<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/">
  <channel>
    <title>DEV Community: JerryLin</title>
    <description>The latest articles on DEV Community by JerryLin (@jerrylin_0101).</description>
    <link>https://dev.to/jerrylin_0101</link>
    <image>
      <url>https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3906477%2Fa0f78e14-f8f3-429e-9aa7-9a2d817d494f.png</url>
      <title>DEV Community: JerryLin</title>
      <link>https://dev.to/jerrylin_0101</link>
    </image>
    <atom:link rel="self" type="application/rss+xml" href="https://dev.to/feed/jerrylin_0101"/>
    <language>en</language>
    <item>
      <title>Cube Sandbox v0.3.0: A Time Machine and a Cloning Booth for Your AI Agents</title>
      <dc:creator>JerryLin</dc:creator>
      <pubDate>Mon, 08 Jun 2026 16:07:28 +0000</pubDate>
      <link>https://dev.to/jerrylin_0101/cube-sandbox-v030-a-time-machine-and-a-cloning-booth-for-your-ai-agents-abf</link>
      <guid>https://dev.to/jerrylin_0101/cube-sandbox-v030-a-time-machine-and-a-cloning-booth-for-your-ai-agents-abf</guid>
      <description>&lt;p&gt;In modern AI Agent stacks, the sandbox plays the role of a "secure runtime" — it is what actually executes the code and tool calls produced by the model. Cube Sandbox just shipped v0.3.0. Beyond the 82 commits from 22 contributors, this release is a foundational architecture upgrade targeted squarely at the pain points AI Agents hit at scale: runtime reuse and fault isolation under high concurrency, long task chains, and reinforcement-learning workloads.&lt;/p&gt;

&lt;h2&gt;
  
  
  1. Foundations: a more complete AI Infra story
&lt;/h2&gt;

&lt;p&gt;Before diving into the headline snapshot work, here is what changed at the foundation. v0.3.0 iterates on three axes:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;&lt;p&gt;&lt;strong&gt;Engine internals (cubecow + incremental memory)&lt;/strong&gt;: a new copy-on-write (CoW) snapshot engine — &lt;code&gt;cubecow&lt;/code&gt; — purpose-built for sandbox volumes; on the memory side, an incremental memory snapshot built on the Linux kernel's &lt;code&gt;soft-dirty&lt;/code&gt; bitmap. In back-to-back snapshot scenarios, the system no longer has to flush full memory; it only persists the dirty pages produced since the last snapshot. As a result, both snapshot creation and restoration drop into the millisecond range per sandbox.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;&lt;strong&gt;Developer ecosystem (Go SDK + WebUI)&lt;/strong&gt;: following the Python SDK, Go developers now get a native SDK that fully covers the sandbox and template lifecycle. For ops and management workflows, a built-in web console is now live, surfacing per-node resource load and per-sandbox runtime state at a glance.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;&lt;strong&gt;Deploy &amp;amp; ops&lt;/strong&gt;: the one-click installer has migrated to systemd + Docker Compose, with built-in pre-flight and diagnostic scripts (cgroup v2, etc.) that significantly improve out-of-the-box compatibility across cloud providers.&lt;/p&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Among these foundational updates, the one that deserves the most attention is the snapshot / rollback / clone system around the sandbox's core state.&lt;/p&gt;

&lt;h2&gt;
  
  
  2. Snapshot / Clone / Rollback: a time machine for your Agent
&lt;/h2&gt;

&lt;p&gt;This release introduces three SDK primitives — &lt;code&gt;snapshot&lt;/code&gt;, &lt;code&gt;clone&lt;/code&gt;, and &lt;code&gt;rollback&lt;/code&gt; — that together form a complete state-management story for sandboxes.&lt;/p&gt;

&lt;h3&gt;
  
  
  2.1 What each primitive does
&lt;/h3&gt;

&lt;p&gt;&lt;strong&gt;&lt;code&gt;snapshot&lt;/code&gt; — freeze the current state&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Dump the running sandbox's memory, runtime state, and disk to persistent storage as a standalone snapshot file. The snapshot's lifecycle is decoupled from the source sandbox: the snapshot survives the source's destruction, and the snapshot ID can itself act as a template for spinning up new sandboxes in bulk.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;&lt;code&gt;clone&lt;/code&gt; — fan one sandbox out into N&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;A single call derives N fully independent replicas from a running source sandbox. The key properties:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Inheritance&lt;/strong&gt;: each replica starts from a state identical to the source — memory, files, connections.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Isolation&lt;/strong&gt;: replicas are physically isolated from each other.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Continuity&lt;/strong&gt;: the source sandbox is unaffected and keeps running.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;The interface ships with a &lt;code&gt;concurrency=C&lt;/code&gt; knob and an "abort-and-clean-up on any failure" policy, so large fan-outs never leave orphan sandboxes behind.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;&lt;code&gt;rollback&lt;/code&gt; — go back to a moment in one line&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;A sandbox can be restored in place to a previous snapshot's state — both memory and filesystem fully reverted. After rollback, the &lt;code&gt;sandbox_id&lt;/code&gt; and the sandbox object stay the same; no reconnection or reconstruction needed.&lt;/p&gt;

