# Declaw > Declaw is a security-first sandbox platform for AI agents. Run untrusted code in sandbox microVMs with PII redaction, prompt injection defense, and network policy enforcement. ## Docs - [Authentication](https://docs.declaw.ai/api-reference/authentication.md): How to authenticate requests to the Declaw API using the X-API-Key header. - [Kill Command](https://docs.declaw.ai/api-reference/command/kill.md): Kill a background process by its PID. - [List Commands](https://docs.declaw.ai/api-reference/command/list.md): List all tracked background processes for a sandbox. - [Run Command](https://docs.declaw.ai/api-reference/command/run.md): Execute a command inside a sandbox and return the result synchronously. - [Run Command (Stream)](https://docs.declaw.ai/api-reference/command/run-stream.md): Execute a command and stream stdout/stderr in real-time via Server-Sent Events. - [Send Stdin](https://docs.declaw.ai/api-reference/command/send-stdin.md): Write data to the stdin of a running background process. - [Wait for Command](https://docs.declaw.ai/api-reference/command/wait.md): Block until a background command completes and return its result. - [File Exists](https://docs.declaw.ai/api-reference/filesystem/exists.md): Check whether a path exists inside a sandbox. - [File Info](https://docs.declaw.ai/api-reference/filesystem/info.md): Get metadata for a file or directory inside a sandbox. - [List Directory](https://docs.declaw.ai/api-reference/filesystem/list-dir.md): List the entries of a directory inside a sandbox. - [Make Directory](https://docs.declaw.ai/api-reference/filesystem/mkdir.md): Create a directory (and all parent directories) inside a sandbox. - [Read File](https://docs.declaw.ai/api-reference/filesystem/read.md): Read the content of a file inside a sandbox. - [Remove File](https://docs.declaw.ai/api-reference/filesystem/remove.md): Remove a file or directory from a sandbox. - [Rename / Move File](https://docs.declaw.ai/api-reference/filesystem/rename.md): Rename or move a file or directory inside a sandbox. - [Watch Directory](https://docs.declaw.ai/api-reference/filesystem/watch.md): Watch a directory for filesystem changes via Server-Sent Events. - [Write File](https://docs.declaw.ai/api-reference/filesystem/write.md): Create or overwrite a file inside a sandbox. - [Write Files (Batch)](https://docs.declaw.ai/api-reference/filesystem/write-batch.md): Write multiple files to a sandbox in a single request. - [Write File (Raw / Binary)](https://docs.declaw.ai/api-reference/filesystem/write-raw.md): Stream raw bytes into a sandbox file. Binary-safe, up to 500 MiB per request. - [API Overview](https://docs.declaw.ai/api-reference/overview.md): Conventions, base URL, request/response format, and error handling for the Declaw REST API. - [Create Sandbox](https://docs.declaw.ai/api-reference/sandbox/create.md): Create a new isolated sandbox sandbox. - [Create Snapshot](https://docs.declaw.ai/api-reference/sandbox/create-snapshot.md): Create a snapshot of the current sandbox state for later restoration. - [Get Sandbox](https://docs.declaw.ai/api-reference/sandbox/get.md): Retrieve the full details of a single sandbox by its ID. - [Kill Sandbox](https://docs.declaw.ai/api-reference/sandbox/kill.md): Kill and destroy a sandbox and its underlying sandbox VM. - [List Sandboxes](https://docs.declaw.ai/api-reference/sandbox/list.md): Return all sandboxes visible to the authenticated API key. - [List Snapshots](https://docs.declaw.ai/api-reference/sandbox/list-snapshots.md): List all snapshots (periodic, pause, and manual) for a sandbox, newest first. - [Get Metrics](https://docs.declaw.ai/api-reference/sandbox/metrics.md): Retrieve resource usage metrics for a sandbox. - [Pause Sandbox](https://docs.declaw.ai/api-reference/sandbox/pause.md): Freeze a running sandbox, preserving its in-memory state. - [Restore Sandbox](https://docs.declaw.ai/api-reference/sandbox/restore.md): Restore a sandbox from a snapshot, potentially on a different worker. - [Resume Sandbox](https://docs.declaw.ai/api-reference/sandbox/resume.md): Resume a paused sandbox from its most recent pause snapshot. - [Set Timeout](https://docs.declaw.ai/api-reference/sandbox/set-timeout.md): Update the auto-kill timeout for a running sandbox. - [Get Sandbox Status](https://docs.declaw.ai/api-reference/sandbox/status.md): Lightweight check of whether a sandbox is currently running. - [sandbox MicroVM](https://docs.declaw.ai/architecture/firecracker.md): How Declaw uses sandbox microVMs for sandbox isolation: rootfs, TAP networking, boot process, and the