Sandbox Tiers

Compare sandbox tier capabilities, resource limits, and use cases

Sandbox Tiers

Flezi AgentBox uses All-In-One (AIO) sandbox containers to run agents in secure, isolated environments. Each tier provides a different set of capabilities and resource limits depending on your use case.

Tier Comparison

| Capability | Lite | Standard | Pro | |---|:---:|:---:|:---:| | Shell execution | Yes | Yes | Yes | | File system (read/write) | Yes | Yes | Yes | | Jupyter (Python + Node.js) | - | Yes | Yes | | MCP tool bridge | - | Yes | Yes | | Data analysis tools | - | Yes | Yes | | Browser (CDP) | - | - | Yes | | VNC desktop | - | - | Yes | | VS Code Server | - | - | Yes | | Screenshot streaming | - | - | Yes |

Resource Limits

| Resource | Lite | Standard | Pro | |---|---|---|---| | Memory | 512 MB | 1 GB | 2 GB | | CPU | 1 core | 2 cores | 2 cores | | Cell timeout | 30s | 30s | 30s | | Workspace | /workspace | /workspace | /workspace |

Network Egress Policy

Each tier has a configurable network egress policy:

disabled — No outbound network access. Code cannot import requests, urllib, fetch, or other networking libraries.
egress-allowlist (default for Standard) — Outbound traffic only to pre-approved domains.
configurable — Full network access with optional domain filtering.

| Policy | Lite | Standard | Pro | |---|---|---|---| | Default | disabled | egress-allowlist | configurable |

The disabled policy enforces network restrictions at the code level. Attempts to import networking libraries will be rejected before execution.

Use Cases

Lite — Quick Scripts & Automation

Best for agents that only need shell commands and file operations:

Text processing and transformation
File generation (reports, configs, templates)
CLI tool orchestration

Standard — Data Science & Analysis

Adds Jupyter notebook execution and MCP tool integration:

CSV analysis with pandas
Chart generation with matplotlib
JSON data processing and transformation
Multi-step data pipelines via MCP tools

Pro — Browser Automation & Full Stack

Full capabilities including browser control via Chrome DevTools Protocol:

Web scraping and data extraction
UI testing and screenshot capture
Interactive browser automation
Visual verification workflows

Starting a Sandbox

Use the CLI to start a sandbox with your chosen tier:

bash

# Start a Lite sandbox (default)
agentbox sandbox start
 
# Start a Standard sandbox with Jupyter
agentbox sandbox start --tier standard
 
# Start a Pro sandbox with browser support
agentbox sandbox start --tier pro

Check sandbox status:

bash

agentbox sandbox status

View logs:

bash

agentbox sandbox logs --follow

Stop and remove:

bash

agentbox sandbox stop

Port Mapping

| Service | Port | Tier | |---|---|---| | Jupyter | 8888 | Standard, Pro | | VNC (noVNC) | 6080 | Pro | | CDP (Chrome DevTools) | 9222 | Pro |

Security

All sandbox tiers enforce:

Container isolation — Each execution runs in its own container
Non-root user — Processes run as an unprivileged user by default
Workspace restriction — File operations are limited to /workspace/
Resource caps — Memory and CPU limits prevent resource exhaustion

File write operations outside /workspace/ are blocked at the service level, regardless of tier.

Next Steps

Build Your First Browser Agent — 5-minute tutorial
Execution Sandbox — Sandbox interface and keyboard shortcuts
CLI Setup — Install and configure the CLI