File transfer
File transfer should be explicit. A narrow copy operation is easier to audit and reason about than a broad writable host mount.
Copy into the guest
Section titled “Copy into the guest”cargo run -- cp ./input.json filebox:/work/input.jsoncargo run -- exec filebox -- python /work/process.py /work/input.jsonCopy out of the guest
Section titled “Copy out of the guest”cargo run -- cp filebox:/work/output.json ./output.jsonUse host mounts only when the workflow is intentionally a development workflow and the mounted path is narrow.
Planned runtime SDK shape
Section titled “Planned runtime SDK shape”Status: Planned lifecycle API.
sandbox.files.write("/work/input.json", input_bytes)result = sandbox.exec(["python", "/work/process.py"])output = sandbox.files.read("/work/output.json")await sandbox.files.write("/work/input.json", inputBytes);const result = await sandbox.exec(["node", "/work/process.js"]);const output = await sandbox.files.read("/work/output.json");Security checklist
Section titled “Security checklist”- Validate guest paths; reject traversal such as
../. - Treat symlinks carefully when reading from the guest.
- Avoid mounting
$HOME, credential directories, SSH agents, or cloud config paths. - Treat snapshots as containing any files that existed in the guest at snapshot time.