envd in-VM daemon. - [Architecture Overview](https://docs.declaw.ai/architecture/overview.md): System diagram, component roles, and monorepo structure for Declaw's secure sandbox platform. - [Network Packet Flow](https://docs.declaw.ai/architecture/packet-flow.md): How network packets travel from sandbox workload to the internet through iptables, the TCP proxy, and the TLS layer. - [Security Proxy](https://docs.declaw.ai/architecture/security-proxy.md): How the transparent TLS proxy intercepts sandbox traffic, generates per-sandbox CA certificates, and runs the PII and injection scanning pipeline. - [Concepts](https://docs.declaw.ai/concepts.md): The core mental model for Declaw: sandbox microVMs, the envd daemon, the edge proxy security proxy, network namespaces, SecurityPolicy, and templates. - [Agent in Sandbox (Anthropic)](https://docs.declaw.ai/cookbook/agent-in-sandbox/anthropic.md): Use Anthropic Claude to generate Python code and execute it securely inside a Declaw sandbox. The model runs on the host; only the generated code runs inside the isolated sandbox. - [Agent in Sandbox (Basic)](https://docs.declaw.ai/cookbook/agent-in-sandbox/basic.md): Upload an autonomous agent script into an isolated Declaw sandbox, execute it, and read back structured results. - [Agent in Sandbox (CrewAI)](https://docs.declaw.ai/cookbook/agent-in-sandbox/crewai.md): Run a CrewAI multi-agent workflow where a researcher agent specifies analysis requirements, a coder agent generates Python code, and all code executes inside an isolated Declaw sandbox. - [Agent in Sandbox (OpenAI)](https://docs.declaw.ai/cookbook/agent-in-sandbox/openai.md): Use OpenAI to generate Python code and execute it securely inside a Declaw sandbox. The LLM runs on the host; only the generated code runs inside the isolated sandbox. - [Agent in Sandbox (Fully Secured)](https://docs.declaw.ai/cookbook/agent-in-sandbox/secured.md): Create a Declaw sandbox with the complete security stack — network policy, PII redaction, injection defense, audit logging, and transformation rules — then run an autonomous agent inside it. - [Agent in Sandbox with Network Policy](https://docs.declaw.ai/cookbook/agent-in-sandbox/with-network-policy.md): Run an autonomous agent inside a Declaw sandbox that has a network allow-list. Only traffic to explicitly permitted domains is allowed; all other outbound connections are blocked. - [Background Process](https://docs.declaw.ai/cookbook/commands/background-process.md): Start, list, and kill background processes running inside a Declaw sandbox. - [Multi-Language Execution](https://docs.declaw.ai/cookbook/commands/multi-language-execution.md): Run shell commands, Python scripts, and complex pipelines within a single Declaw sandbox. - [Run Command](https://docs.declaw.ai/cookbook/commands/run-command.md): Run shell commands in a Declaw sandbox with environment variables, working directories, and error handling. - [Stream Command](https://docs.declaw.ai/cookbook/commands/stream-command.md): Stream command output in real-time from a Declaw sandbox using Server-Sent Events. - [Binary File Operations](https://docs.declaw.ai/cookbook/filesystem/binary-file-operations.md): Write and read arbitrary binary data — PNGs, compiled artifacts, base64-decoded payloads — through the Declaw sandbox filesystem. - [Download Results](https://docs.declaw.ai/cookbook/filesystem/download-results.md): Generate multiple output files inside a Declaw sandbox and iterate over them to read them back to the host. - [File Operations](https://docs.declaw.ai/cookbook/filesystem/file-operations.md): Write, read, check, list, rename, batch-write, and remove files inside a Declaw sandbox. - [Upload Dataset & Analyze](https://docs.declaw.ai/cookbook/filesystem/upload-dataset-analyze.md): Upload a CSV dataset and analysis script into a Declaw sandbox, run the analysis, and read back JSON results. - [AutoGen + Declaw](https://docs.declaw.ai/cookbook/frameworks/autogen-python.md): Implement AutoGen's CodeExecutor ABC backed by Declaw sandboxes. Plug it into a CodeExecutorAgent and run a RoundRobinGroupChat team for secure agentic code execution. - [CrewAI + Declaw](https://docs.declaw.ai/cookbook/frameworks/crewai-python.md): Equip a CrewAI agent crew with a Declaw sandbox tool for secure Python code execution. Define a @tool with crewai.tools, create an Agent and Task, and kick off a Crew. - [Haystack + Declaw](https://docs.declaw.ai/cookbook/frameworks/haystack-python.md): Create a custom Haystack @component that executes Python code in a Declaw sandbox, then connect it in a