Sandbox Security Overview
Security Layers
Isolation Modes
Key Management
Related Documentation

Sandbox Security Overview

StateSet Sandbox provides layered security from the edge to execution runtimes.

Security Layers

API Gateway: TLS, rate limiting, API key auth, and WAF
Controller: Input validation, authz, secret management, audit logging
Runtime Isolation: Container, gVisor, or microVMs (Kata/Firecracker)

Isolation Modes

Container: Fastest, best for trusted workloads
gVisor: User-space kernel for untrusted code
Kata/Firecracker: MicroVM isolation for sensitive workloads

Key Management

Generate strong API keys
Store keys in environment variables or secret managers
Rotate keys regularly

Sandbox Operations Overview Sandbox API Flow

⌘I