&lt;h3&gt;
  
  
  2.2 Why Agents really need these
&lt;/h3&gt;

&lt;p&gt;In a classic web service, a container is largely stateless: spin up, serve, throw away. AI Agents do not work that way — they are &lt;em&gt;cultivated&lt;/em&gt;. Two recurring pain points fall out of that:&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;First: how do you replicate a sandbox you have already "trained up"?&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;When you need to run more tasks in parallel, or onboard a new teammate, replaying the setup script from scratch is both slow and unable to faithfully reproduce in-memory context, loaded model weights, or warm caches. With &lt;code&gt;snapshot + clone&lt;/code&gt;, "thirty minutes × N" becomes "milliseconds × N", and every replica is a fully primed Agent environment.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fg09audj6nrg2ztyptktq.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fg09audj6nrg2ztyptktq.png" alt=" " width="800" height="238"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Second: what happens when the environment gets wrecked?&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Agents make mistakes — wrong dependencies, deleted files, infinite loops. The traditional answer is "kill the container, rebuild from the image, re-run pip install" — a few minutes lost. &lt;code&gt;rollback&lt;/code&gt; collapses recovery from minutes to a few hundred milliseconds, with the same &lt;code&gt;sandbox_id&lt;/code&gt;, so the Agent simply keeps going.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ft78wx8ccqn4denuati1i.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ft78wx8ccqn4denuati1i.png" alt=" " width="800" height="235"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h3&gt;
  
  
  2.3 Four real-world scenarios these primitives unlock
&lt;/h3&gt;

&lt;p&gt;&lt;strong&gt;1) Agentic RL training / SWE-Bench evaluation&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Pain&lt;/strong&gt;: you need a large number of independent runs from the same baseline, and every experiment must be reproducible.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Cube approach&lt;/strong&gt;:
&lt;/li&gt;
&lt;/ul&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight python"&gt;&lt;code&gt;  &lt;span class="c1"&gt;# Prepare the baseline environment
&lt;/span&gt;  &lt;span class="n"&gt;base&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="n"&gt;Sandbox&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;create&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;template&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="n"&gt;TEMPLATE_ID&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
  &lt;span class="n"&gt;base&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;run_code&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;# Install deps, download dataset ...&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
  &lt;span class="n"&gt;snap&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="n"&gt;base&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;create_snapshot&lt;/span&gt;&lt;span class="p"&gt;()&lt;/span&gt;

  &lt;span class="c1"&gt;# Fan out 100 independent instances in parallel
&lt;/span&gt;  &lt;span class="n"&gt;clones&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="n"&gt;Sandbox&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;create&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;template&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="n"&gt;snap&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="n"&gt;snapshot_id&lt;/span&gt;&lt;span class="p"&gt;).&lt;/span&gt;&lt;span class="nf"&gt;clone&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;n&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="mi"&gt;100&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;concurrency&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="mi"&gt;10&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Value&lt;/strong&gt;: the baseline is built once; every subsequent expansion is a millisecond-grade clone.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;strong&gt;2) Parallel multi-strategy exploration&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Pain&lt;/strong&gt;: you want to try several solution paths against the same problem at the same time.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Cube approach&lt;/strong&gt;: use &lt;code&gt;clone(n=N)&lt;/code&gt; to fork the current state into N isolated sandboxes, run each strategy independently, then aggregate.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Value&lt;/strong&gt;: linear scaling of exploration throughput, with strict experimental parity across runs.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;strong&gt;3) Agent trial-and-retry loops&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Pain&lt;/strong&gt;: when one step fails mid-execution, the classic remedy is to kill the sandbox and start over.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Cube approach&lt;/strong&gt;:
&lt;/li&gt;
&lt;/ul&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight python"&gt;&lt;code&gt;  &lt;span class="n"&gt;checkpoint&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="n"&gt;sb&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;create_snapshot&lt;/span&gt;&lt;span class="p"&gt;()&lt;/span&gt;
  &lt;span class="n"&gt;sb&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;run_code&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;# Try approach A ...&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
  &lt;span class="k"&gt;if&lt;/span&gt; &lt;span class="n"&gt;failed&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;
      &lt;span class="n"&gt;sb&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;rollback&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;checkpoint&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="n"&gt;snapshot_id&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;   &lt;span class="c1"&gt;# Back to the moment before A
&lt;/span&gt;      &lt;span class="n"&gt;sb&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;run_code&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;# Retry with a different approach ...&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Value&lt;/strong&gt;: no environment rebuild — saves time and resources, and maps naturally onto the Agent's trial-and-error pattern.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;strong&gt;4) Long-lived environment reuse&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Pain&lt;/strong&gt;: you have configured a complex dev environment (lots of dependencies) and don't want to set it up again every time.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Cube approach&lt;/strong&gt;: take a snapshot once; create every future sandbox from that snapshot.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Value&lt;/strong&gt;: cold start + environment init collapse into a single step.&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  3. How snapshots actually work under the hood
&lt;/h2&gt;