Haystack Pipeline alongside an OpenAI LLM generator. - [LangGraph + Declaw](https://docs.declaw.ai/cookbook/frameworks/langgraph-python.md): Build a LangGraph ReAct agent that executes Python code in a Declaw sandbox. Define a @tool with langchain_core, wire it into create_react_agent, and run it with or without an OpenAI key. - [Mastra + Declaw](https://docs.declaw.ai/cookbook/frameworks/mastra-typescript.md): Define a Mastra createTool that executes Python in a Declaw sandbox, wire it into a Mastra Agent, and run it with agent.generate(). Input validated with Zod schemas. - [OpenAI Agents SDK + Declaw](https://docs.declaw.ai/cookbook/frameworks/openai-agents-python.md): Add a Declaw sandbox tool to an OpenAI Agents SDK agent using @function_tool. Create an Agent, run it with Runner.run(), and get secure code execution out of the box. - [Agno (Phidata) + Declaw](https://docs.declaw.ai/cookbook/frameworks/phidata-python.md): Build an Agno (formerly Phidata) Toolkit that wraps Declaw sandbox execution, then attach it to an Agno Agent for secure, sandboxed Python code execution. - [Hello World](https://docs.declaw.ai/cookbook/getting-started/hello-world.md): Create a sandbox, run a command, and print the output — the simplest possible Declaw example. - [Multi-Sandbox Isolation](https://docs.declaw.ai/cookbook/getting-started/multi-sandbox-isolation.md): Prove that Declaw sandboxes are fully isolated — files written in one sandbox are invisible to another. - [Sandbox Lifecycle](https://docs.declaw.ai/cookbook/getting-started/sandbox-lifecycle.md): Walk through the full lifecycle of a Declaw sandbox: create, inspect, extend timeout, and destroy. - [Anthropic Code Interpreter](https://docs.declaw.ai/cookbook/llm-providers/anthropic-code-interpreter.md): Use Claude (claude-sonnet-4-20250514) to generate Python code from natural language questions, then execute it securely in a Declaw sandbox. Includes a demo mode that works without an API key. - [Gemini Code Interpreter](https://docs.declaw.ai/cookbook/llm-providers/gemini-code-interpreter.md): Use Google Gemini (gemini-2.0-flash) to generate Python code from natural language questions, then execute it securely in a Declaw sandbox. Uses the google-genai SDK. - [Groq Code Interpreter](https://docs.declaw.ai/cookbook/llm-providers/groq-code-interpreter.md): Use Groq's fast inference API (llama-3.1-8b-instant) to generate Python code from natural language questions, then execute it securely in a Declaw sandbox. - [Local LLM Code Interpreter](https://docs.declaw.ai/cookbook/llm-providers/local-llm-code-interpreter.md): Use a local LLM via an OpenAI-compatible API (Ollama, vLLM, LM Studio) to generate Python code, then execute it securely in a Declaw sandbox. No cloud API key required. - [OpenAI Code Interpreter](https://docs.declaw.ai/cookbook/llm-providers/openai-code-interpreter.md): Use GPT-4o-mini to generate Python code from natural language questions, then execute it securely in a Declaw sandbox. Includes a demo mode that works without an API key. - [Network Deny All](https://docs.declaw.ai/cookbook/network/network-deny-all.md): Create a Declaw sandbox with all outbound network access denied, and compare it against a sandbox with open internet access. - [Network Domain Allowlist](https://docs.declaw.ai/cookbook/network/network-domain-allowlist.md): Configure a Declaw sandbox to allow outbound traffic only to specific domains, blocking everything else. - [Network Exfiltration Prevention](https://docs.declaw.ai/cookbook/network/network-exfiltration-prevention.md): Use deny-all networking to prevent sensitive data from being exfiltrated from a Declaw sandbox, even by compromised code. - [Layer-4 network enforcement](https://docs.declaw.ai/cookbook/network/network-l4-enforcement.md): Verify that raw TCP connections to denied hosts fail at the kernel level — not just at the L7 proxy. - [Network Metadata Blocking](https://docs.declaw.ai/cookbook/network/network-metadata-blocking.md): Block the cloud metadata service (169.254.169.254) to prevent SSRF attacks while keeping normal internet access available. - [OpenAI Agents SDK — quick start](https://docs.declaw.ai/cookbook/openai-agents-quickstart.md): Run an OpenAI Agents SDK agent inside a declaw sandbox with full security guardrails enabled — ~20 lines of glue, no changes to agent logic. - [OpenAI Agents — PII redaction end-to-end](https://docs.declaw.ai/cookbook/openai-agents-security.md): Two places to scrub PII when an Agents-SDK agent runs on declaw — before the prompt reaches the LLM and at the VM's network boundary — using one