Skip to main content

oc sandbox create

Create a new sandbox. Alias: oc create HTTP API →
--timeout
int
default:"300"
Idle timeout in seconds
--cpu
int
default:"0"
CPU cores (0 = platform default)
--memory
int
default:"0"
Memory in MB (0 = platform default)
--env
string
Environment variable KEY=VALUE (repeatable)
--metadata
string
Metadata KEY=VALUE (repeatable)
--preview-auth
bool
Require a bearer token on the sandbox’s preview URLs. The server generates a 256-bit random token and prints it once. See Preview-URL authentication.
--preview-auth-token
string
Bring your own preview-URL bearer token (≥16 characters). Implies --preview-auth. Useful when your gateway already has a shared secret.
oc create --timeout 600 --cpu 2 --memory 1024 --env NODE_ENV=production
oc create --preview-auth                                    # server-generated token
oc create --preview-auth-token "$GATEWAY_TOKEN"             # bring your own

oc sandbox list

List all running sandboxes. Alias: oc ls HTTP API → Output columns: ID, TEMPLATE, STATUS, CPU, MEM, AGE 
oc ls
oc ls --json

oc sandbox get <id>

Show detailed information for a sandbox. HTTP API → Output: ID, Template, Status, CPU, Memory, Started, Ends.

oc sandbox kill <id>

Terminate and remove a sandbox. HTTP API →

oc sandbox hibernate <id>

Snapshot VM state and stop the sandbox. Displays snapshot size on success. HTTP API →

oc sandbox wake <id>

Resume a hibernated sandbox. HTTP API →
--timeout
int
default:"300"
Idle timeout in seconds after wake

oc sandbox set-timeout <id> <seconds>

Update the idle timeout for a running sandbox. HTTP API → 
oc sandbox set-timeout sb-abc123 600
For commands that resize a sandbox or freeze its size — scale, autoscale, lock, unlock, lock-status — see Scaling.

oc sandbox allowed-hosts <id>

Show the egress allowlist + per-secret allowed hosts the sandbox’s secrets proxy enforces. Useful for debugging “why is my outbound HTTP call being blocked” without having to cross-reference the secret store config separately. Sandboxes created without --secret-store return an empty allowlist — the sandbox has no per-store egress restriction. 
oc sandbox allowed-hosts sb-abc123
# Sandbox sb-abc123 (secret store: my-store)
#
# Egress allowlist:
#   • api.openai.com
#   • api.anthropic.com
#
# Per-secret allowed hosts:
#   OPENAI_API_KEY:
#     • api.openai.com
Use --json for the structured form: 
oc sandbox allowed-hosts sb-abc123 --json

{
  "sandboxID": "sb-abc123",
  "secretStore": "my-store",
  "egressAllowlist": ["api.openai.com", "api.anthropic.com"],
  "perSecretAllowedHosts": {
    "OPENAI_API_KEY": ["api.openai.com"]
  }
}

Layered forks

When a fork layers an additional --secret-store on top of an inherited one, egressAllowlist is the union of both stores’ allowlists (matches what the runtime proxy enforces). The response includes both store names — secretStore is the primary (whose secrets shadow the base on env-name collisions), baseSecretStore is the inherited parent: 
{
  "sandboxID": "sb-fork456",
  "secretStore": "fork-override",
  "baseSecretStore": "fork-parent",
  "egressAllowlist": ["api.openai.com", "api.anthropic.com", "api.example.com"],
  "perSecretAllowedHosts": {
    "OPENAI_API_KEY": ["api.openai.com"]
  }
}
baseSecretStore is omitted in the single-store case (no layering).