Skip to content

Virtual machines, sandboxes & browser

Agents get real Linux workspaces to run code, plus ephemeral sandboxes and an in-VM browser they can drive.

Capabilities

VM lifecycle

Create, list, wake, hibernate, and delete Linux VMs with configurable wake modes (explicit, on request, always on). VMs are provisioned by a separate VM plane.

VM exposure (public URLs)

Agents expose VM ports on org-scoped public hosts for previews and webhooks.

Short-lived sandboxes

Per-agent ephemeral sandboxes with inactivity auto-delete, sharing the same execution, file-transfer, and VFS surfaces as VMs — ideal for quick commands without provisioning a full VM.

Shell execution

Durable bash command execution on a VM or sandbox with streaming output, timeouts, and approval for dangerous commands.

File transfer (SCP)

Transfer files between platform storage and VM/sandbox paths.

VM secret injection

Store org/agent secrets onto a VM for use by later commands, without exposing values in chat.

Browser automation sessions

Agents drive headless Chrome inside a VM — navigate, click, type, screenshot, record video, and read console/network logs. Recordings become artifacts. Requires the browser skillset.

Tenant VM pills & lifecycle UI

Inline VM pills in conversations and tasks with resume/hibernate actions.

Last updated 2026-07-04