policy surface. - [Code reviewer agent](https://docs.declaw.ai/cookbook/openai-agents/code-reviewer.md): Agent clones a public repo, runs ruff, applies auto-fixes, and emits a structured review inside a declaw ai-agent sandbox. - [Customer support triage](https://docs.declaw.ai/cookbook/openai-agents/customer-support.md): Multi-agent handoff (triage -> billing/technical) with PII redact + rehydrate inside a declaw base sandbox. - [Data analyst agent](https://docs.declaw.ai/cookbook/openai-agents/data-analyst.md): Agent loads a CSV, runs pandas queries, renders a chart, and writes a markdown report inside a declaw python sandbox. - [DevOps auditor](https://docs.declaw.ai/cookbook/openai-agents/devops-audit.md): Agent audits a Dockerfile and Kubernetes manifest using the devops template, with transformation rules to mask any leaked AWS keys before they reach the LLM. - [ML training agent](https://docs.declaw.ai/cookbook/openai-agents/ml-model.md): Agent trains a scikit-learn classifier in the code-interpreter template, writes a confusion matrix and metrics JSON. - [OpenAI Agents SDK — overview](https://docs.declaw.ai/cookbook/openai-agents/overview.md): Runnable recipes for agents executing inside declaw microVMs via the openai-agents sandbox backend. - [PTY access through the OpenAI adapter](https://docs.declaw.ai/cookbook/openai-agents/pty.md): Access the full declaw PTY surface from an OpenAI Agents SDK session — send keystrokes, resize, read output via SSE. - [Shell-only capability for older models](https://docs.declaw.ai/cookbook/openai-agents/quickstart-shell-only.md): Run an OpenAI Agents SDK agent with only the shell capability — targets gpt-4.1 and older models that reject grammar-typed custom tools. - [Shared Volume, Multi-Agent Fan-Out](https://docs.declaw.ai/cookbook/openai-agents/shared-volume-multi-agent.md): Upload a dataset once, then run several OpenAI Agents SDK agents (GPT-4.1) in parallel — each in its own Declaw sandbox with the same volume attached at /data. - [Custom transformation rules](https://docs.declaw.ai/cookbook/openai-agents/transformations.md): Regex-based directional rewrites applied at the sandbox's edge proxy. End-to-end proof that outbound bodies are rewritten before the request leaves the VM. - [TypeScript API builder](https://docs.declaw.ai/cookbook/openai-agents/typescript-api.md): Agent scaffolds an Express API, compiles with tsc, runs it as a background process, and hits it with curl. - [Web scraper agent](https://docs.declaw.ai/cookbook/openai-agents/web-scraper.md): Single-host network allowlist demo: agent scrapes one target, cannot exfiltrate anywhere else. - [Cookbook](https://docs.declaw.ai/cookbook/overview.md): Runnable examples for every Declaw feature, organized by category. - [CI/CD Pipeline in a Sandbox](https://docs.declaw.ai/cookbook/patterns/ci-cd-sandbox.md): Simulate a CI/CD test pipeline inside a Declaw sandbox. Upload a Python project with unit tests, run the test suite, parse pass/fail results, and demonstrate a failing test by injecting a bug. - [Data Analysis in a Sandbox](https://docs.declaw.ai/cookbook/patterns/data-analysis.md): Upload a CSV dataset into a Declaw sandbox, execute a Python analysis script that computes revenue statistics, and read the JSON results back to the host process. - [Git Clone and Fix](https://docs.declaw.ai/cookbook/patterns/git-clone-and-fix.md): Simulate cloning a repository, identifying a bug, applying a code fix, showing a diff, and verifying the fix with tests — all inside an isolated Declaw sandbox. - [HTTP Server in a Sandbox](https://docs.declaw.ai/cookbook/patterns/mcp-server-in-sandbox.md): Run a persistent Python HTTP API server inside a Declaw sandbox, interact with it using in-sandbox HTTP requests, and clean up — all from a single orchestrator script. - [Multi-Agent Sandboxed Pipeline](https://docs.declaw.ai/cookbook/patterns/multi-agent-sandboxed.md): Run a three-agent data pipeline where each agent operates in its own isolated Declaw sandbox. Data flows between agents through the orchestrator — never directly between sandboxes. - [Interactive stdio](https://docs.declaw.ai/cookbook/patterns/stdio-interactive.md): Bidirectional stdin/stdout/stderr for sandboxed processes — basic echo, multi-round conversations, separate stream callbacks, line counting, environment variables, and process lifecycle. - [URL helper methods](https://docs.declaw.ai/cookbook/patterns/url-helpers.md): Exercise the five URL-helper methods on Sandbox — envd_api_url, download_url, upload_url, get_host, and get_mcp_url. - [Web Scraping with Network