Kubernetes-native Sandbox Engine for AI Agents
Agent Sandbox is a Kubernetes Operator that manages AI agent sandbox Pod lifecycles using a pre-warmed Pod pool with in-place image upgrades. Instead of scheduling a new Pod for every sandbox request — which incurs 15–60 seconds of cold-start latency — Agent Sandbox pre-warms a pool of idle Pods and reassigns one to an incoming request in under 100ms.
It is purpose-built for workloads where sandbox allocation speed is critical:
- Reinforcement learning training pipelines (SWE-bench, Terminal-bench, and custom RL environments)
- AI coding agents that need on-demand isolated execution environments
- Multi-agent systems requiring dozens or hundreds of sandboxes simultaneously
| Feature | Description |
|---|---|
| < 100ms Allocation | Pre-warmed Pod pool eliminates scheduling overhead; sandboxes are ready in milliseconds |
| In-Place Image Upgrade | Running Pods are updated with a new image without recreation, preserving pool warmth |
| Cross-Cluster & Multi-Region | ExtProc-based routing dispatches requests transparently across multiple clusters |
| E2B SDK Compatible | Drop-in replacement for the E2B API — existing E2B clients work without code changes |
| Optimized for RL Training | Purpose-built for SWE-bench, Terminal-bench, and large-scale RL environment rollouts |
| Kubernetes Native | Managed via CRDs (SandboxPool, SandboxTemplate); integrates with RBAC, namespaces, and autoscaling |
| Any Image, No Rebuild | Bring any container image; no custom base image or agent installation required |
| Prometheus Metrics | First-class observability with a Prometheus endpoint and pre-built Grafana dashboards |
| Binary | Purpose | Ports |
|---|---|---|
cmd/sandbox |
Operator + REST API Server | :8080 (API), :8090 (E2B-compat), :8082 (metrics) |
cmd/envoyextproc |
Data-plane ExtProc for cross-cluster routing | :9002 (gRPC), :9003 (control-plane) |
cmd/wsproxy |
WebSocket reverse-proxy sidecar for terminal access | :9003 (WS), :9004 (sync) |
SandboxPool(sbp, namespace-scoped) — defines a pre-warmed Pod pool withReplicas, optional autoscaling, and an inline or referenced templateSandboxTemplate(sbt, cluster-scoped) — reusable Pod template withidleImageandruntimes
| Metric | Traditional Kubernetes | Agent Sandbox |
|---|---|---|
| Sandbox allocation latency | 15–60 s | < 100 ms |
| Pod churn per request | 1 create + 1 delete | 0 (pool reuse) |
| Image pull on every request | Yes (cold start) | No (pre-warmed) |
| Autoscaling to zero | Supported | Supported |
| Cross-cluster routing | Manual / external LB | Built-in ExtProc |
- Kubernetes 1.26+
kubectlconfigured against your clusterhelm(optional, for chart-based install)
Agent Sandbox is designed to serve as the environment backend for large-scale RL training runs. Thousands of rollout workers can each request a fresh isolated sandbox in milliseconds, dramatically reducing the environment-reset bottleneck:
Deploy sandbox pools across multiple clusters or regions. The ExtProc component routes API requests to the appropriate cluster transparently — no changes needed in client code:
- Go 1.25+
make- Docker (for image builds)
controller-gen,oapi-codegen(installed automatically bymake)
# Build all binaries
make build
# Build individual binaries
make build-controller # sandbox operator + API server (linux/amd64)
make build-extproc # envoy extproc (linux/amd64)
make build-wsproxy # websocket proxymake manifests # Regenerate CRD YAML + RBAC
make generate # Regenerate DeepCopy methods
make gen-all-api # openapi.yaml → Go + TypeScript + Python SDK
make sync-crds-to-helm # Sync CRDs + manager ClusterRole into Helm chartsmake test # Unit tests (no cluster required)
make test-e2e # E2E tests (requires a real cluster)make lint-fixWe welcome contributions of all kinds — bug reports, feature requests, documentation improvements, and code. Please read CONTRIBUTING.md before submitting a pull request.
All commits must include a Signed-off-by line (see DCO). Use git commit -s to add it automatically.
Apache License 2.0 — see LICENSE for details.
Copyright © 2026 ScitiX.