# PlatPhorm Sandbox Purpose: canonical public-safe isolated execution lab, lifecycle workspace, MCP tool test bench, command runner, file workspace, API/spec validator, BrowserOps companion, AgentUI/Phorm prototype runner, Fingerprint/JA4 evidence lab, Trace-linked runtime, and platphormctl developer sandbox for PlatPhormNews. Lifecycle: choose template -> create sandbox -> write files -> run command -> stream logs -> read outputs -> validate output -> send to next tool -> capture trace -> export evidence. Endpoints: 135 Public templates: 34 MCP tools: 102 MCP resources: 35 MCP prompts: 15 Public no-auth: bounded sandbox creation, bounded command execution, safe file operations, snapshots where provider supports them, JSON/XML/spec validation, public docs, health, route/discovery summaries, llms/OpenAPI/RSS/sitemap/well-known, and MCP introspection. Dry-run policy: public dry-runs validate template files, commands, provider availability, auth requirements, network policy, intended artifacts, and handoffs without creating a provider sandbox or running remote commands. Handoff model: Sandbox prepares public-safe evidence packets for the next PlatPhorm tool and reports planned, preview_ready, degraded, or protected_required unless a downstream service confirms receipt. Web4 status: /.well-known/web4.json, /api/web4/status, /api/web4/scorecard, /api/web4/fingerprints, and /.well-known/provenance.json expose provenance-ready public facts without publishing private fingerprints. Protected/admin: Authorization: Bearer $PLATPHORM_API_KEY or X-PlatPhorm-API-Key: $PLATPHORM_API_KEY for global policy changes, credential changes, raw audit export, registry mutation, deployment mutation, and other sensitive administrative actions. Secrets: provider tokens, sandbox service keys, platform keys, service-role keys, database passwords, and raw x-vercel-ja4-digest are server-only and never included in public artifacts. Trust: Web sandbox exploration, public-safe sandbox creation, bounded command execution, public-safe template discovery, browser-based Sandbox operations, local non-sensitive sandbox draft persistence, trusted-domain discovery, standard route compliance, Vercel metadata capture, trace-linked sandbox execution, and MCP/API test discovery are intentionally supported for public debugging and operator workflows. Global policy changes, provider credential changes, unbounded compute, raw audit export, destructive provider actions outside the user/session sandbox, registry mutation, deployment mutation, and sensitive administrative actions require PLATPHORM_API_KEY. ## Endpoint Inventory - GET /api/sandbox/status - GET /api/sandbox/provider-status - GET /api/sandbox/database-status - GET /api/sandbox/templates - GET /api/sandbox/templates/{id} - GET /api/sandbox/runs - GET /api/sandbox/runs/{id} - GET /api/sandbox/runs/{id}/files - GET /api/sandbox/runs/{id}/logs - GET /api/sandbox/runs/{id}/commands - GET /api/sandbox/runs/{id}/artifacts - GET /api/sandbox/runs/{id}/validations - GET /api/sandbox/runs/{id}/handoffs - GET /api/sandbox/runs/{id}/events - POST /api/sandbox/create - POST /api/sandbox/write-files - POST /api/sandbox/exec - POST /api/sandbox/validate-artifact - POST /api/sandbox/receive-handoff - POST /api/sandbox/send-handoff - GET /api/sandbox/suite - GET /api/sandbox/evidence - GET /api/web4/status - GET /api/web4/manifest - GET /api/web4/scorecard - GET /api/web4/fingerprints - GET /api/provenance/lookup - GET /api/provenance/verify - GET /api/v1/provider/status - GET /api/v1/database/status - GET /api/v1/rate-limits - GET /api/v1/audit - GET /api/v1/sandboxes - POST /api/v1/sandboxes - GET /api/v1/sandboxes/{id} - PATCH /api/v1/sandboxes/{id} - DELETE /api/v1/sandboxes/{id} - POST /api/v1/sandboxes/{id}/stop - POST /api/v1/sandboxes/{id}/extend-timeout - POST /api/v1/sandboxes/{id}/network-policy - GET /api/v1/sandboxes/{id}/routes - GET /api/v1/named-sandboxes - POST /api/v1/named-sandboxes - GET /api/v1/named-sandboxes/{name} - PATCH /api/v1/named-sandboxes/{name} - DELETE /api/v1/named-sandboxes/{name} - POST /api/v1/named-sandboxes/{name}/resume - GET /api/v1/sessions - GET /api/v1/sessions/{id} - POST /api/v1/sessions/{id}/stop - POST /api/v1/sessions/{id}/extend-timeout - POST /api/v1/sessions/{id}/network-policy - GET /api/v1/sandboxes/{id}/commands - POST /api/v1/sandboxes/{id}/commands - GET /api/v1/commands/{commandId} - POST /api/v1/commands/{commandId}/kill - GET /api/v1/commands/{commandId}/logs - GET /api/v1/commands/{commandId}/logs/stream - POST /api/v1/sandboxes/{id}/files/read - POST /api/v1/sandboxes/{id}/files/write - POST /api/v1/sandboxes/{id}/files/mkdir - POST /api/v1/sandboxes/{id}/files/upload - POST /api/v1/sandboxes/{id}/files/download - GET /api/v1/snapshots - GET /api/v1/snapshots/{id} - POST /api/v1/sandboxes/{id}/snapshots - DELETE /api/v1/snapshots/{id} - POST /api/v1/snapshots/{id}/restore - GET /api/v1/templates - GET /api/v1/templates/{id} - POST /api/v1/templates/{id}/instantiate - GET /api/v1/lifecycle/templates - GET /api/v1/lifecycle/templates/{id} - POST /api/v1/lifecycle/run - GET /api/v1/lifecycle/runs - GET /api/v1/lifecycle/runs/{id} - POST /api/v1/lifecycle/runs/{id}/next - POST /api/v1/lifecycle/runs/{id}/send-to/{service} - GET /api/v1/lifecycle/runs/{id}/evidence - GET /api/v1/mcp/tools - GET /api/v1/mcp/tools/{name} - POST /api/v1/mcp/tools/{name}/test - POST /api/v1/mcp/tools/{name}/execute - GET /api/v1/mcp/servers - POST /api/v1/mcp/sync - POST /api/v1/json-rpc/replay - POST /api/v1/api-tests - GET /api/v1/api-tests - GET /api/v1/api-tests/{id} - POST /api/v1/api-tests/{id}/run - POST /api/v1/openapi/import - GET /api/v1/openapi/imports/{id} - POST /api/v1/openapi/imports/{id}/generate-tests - POST /api/v1/webhooks/replay - GET /api/v1/webhooks/replay/{id} - POST /api/v1/schema/validate - POST /api/v1/schema/generate-example - GET /api/v1/integrations/status - GET /api/v1/integrations/mcp - POST /api/v1/integrations/spec/validate - GET /api/v1/integrations/spec - POST /api/v1/integrations/evals/run - GET /api/v1/integrations/evals - POST /api/v1/integrations/mcp/test-tool - POST /api/v1/integrations/claws/run - GET /api/v1/integrations/browserops - POST /api/v1/integrations/browserops/run - GET /api/v1/integrations/agentui - POST /api/v1/integrations/agentui/render - GET /api/v1/integrations/phorm - POST /api/v1/integrations/phorm/prototype - GET /api/v1/integrations/fingerprint - POST /api/v1/integrations/fingerprint/check - GET /api/v1/integrations/trace - POST /api/v1/integrations/trace/span-completion - GET /api/v1/integrations/cli - POST /api/v1/integrations/cli/dry-run - GET /api/v1/integrations/json - POST /api/v1/integrations/json/validate - GET /api/v1/integrations/xml - POST /api/v1/integrations/xml/validate - GET /api/v1/integrations/markdown - POST /api/v1/integrations/markdown/validate - POST /api/v1/integrations/platphorm/validate-site - GET /api/v1/agent-policy - GET /api/v1/agent-policy/platforms - GET /api/v1/agent-policy/platforms/{id} - GET /api/v1/agent-policy/robots - GET /api/v1/agent-policy/summary - GET /api/v1/network/graph - POST /api/v1/network/graph/sync - GET /api/v1/network/sites - GET /api/v1/network/trusted-domains - GET /api/v1/network/route-compliance - GET /api/v1/network/discovery-compliance ## MCP Tools - get_sandbox_status (public read-only) - get_sandbox_provider_status (public read-only) - list_sandbox_templates (public read-only) - get_sandbox_template (public read-only) - list_public_sandbox_runs (public read-only) - get_public_sandbox_run (public read-only) - get_sandbox_run_timeline (public read-only) - list_sandbox_artifacts (public read-only) - get_public_sandbox_artifact (public read-only) - list_sandbox_integrations (public read-only) - get_sandbox_integration (public read-only) - get_sandbox_suite_registry (public read-only) - get_sandbox_web4_manifest (public read-only) - get_sandbox_web4_status (public read-only) - get_sandbox_scorecard (public read-only) - list_sandbox_fingerprints (public read-only) - lookup_sandbox_provenance (public read-only) - verify_sandbox_provenance (public read-only) - dry_run_sandbox_template (public read-only) - write_sandbox_files (protected) - exec_sandbox_command (protected) - read_sandbox_file (protected) - snapshot_sandbox (protected) - rerun_sandbox_template (protected) - validate_sandbox_artifact (protected) - send_sandbox_results_to_evals (protected) - send_sandbox_results_to_browserops (protected) - publish_sandbox_report_to_docs (protected) - send_sandbox_results_to_sheets (protected) - send_sandbox_trace_update (protected) - send_sandbox_handoff (protected) - rebuild_sandbox_fingerprints (protected) - create_sandbox_provenance (protected) - sign_sandbox_provenance (protected) - publish_sandbox_artifact_to_ipfs (protected) - get_sandbox_info (public read-only) - list_lifecycle_templates (public read-only) - get_lifecycle_template (public read-only) - start_lifecycle_run (public read-only) - get_lifecycle_run (public read-only) - advance_lifecycle_run (public read-only) - send_artifact_to_tool (public read-only) - list_sandboxes (public read-only) - create_sandbox (public read-only) - get_sandbox (public read-only) - stop_sandbox (public read-only) - extend_sandbox_timeout (public read-only) - list_named_sandboxes (public read-only) - create_named_sandbox (public read-only) - get_named_sandbox (public read-only) - list_sessions (public read-only) - get_session (public read-only) - list_commands (public read-only) - execute_command (public read-only) - get_command (public read-only) - kill_command (public read-only) - stream_command_logs (public read-only) - read_file (public read-only) - write_files (public read-only) - create_directory (public read-only) - list_snapshots (public read-only) - get_snapshot (public read-only) - create_snapshot (public read-only) - delete_snapshot (public read-only) - restore_snapshot (public read-only) - get_provider_status (public read-only) - get_database_status (public read-only) - get_rate_limits (public read-only) - validate_json (public read-only) - validate_xml (public read-only) - validate_markdown (public read-only) - validate_spec (public read-only) - run_eval (public read-only) - test_mcp_tool (public read-only) - run_browserops_check (public read-only) - render_agentui_tool (public read-only) - prototype_with_phorm (public read-only) - check_fingerprint_redaction (public read-only) - complete_trace_span (public read-only) - generate_platphormctl_command (public read-only) - get_integration_status (public read-only) - get_agent_policy (public read-only) - list_agent_platforms (public read-only) - get_agent_platform (public read-only) - evaluate_agent_access (public read-only) - get_robots_policy (public read-only) - get_ai_policy (public read-only) - get_trust_policy (public read-only) - get_discovery_manifest (public read-only) - get_public_access_summary (public read-only) - get_health (public read-only) - get_info (public