Policy](https://docs.declaw.ai/cookbook/patterns/web-scraping-sandbox.md): Run a web scraper inside a Declaw sandbox with a network allow-list that restricts outbound access to a single domain, then prove that all other domains are unreachable. - [PII Actions](https://docs.declaw.ai/cookbook/pii/pii-actions.md): Compare the three PII action modes — redact, block, and log_only — and understand when to use each. - [PII in JSON request bodies](https://docs.declaw.ai/cookbook/pii/pii-json-body-safety.md): Verify that PII redaction preserves valid JSON structure — redaction tokens must not corrupt request bodies. - [PII Redaction](https://docs.declaw.ai/cookbook/pii/pii-redaction.md): Configure automatic PII detection and redaction for outbound HTTP traffic from a Declaw sandbox. - [PII Rehydration](https://docs.declaw.ai/cookbook/pii/pii-rehydration.md): Configure transparent PII deanonymization so sandbox code receives original PII values in API responses. - [SSN-specific redaction](https://docs.declaw.ai/cookbook/pii/pii-ssn-redaction.md): Verify that US Social Security Numbers in dashed format (123-45-6789) are properly redacted in outbound HTTP traffic. - [PII Streaming Rehydration](https://docs.declaw.ai/cookbook/pii/pii-streaming-rehydration.md): Understand how PII rehydration works with SSE streaming responses, including the chunk-boundary buffering strategy. - [Cursor-style agent with PTY handoff](https://docs.declaw.ai/cookbook/pty/agent-with-pty.md): Anthropic Claude agent with 5 tools and interactive PTY handoff — the agent asks permission before dropping you into a live terminal. - [Interactive sandbox shell in your local terminal](https://docs.declaw.ai/cookbook/pty/interactive-terminal.md): Drop your local terminal into a sandbox shell — raw-mode stdin forwarding, live output streaming, cursor resize support, clean exit. The ssh -style hand-off in ~80 lines of Python. - [Live monitoring dashboard](https://docs.declaw.ai/cookbook/pty/pty-dashboard.md): Real-time CPU, memory, and uptime dashboard streamed through a sandbox PTY with sparklines and in-place refresh. - [ANSI features and TUI detection](https://docs.declaw.ai/cookbook/pty/pty-features.md): ANSI colours, cursor movement, tput queries, and text styles through the sandbox PTY — proving full terminal emulation works. - [PTY REPL demo](https://docs.declaw.ai/cookbook/pty/pty-repl.md): Create a PTY, send keystrokes, resize the terminal, and cleanly exit — the simplest PTY round-trip. - [Visual effects showcase](https://docs.declaw.ai/cookbook/pty/pty-showcase.md): Rainbow banner, truecolor gradients, spinner, progress bar, and Matrix rain — all rendered inside the sandbox and streamed to your terminal. - [Credential Leak Prevention](https://docs.declaw.ai/cookbook/security-demos/credential-leak-prevention.md): Configure PII redaction and network deny-all to prevent credential exfiltration. Demonstrates TCP blocking, HTTP exfiltration prevention, DNS exfiltration blocking, and how the edge proxy redacts credentials from outbound HTTP traffic. - [Prompt Injection Attack Defense](https://docs.declaw.ai/cookbook/security-demos/prompt-injection-attack.md): Explore common prompt injection attack patterns and configure Declaw's injection defense to detect and block them. Compares behavior with and without the defense enabled. - [Supply Chain Attack Isolation](https://docs.declaw.ai/cookbook/security-demos/supply-chain-attack.md): Demonstrate how a malicious dependency behaves — reading sensitive files, attempting data exfiltration, writing to system directories — and how Declaw's sandbox isolation contains all of it. - [With vs Without Declaw](https://docs.declaw.ai/cookbook/security-demos/with-vs-without-declaw.md): Side-by-side comparison: run the same untrusted code in an unsecured sandbox and a fully secured sandbox. See exactly which operations succeed in each, and why even the unsecured sandbox is safer than direct host execution. - [Audit Logging](https://docs.declaw.ai/cookbook/security/audit-logging.md): Configure the per-sandbox audit opt-out and understand what Declaw records for lifecycle and security events. - [Injection Defense](https://docs.declaw.ai/cookbook/security/injection-defense.md): Configure prompt injection detection and blocking on a Declaw sandbox. Set sensitivity levels, choose enforcement actions, and see examples of payloads the scanner catches. - [Transformation Rules](https://docs.declaw.ai/cookbook/security/transformation-rules.md): Configure regex-based find-and-replace rules on a Declaw sandbox to automatically rewrite traffic