Sandcastle — isolated microVMs

Sandcastle is Vero’s execution environment for untrusted agent workloads: isolated microVMs with ~125 ms cold boot, per-agent isolation, boot-time secret injection, and an MCP server on :3000. Disposable by default.

Images

  • base — minimal Linux, filesystem tools, network access. For simple compute.
  • browserbase — base + headless Chromium, screenshot, a11y tree, JS exec. For web agents.
  • dev-machine — browserbase + full dev environment, package managers, build tools, LiveKit audio. For complex autonomous agents.

Create

typescript
const vm = await veroai.sandcastle.create({
  image:   "dev-machine",
  agentId: "researcher-01",
  secrets: {
    ANTHROPIC_API_KEY: process.env.ANTHROPIC_API_KEY!,
    SERPAPI_KEY:       process.env.SERPAPI_KEY!,
  },
  env:        { LOG_LEVEL: "info" },
  vcpus:      2,
  memoryMb:   512,
  idleTtl:    300,         // auto-terminate after 5 min idle
  maxLifetime: 60 * 60,    // hard cap 1 h
});

console.log(vm.id, vm.mcpEndpoint, vm.apiEndpoint);
// vm resolves ~125 ms after this call.

Secrets are injected at boot via the MMDS metadata service — they never hit disk and aren’t visible to env dumps inside the VM unless you read them through MMDS explicitly.

Exec (one-shot shell)

typescript
const r = await veroai.sandcastle.exec(vm.id, {
  command: "pip install requests && python3 scrape.py",
  cwd:     "/workspace",
  timeout: 30_000,
});

if (r.exitCode !== 0) {
  console.error(r.stderr);
}
console.log(r.stdout);

List, get, destroy

typescript
const { vms } = await veroai.sandcastle.list({ status: "running" });
const snap     = await veroai.sandcastle.get(vm.id);
await veroai.sandcastle.destroy(vm.id);

Framework-agnostic

Sandcastle is not Vero-exclusive. Any MCP-compatible agent framework (CrewAI, LangGraph, AutoGen, your own) can point at vm.mcpEndpoint and use the bundled tools (filesystem, browser, code exec, screenshots, a11y tree, network).

typescript
// Example: Claude Code / MCP client
await mcpClient.connect(vm.mcpEndpoint);
const tools = await mcpClient.listTools(); // 12 built-in tools

Lifecycle

  • provisioning — slot allocated, image loading
  • booting — microVM process started, kernel loading
  • running — MCP + REST accepting requests
  • stopping — shutdown in progress
  • stopped — terminal, disk discarded
  • error — boot or runtime failure (see SSH logs via support)