Repo-ready sandboxes for AI agents.MCP-native.

Deterministic dev environments that spin up in seconds. Stream command output to your agents, snapshot state, and fork instantly.

Request early access

Built from the infrastructure we use at Umans to run remote coding agents on real repos.

1Request
2Run
3Result
envs sandbox
# Dev: Add email validation and update tests
# Agent: Sure.
>envs.create_sandbox(repo="acme/api")
✓ connected in 2.1s (warm)
$pytest -q && ruff .
✓ 42 tests passed
$playwright test
saved: artifacts/e2e/signup.png
screenshot
# Agent: Done. Tests passed and verified.

Or give any assistant a real workspace

PM:"Reproduce the bug and write a diagnosis."
Bot:"Starting sandbox, running repro..."
diagnosis.md
Generated 2m ago

Setup kills agents

Agents fail when environments are flaky. Configuring dependencies and toolchains per-run is slow and error-prone.

"Code exec" isn't enough

Simple code sandboxes lack the services (Redis, PG) and full repo context needed for real engineering work.

State matters

Multi-step tasks need reproducibility. You need to snapshot state, fork it, and roll back when agents mess up.

Infrastructure for autonomous coding

Repo Profiles
Pre-configured environments.
Define deps, services, and toolchains once. We build and cache images so sandboxes start instantly.
Snapshots & Forks
Time travel for agents.
Snapshot a running sandbox, then fork it 10 times to let agents explore different solutions in parallel.
Streaming Exec
Real-time feedback.
Don't wait for command completion. Stream stdout/stderr back to the agent for immediate reaction.
MCP-Native
Plug and play.
Connects via Model Context Protocol. Use our standard MCP server to give any agent control over the sandbox.
Enterprise Controls
Safe by default.
Define egress rules, inject secrets securely, and audit every command executed by the agent.

How it works

1. Connect Repo

Link your GitHub repo and define a `devcontainer.json` or Dockerfile.

2. Start Sandbox

Agent requests a fresh environment. We boot it from warm cache.

3. Run Tasks

Agent executes tools via MCP. We stream output and track state.

Why not just use "code sandboxes"?

Generic "run untrusted code" APIs are built for snippet execution, not engineering. They lack the persistent filesystem, background services, and deterministic toolchain setup that real repos require.

envs is built for repository-scale work. We handle the heavy lifting of building and caching your environment so your agent can focus on the code.

Join the waitlist

We're onboarding teams gradually to ensure stability. Reserve your spot today.

Coming soon: Productivity sandboxes (Excel, PowerPoint) for agent-driven deliverables.

Frequently Asked Questions

Do you support devcontainer.json?

Yes. We use standard devcontainers to build your environment image, so you can reuse your existing configuration.

How fast do sandboxes start?

Warm starts (from prebuilt image) take less than 2 seconds. Cold starts depend on your build time, but we cache aggressively.

Can I run this in my own VPC?

Yes, for enterprise plans. We can deploy the data plane in your AWS/GCP account while we manage the control plane.

How do snapshots work?

We use copy-on-write filesystems. Taking a snapshot is near-instant, and forking from a snapshot creates a new isolated environment sharing the base layer.

Is there egress control?

Yes. You can whitelist domains that agents are allowed to access. By default, we block everything except package registries.