through the proxy — mask internal hostnames, strip bearer tokens, and filter passwords. - [ai-agent — frameworks check](https://docs.declaw.ai/cookbook/templates/ai-agent-frameworks.md): Boot the ai-agent template and verify the major LLM-framework SDKs are importable, then run a tiny LangChain pipeline as a smoke test. - [ai-agent — fintech KYC with CrewAI (sandboxed)](https://docs.declaw.ai/cookbook/templates/ai-agent-kyc-crewai.md): A four-agent CrewAI KYC pipeline running inside one ai-agent sandbox with PII redaction + prompt-injection defense enforced at the proxy. - [ai-agent — health-tech prior auth with LangGraph (sandboxed)](https://docs.declaw.ai/cookbook/templates/ai-agent-prior-auth-langgraph.md): A LangGraph prior-authorization workflow: untrusted payer submission runs in a python sandbox, the GPT-4.1 appeal draft runs in an ai-agent sandbox with PHI redacted outbound and rehydrated inbound. - [base — shell tools end-to-end](https://docs.declaw.ai/cookbook/templates/base-shell-tools.md): Boot the base template and run git, curl, and jq in a single pipeline — the smallest useful Declaw sandbox. - [code-interpreter — executing LLM-generated Python](https://docs.declaw.ai/cookbook/templates/code-interpreter-data-viz.md): The code-interpreter template is a pre-provisioned Python runtime for arbitrary code an LLM decides to run — imports already installed, stdout/stderr captured, zero cold-install delay. - [devops — terraform + kubectl + docker](https://docs.declaw.ai/cookbook/templates/devops-terraform-kubectl.md): Plan a terraform config, lint a kubernetes manifest, and show the docker / helm versions in one sandbox — everything the devops template ships with. - [mcp-server — FastMCP hello-tool](https://docs.declaw.ai/cookbook/templates/mcp-server-fastmcp.md): Boot a FastMCP server inside a sandbox, register a tool, and call it over HTTP — the minimum end-to-end MCP flow. - [node — TypeScript script](https://docs.declaw.ai/cookbook/templates/node-typescript-script.md): Compile a TypeScript file with tsc and run it under Node.js 20 — the standard use of the node template. - [python — pandas CSV analysis](https://docs.declaw.ai/cookbook/templates/python-pandas-analysis.md): Upload a CSV, run a pandas analysis, and read the JSON result back — a minimal end-to-end use of the python template. - [web-dev — Next.js + Tailwind build](https://docs.declaw.ai/cookbook/templates/web-dev-nextjs.md): Scaffold a Next.js app with Tailwind, write a page, build it, and inspect the output — the web-dev template's happy path. - [List and Delete Volumes](https://docs.declaw.ai/cookbook/volumes/list-and-delete.md): Enumerate your Declaw volumes, inspect metadata, and delete the ones you no longer need. - [Share a Volume Across Sandboxes](https://docs.declaw.ai/cookbook/volumes/share-across-sandboxes.md): Upload a dataset once and attach it to N parallel Declaw sandboxes — no per-sandbox re-upload. - [Upload and Attach a Volume](https://docs.declaw.ai/cookbook/volumes/upload-and-attach.md): Upload a gzip'd tar archive once as a Declaw volume, then attach it to a sandbox at create time. - [Deployment](https://docs.declaw.ai/deployment/overview.md): How to run Declaw: managed cloud at api.declaw.ai or on-prem via the enterprise team. - [Commands](https://docs.declaw.ai/features/commands.md): Run commands inside sandboxes: blocking execution, streaming output, background processes, and stdin. - [Filesystem](https://docs.declaw.ai/features/filesystem.md): Read, write, and watch files inside Declaw sandboxes. Each sandbox has an isolated ext4 rootfs. - [Networking](https://docs.declaw.ai/features/networking.md): Control outbound network access from sandboxes using domain allowlists, IP CIDR rules, and the ALL_TRAFFIC constant. - [Port Proxy](https://docs.declaw.ai/features/port-proxy.md): Expose HTTP services running inside sandboxes to external clients via authenticated reverse-proxy URLs. - [PTY (pseudo-terminals)](https://docs.declaw.ai/features/pty.md): Run interactive commands inside a sandbox with a real pseudo-terminal — ANSI colours, live streaming output, keystroke-level stdin, session reconnect. - [Sandboxes](https://docs.declaw.ai/features/sandboxes.md): Manage sandbox sandboxes: lifecycle, state, metrics, and configuration options. - [Snapshots](https://docs.declaw.ai/features/snapshots.md): Create point-in-time snapshots of sandboxes and restore them to resume from a saved state. - [Interactive Stdio](https://docs.declaw.ai/features/stdio.md): Bidirectional stdin/stdout/stderr for sandboxed processes — send data