# PlatPhorm Sandbox

Purpose: canonical public-safe isolated execution lab, lifecycle workspace, MCP tool test bench, command runner, file workspace, API/spec validator, BrowserOps companion, AgentUI/Phorm prototype runner, Fingerprint/JA4 evidence lab, Trace-linked runtime, and platphormctl developer sandbox for PlatPhormNews.

Lifecycle: choose template -> create sandbox -> write files -> run command -> stream logs -> read outputs -> validate output -> send to next tool -> capture trace -> export evidence.

Endpoints: 136
Public templates: 34
MCP tools: 102
MCP resources: 35
MCP prompts: 15

Public no-auth: dry-run previews, browser-local draft planning, deterministic template inspection, JSON/XML/spec validation, public docs, health, route/discovery summaries, llms/OpenAPI/RSS/sitemap/well-known, and MCP introspection.
Dry-run policy: public dry-runs validate template files, commands, provider availability, auth requirements, network policy, intended artifacts, and handoffs without creating a provider sandbox or running remote commands.
Request access policy: public dry-runs show intended scopes; real API key issuance requires PLATPHORM_API_KEY and may use the server-side protected key only for same-origin operator UI requests.
Handoff model: Sandbox prepares public-safe evidence packets for the next PlatPhorm tool and reports planned, preview_ready, degraded, or protected_required unless a downstream service confirms receipt.
Web4 status: /.well-known/web4.json, /api/web4/status, /api/web4/scorecard, /api/web4/fingerprints, and /.well-known/provenance.json expose provenance-ready public facts without publishing private fingerprints.
Protected/admin: Authorization: Bearer $PLATPHORM_API_KEY or X-PlatPhorm-API-Key: $PLATPHORM_API_KEY for provider-backed sandbox creation, provider command execution, provider file writes, snapshots, API key issuance, global policy changes, registry mutation, deployment mutation, and other sensitive administrative actions.
Secrets: provider tokens, sandbox service keys, platform keys, service-role keys, database passwords, and raw x-vercel-ja4-digest are server-only and never included in public artifacts.

Trust: Web sandbox exploration, public-safe dry-run planning, public-safe template discovery, browser-based local drafts, validation, trusted-domain discovery, standard route compliance, Vercel metadata capture, trace-linked public evidence, and MCP/API test discovery are intentionally supported for public read-only debugging and operator workflows. Provider-backed sandbox creation, command execution, file reads and writes, snapshots, publishing, global policy changes, provider credential changes, unbounded compute, raw audit export, registry mutation, deployment mutation, and sensitive administrative actions require PLATPHORM_API_KEY.