleSpec

Controls which node pool a workload is scheduled on and what resources it requests. See Schedule Specification for full details.

This feature is only available in Crafting Enterprise Edition.

Field Type Description
selector ScheduleSpec.PoolSelector Node pool selector.
resource_requests ScheduleSpec.ResourceRequest[] Additional resource requests (memory, GPU, etc.).
storage ScheduleSpec.Storage Persistent storage configuration.

ScheduleSpec.PoolSelector:

Field Type Description
name string Required. Exact name of the node pool to schedule on.

ScheduleSpec.ResourceRequest:

Field Type Description
resource_type string Resource type, e.g. memory or nvidia.com/gpu.
request string Minimum requested amount (e.g. 4Gi for memory, 1 for GPU).
limit string Maximum allowed amount. For GPUs, request and limit should be equal. For memory, this should not be set.

ScheduleSpec.Storage:

Field Type Description
storage_class string Kubernetes StorageClass name in the Crafting cluster.
request_size_gb integer Initial persistent volume size in gigabytes.
limit_size_gb integer Maximum size the volume can expand to. If omitted, a system-level limit applies.
local_disk Storage.LocalDisk Mount ephemeral local-attached storage.

ScheduleSpec.Storage.LocalDisk:

Field Type Description
mount_point string Absolute path where the ephemeral disk is mounted.
fallback_empty_dir boolean If true, an empty directory is always created at mount_point even when no local disk is available.

UserContext

Specifies user and/or group identity for running a container process.

Exactly one of uid or user (and optionally one of gid or group) must be specified.

Field Type Description
uid integer Numeric user ID.
user string Username.
gid integer Numeric group ID.
group string Group name.

See Also