incrementally, receive streaming output, and drive interactive command-line tools. - [Templates](https://docs.declaw.ai/features/templates.md): Built-in templates for common workloads, plus how to build your own with pre-installed dependencies. - [Installation](https://docs.declaw.ai/installation.md): Install the Declaw Python, TypeScript, or Go SDK, configure your connection, and verify your setup against a running Declaw instance. - [Introduction](https://docs.declaw.ai/introduction.md): Declaw is a security-first sandbox platform for AI agents. Execute untrusted code in isolated sandbox microVMs with transparent traffic interception for PII redaction, prompt injection defense, and network policy enforcement. - [Billing & Pricing](https://docs.declaw.ai/platform/billing.md): How Declaw meters sandbox compute and guardrails scans, the per-unit rates, and how the waterfall wallet model consumes free credits before your paid balance. - [Errors & Rate Limits](https://docs.declaw.ai/platform/errors.md): Status codes Declaw returns when a platform limit is hit, the JSON shape of each error, and how clients should handle them. - [Plans & Limits](https://docs.declaw.ai/platform/plans.md): Compare Declaw Cloud tiers. Every limit below is enforced at the API gateway — requests that exceed them are rejected with a documented error code. - [Usage & Monitoring](https://docs.declaw.ai/platform/usage.md): Read your account's balances, aggregate cost over a time range, and break down guardrails scans by scanner. Useful for budget dashboards, alerts, and reconciling invoices. - [Quickstart](https://docs.declaw.ai/quickstart.md): Run your first Declaw sandbox in five minutes. Install the SDK, create an isolated sandbox, execute a command, add a security policy, and clean up. - [Commands](https://docs.declaw.ai/sdks/go/commands.md): Run, start background processes, list, kill, and interact with commands inside a Declaw sandbox using sbx.Commands. - [Error Handling](https://docs.declaw.ai/sdks/go/error-handling.md): Error type hierarchy for the Go SDK, how to match specific errors with errors.As, and retry patterns for transient failures. - [Filesystem](https://docs.declaw.ai/sdks/go/filesystem.md): Read, write, list, rename, remove, and manage files inside a Declaw sandbox using sbx.Files. - [Go SDK](https://docs.declaw.ai/sdks/go/overview.md): Install the Declaw Go SDK and connect to the API using Config, functional options, and environment variables. - [PTY](https://docs.declaw.ai/sdks/go/pty.md): Go SDK reference for sbx.PTY — create and drive interactive pseudo-terminals inside the sandbox. - [Sandbox](https://docs.declaw.ai/sdks/go/sandbox.md): Create, connect, kill, inspect, extend timeout, pause, snapshot, and restore sandboxes using the Go SDK. - [Security Policy](https://docs.declaw.ai/sdks/go/security-policy.md): SecurityPolicy, PIIConfig, InjectionDefenseConfig, NetworkPolicy, TransformationRule, AuditConfig, and EnvSecurityConfig reference for the Go SDK. - [Stdio](https://docs.declaw.ai/sdks/go/stdio.md): Go SDK reference for sandbox.Stdio — start interactive subprocesses with bidirectional stdin/stdout/stderr. - [Templates](https://docs.declaw.ai/sdks/go/templates.md): Build and manage custom sandbox templates using the Go SDK's BuildTemplate, ListTemplates, and TemplateSpec. - [Volumes](https://docs.declaw.ai/sdks/go/volumes.md): Upload a tarball once and attach it to one or many Declaw sandboxes at create time using the Go SDK. - [AsyncSandbox](https://docs.declaw.ai/sdks/python/async-sandbox.md): Async-native sandbox class for concurrent workloads, multiple sandboxes, and async frameworks such as FastAPI and LangGraph. - [Commands](https://docs.declaw.ai/sdks/python/commands.md): Run, stream, list, kill, and interact with processes inside a Declaw sandbox using sbx.commands. - [Error Handling](https://docs.declaw.ai/sdks/python/error-handling.md): Exception hierarchy for the Python SDK, how to catch specific errors, and retry patterns for transient failures. - [Filesystem](https://docs.declaw.ai/sdks/python/filesystem.md): Read, write, list, rename, remove, and watch files inside a Declaw sandbox using sbx.files. - [OpenAI Agents SDK](https://docs.declaw.ai/sdks/python/openai-agents.md): Run agents built with the OpenAI Agents SDK inside a declaw sandbox — the agent's bash, file, and PTY tools all execute under declaw's full security posture without changing any agent logic. - [Python SDK](https://docs.declaw.ai/sdks/python/overview.md): Install the Declaw Python SDK and connect to the API using ConnectionConfig, synchronous