read-only) - get_route_compliance (public read-only) - get_discovery_compliance (public read-only) - update_global_sandbox_policy (protected) - update_agent_policy (protected) - refresh_agent_platform_registry (protected) - create_docs_report (protected) - create_sheet_report (protected) - create_deck_summary (protected) - prune_sandbox_records (protected) - run_database_backfill (protected) ## Templates - hello-node-command: Hello Node Command (code-execution, available) -> docs, trace - hello-python-command: Hello Python Command (code-execution, degraded) -> evals - json-validator: JSON Validator (validation, available) -> json, sheets - xml-rss-validator: XML/RSS Validator (validation, available) -> xml, trace - markdown-report-builder: Markdown Report Builder (reporting, available) -> markdown, docs - mcp-tool-tester: MCP Tool Tester (mcp, available) -> mcp, evals - openapi-contract-tester: OpenAPI Contract Tester (spec, available) -> spec, evals - evals-suite-runner: Evals Suite Runner (evals, available) -> evals - browserops-journey-preflight: BrowserOps Journey Preflight (browserops, available) -> browserops - agentui-tool-renderer: AgentUI Tool Renderer (agentui, available) -> agentui, browserops - phorm-interface-prototype: Phorm Interface Prototype (phorm, degraded) -> phorm, agentui - fingerprint-redaction-check: Fingerprint Redaction Check (fingerprint, available) -> fingerprint, trace - trace-span-completion: Trace Span Completion (trace, available) -> trace - cli-harness-dry-run: CLI Harness Dry Run (cli, degraded) -> cli - opencontent-ingest-prep: OpenContent Ingest Prep (content, available) -> opencontent, docs - podcasts-feed-validation: Podcasts Feed Validation (feeds, available) -> podcasts, xml - desa-script-health-static-check: DESA Script Health Static Check (static-analysis, available) -> docs - msi-static-inspection-prep: MSI Static Inspection Prep (static-analysis, available) -> docs - calendar-kanban-remediation-flow: Calendar/Kanban Remediation Flow (workflow, protected) -> kanban, calendar - validate-json-artifact: Validate JSON Artifact (validation, available) -> json - validate-openapi-artifact: Validate OpenAPI Artifact (spec, available) -> spec, evals - validate-mcp-envelope: Validate MCP Envelope (mcp, available) -> mcp - validate-rss-or-sitemap: Validate RSS or Sitemap (feeds, available) -> xml - generate-markdown-report: Generate Markdown Report (reporting, available) -> markdown, docs - spec-to-sandbox-test: Spec to Sandbox Test (workflow, protected) -> spec, evals - sandbox-to-browserops-preview: Sandbox to BrowserOps Preview (handoff, available) -> browserops - sandbox-to-evals-score: Sandbox to Evals Score (handoff, available) -> evals - sandbox-to-docs-report: Sandbox to Docs Report (handoff, available) -> docs - trace-linked-command: Trace-linked Command (trace, available) -> trace - secret-redaction-check: Secret Redaction Check (security, available) -> fingerprint - fingerprint-public-artifact: Fingerprint Public Artifact (web4, available) -> fingerprint - platphormctl-smoke-test: platphormctl Smoke Test (cli, available) -> platphormctl - llms-discovery-validation: LLMS Discovery Validation (discovery, available) -> mcp - web4-manifest-validation: Web4 Manifest Validation (web4, available) -> trace ## Web4 Evidence - /.well-known/web4.json: public Web4 manifest for Sandbox bounded execution. - /asyncapi.yaml: lifecycle, command, artifact, validation, and handoff event contract. - /api/web4/fingerprints: privacy-classified public artifact fingerprints only. - /api/provenance/lookup and /api/provenance/verify: public provenance lookup and verification for known public artifacts.