Security

Management API, not isolation.

Sandbox SDK normalizes provider management APIs. The selected provider supplies the security boundary.

Isolation still needs application security

Local runs code inside AgentOS with deny-by-default networking, but AgentOS is still beta. Your application must enforce authentication, authorization, quotas and host hardening.

Responsible disclosure

Report vulnerabilities privately to security@opencore.dev. Do not include production credentials or customer data.

Credentials

Provider credentials stay in official SDK configuration. Errors and serialized preview objects redact access tokens.

Preview URLs

Authenticated preview requests keep tokens inside request functions rather than JSON output or examples.

Local isolation

Local runs guest files, processes and sockets inside an AgentOS WebAssembly/V8 VM instead of host child processes.

Cleanup

Stop is idempotent and withSandbox attempts cleanup after every callback outcome.

Provider differences

Network policy, persistence, authentication and snapshot semantics differ. Check provider capabilities.