Sandbox, or async AsyncSandbox. - [PTY](https://docs.declaw.ai/sdks/python/pty.md): Python SDK reference for sandbox.pty — create and drive interactive pseudo-terminals inside the sandbox. - [Sandbox](https://docs.declaw.ai/sdks/python/sandbox.md): Synchronous Sandbox class: create, connect, kill, inspect, extend timeout, pause, snapshot, and retrieve metrics. - [Security Policy](https://docs.declaw.ai/sdks/python/security-policy.md): SecurityPolicy, PIIConfig, InjectionDefenseConfig, NetworkPolicy, TransformationRule, AuditConfig, and EnvSecurityConfig reference for the Python SDK. - [Stdio](https://docs.declaw.ai/sdks/python/stdio.md): Python SDK reference for sandbox.stdio — start interactive subprocesses with bidirectional stdin/stdout/stderr. - [Templates](https://docs.declaw.ai/sdks/python/templates.md): Build and manage custom sandbox templates using the Template class, TemplateBase fluent builder, and BuildInfo models. - [Volumes](https://docs.declaw.ai/sdks/python/volumes.md): Upload a tarball once and attach it to one or many Declaw sandboxes at create time. - [Commands](https://docs.declaw.ai/sdks/typescript/commands.md): Run, stream, list, kill, and interact with processes using sandbox.commands in the TypeScript SDK. - [Error Handling](https://docs.declaw.ai/sdks/typescript/error-handling.md): Error class hierarchy for the TypeScript SDK, how to catch specific errors, and retry patterns for transient failures. - [Filesystem](https://docs.declaw.ai/sdks/typescript/filesystem.md): Read, write, list, rename, remove, and watch files inside a sandbox using sbx.files in the TypeScript SDK. - [TypeScript SDK](https://docs.declaw.ai/sdks/typescript/overview.md): Install the Declaw TypeScript SDK, configure ConnectionConfig, and create your first sandbox with SandboxOpts. - [PTY](https://docs.declaw.ai/sdks/typescript/pty.md): TypeScript SDK reference for sandbox.pty — create and drive interactive pseudo-terminals inside the sandbox. - [Sandbox](https://docs.declaw.ai/sdks/typescript/sandbox.md): TypeScript Sandbox class: create, connect, list, kill, set timeout, pause, snapshot, and retrieve metrics. - [Security Policy](https://docs.declaw.ai/sdks/typescript/security-policy.md): SecurityPolicy type, createSecurityPolicy(), PIIConfig, InjectionDefenseConfig, NetworkPolicy, TransformationRule, AuditConfig, and EnvSecurityConfig for the TypeScript SDK. - [Stdio](https://docs.declaw.ai/sdks/typescript/stdio.md): TypeScript SDK reference for sandbox.stdio — start interactive subprocesses with bidirectional stdin/stdout/stderr. - [Templates](https://docs.declaw.ai/sdks/typescript/templates.md): Build and manage custom sandbox templates using the TypeScript Template class, TemplateBase fluent builder, and BuildInfo types. - [Volumes](https://docs.declaw.ai/sdks/typescript/volumes.md): Upload a tarball once and attach it to one or many Declaw sandboxes at create time — TypeScript SDK. - [Audit Logging](https://docs.declaw.ai/security/audit-logging.md): What Declaw records for lifecycle and security events, how long it's kept, and how to opt out. - [Environment Secrets](https://docs.declaw.ai/security/env-secrets.md): Pass secrets to sandboxes securely using EnvSecurityConfig and SecureEnvVar to prevent leakage in logs and outbound traffic. - [Guardrails Service](https://docs.declaw.ai/security/guardrails-service.md): Deploy the optional ML-powered guardrails service for Presidio PII detection and HuggingFace prompt injection scanning. - [Network Policies](https://docs.declaw.ai/security/network-policies.md): Deep dive into NetworkPolicy: domain allowlists, IP CIDR rules, metadata service blocking, and the Layer-7 TCP proxy internals. - [Security Overview](https://docs.declaw.ai/security/overview.md): How SecurityPolicy composes PII redaction, prompt injection defense, network policies, transformations, and audit logging into a single enforcement pipeline. - [PII Redaction](https://docs.declaw.ai/security/pii-redaction.md): Configure automatic PII detection and redaction for outbound traffic from Declaw sandboxes. - [Prompt Injection Defense](https://docs.declaw.ai/security/prompt-injection.md): Detect and block prompt injection attacks in outbound requests and inbound responses using configurable sensitivity thresholds. - [Transformation Rules](https://docs.declaw.ai/security/transformation-rules.md): Rewrite request and response bodies using regex-based transformation rules with direction-aware application. ## OpenAPI Specs - [openapi](https://docs.declaw.ai/openapi.yaml) ## Optional - [Community](https://discord.gg/bjA5Zs9ZPw)