---
id: capability.execution.sandbox-provision
name: Sandbox Provisioning
summary: Isolated execution environments for agentic development, e2e testing, and bounded automations — profile-based provision, TTL teardown, and State Hub lifecycle registration.
owner: sand-boxer
status: draft
domain: infotech
tags: [sandbox, isolation, provision, e2e, agentic, execution, profile]

maturity:
  discovery:
    current: D5
    target: D6
    confidence: high
    rationale: >
      Charter (INTENT.md), meta-framework spec, extension SDK, integration docs,
      and research synthesis. Capability indexed in registry/.
  availability:
    current: A4
    target: A5
    confidence: high
    rationale: >
      CLI v0 (create/destroy/snapshot/TTL), HTTP API, CoulombCore remote smoke.
      SaaS stub + routing + credits shipped (SAND-WP-0006).

external_evidence:
  completeness:
    level: C4
    name: Substantial
    confidence: high
    basis: scope_vs_intent_and_consumer_expectations
    satisfied_expectations:
      - profile-based create/destroy/snapshot/restore via CLI
      - TTL extend and expire/reap (SAND-WP-0009)
      - State Hub lifecycle events on transitions
      - wise-validator and the-custodian migration arc complete
      - extension SDK with compose-ssh, vm-packer attach, saas-stub
    broken_expectations:
      - Real E2B/Modal adapters not yet built
      - sandboxer01 dedicated host not live (CoulombCore interim)
    out_of_scope_expectations:
      - agent harness and tool orchestration (glas-harness)
      - e2e test semantics (wise-validator)

consumption_modes:
  - CLI (sandboxer)
  - core library (Python)
  - HTTP API (uvicorn sandboxer.api.app:app)