Sandbox Compute Environment

Every Portal One agent has access to an isolated Linux sandbox — a secure compute environment where agents can write code, run commands, and manage files without affecting your systems.

How Sandboxes Work

Sandboxes are powered by E2B and provide a complete Linux environment with:

• Python, Node.js, and common development tools pre-installed
• Package managers (pip, npm) for installing dependencies on the fly
• Full filesystem access within the sandbox
• Network access for downloading packages and fetching web content

Organization-Level Sharing

Sandboxes are shared per organization with per-agent workdir isolation. This means:

• All agents in your organization share the same sandbox environment
• Each agent has its own working directory to avoid conflicts
• Agents can access shared resources when needed for collaboration
• Files persist within the sandbox session

Sandbox Lifecycle

• Sandboxes are created on-demand when an agent needs compute
• They timeout after 5 minutes of inactivity to save resources
• When a sandbox times out, it pauses (not destroyed) so state can resume
• New sessions automatically resume paused sandboxes

Security

Sandbox isolation is why built-in tools are auto-approved:

• Sandboxes run in isolated containers — no access to your infrastructure
• File operations are confined to the sandbox filesystem
• Terminal commands execute inside the sandbox, not on Portal One servers
• Network access is outbound only — sandboxes can't expose services

This means your agents can experiment freely — write code, run scripts, process data — without any risk to your production systems.