&lt;p&gt;In traditional virtualization, snapshots are a heavy ops operation. Cube Sandbox's snapshot system uses &lt;code&gt;reflink&lt;/code&gt; end-to-end at the storage layer, paired with copy-on-write (CoW) semantics, to deliver efficient snapshot creation and cloning.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5gzmolkc6uphhb7o98bz.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5gzmolkc6uphhb7o98bz.png" alt=" " width="800" height="375"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;&lt;p&gt;&lt;strong&gt;Storage model&lt;/strong&gt;: while a sandbox is running, its disk data is mounted in CoW mode, and its memory is similarly &lt;code&gt;mmap&lt;/code&gt;'d from the snapshot file in CoW mode. Once a sandbox boots, all read-only memory pages map directly to the underlying snapshot file — multiple sandbox instances share one physical copy of the data with no duplication.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;&lt;strong&gt;Taking a snapshot&lt;/strong&gt;: when a new snapshot is taken for a running sandbox, the system writes only the dirty pages produced since the last snapshot into a new snapshot file — no full serialization, no full write-out. Since dirty pages are typically an order of magnitude smaller than total memory, snapshot I/O cost drops dramatically and end-to-end latency falls.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;&lt;strong&gt;Booting from a snapshot&lt;/strong&gt;: when creating a new sandbox from an existing snapshot, &lt;code&gt;reflink&lt;/code&gt; lets the new instance reference the snapshot's metadata blocks directly — a true "logical copy" with no full data duplication. Filesystem-level reflink is roughly O(1), which makes cold-starting a sandbox from a snapshot extremely fast.&lt;/p&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;On top of this storage primitive, the SDK wraps &lt;code&gt;clone&lt;/code&gt; and &lt;code&gt;rollback&lt;/code&gt; as simple, single-line operations:&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhn44yvqgmn5kydsv46rl.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhn44yvqgmn5kydsv46rl.png" alt=" " width="799" height="350"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  4. In practice: using snapshot and rollback
&lt;/h2&gt;

&lt;h3&gt;
  
  
  Scenario 1: error isolation and in-place rollback
&lt;/h3&gt;

&lt;p&gt;Drop a checkpoint at any meaningful moment in the sandbox's lifecycle. No matter how badly the environment is later mangled, a single &lt;code&gt;sb.rollback(checkpoint_id)&lt;/code&gt; restores it to that moment — and crucially, the &lt;code&gt;sandbox_id&lt;/code&gt; and the sandbox object stay the same, so you can keep using them:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight python"&gt;&lt;code&gt;&lt;span class="kn"&gt;from&lt;/span&gt; &lt;span class="n"&gt;cubesandbox&lt;/span&gt; &lt;span class="kn"&gt;import&lt;/span&gt; &lt;span class="n"&gt;Sandbox&lt;/span&gt;
&lt;span class="kn"&gt;from&lt;/span&gt; &lt;span class="n"&gt;env&lt;/span&gt; &lt;span class="kn"&gt;import&lt;/span&gt; &lt;span class="n"&gt;TEMPLATE_ID&lt;/span&gt;

&lt;span class="c1"&gt;# Step 1: take a base snapshot in the v0 state
&lt;/span&gt;&lt;span class="k"&gt;with&lt;/span&gt; &lt;span class="n"&gt;Sandbox&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;create&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;template&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="n"&gt;TEMPLATE_ID&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="k"&gt;as&lt;/span&gt; &lt;span class="n"&gt;src&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;
    &lt;span class="n"&gt;src&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;run_code&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;open(&lt;/span&gt;&lt;span class="sh"&gt;'&lt;/span&gt;&lt;span class="s"&gt;/tmp/v.txt&lt;/span&gt;&lt;span class="sh"&gt;'&lt;/span&gt;&lt;span class="s"&gt;, &lt;/span&gt;&lt;span class="sh"&gt;'&lt;/span&gt;&lt;span class="s"&gt;w&lt;/span&gt;&lt;span class="sh"&gt;'&lt;/span&gt;&lt;span class="s"&gt;).write(&lt;/span&gt;&lt;span class="sh"&gt;'&lt;/span&gt;&lt;span class="s"&gt;v0&lt;/span&gt;&lt;span class="sh"&gt;'&lt;/span&gt;&lt;span class="s"&gt;)&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
    &lt;span class="n"&gt;base&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="n"&gt;src&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;create_snapshot&lt;/span&gt;&lt;span class="p"&gt;()&lt;/span&gt;
    &lt;span class="n"&gt;base_id&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="n"&gt;base&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="n"&gt;snapshot_id&lt;/span&gt;
    &lt;span class="nf"&gt;print&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="sa"&gt;f&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;base snapshot (v0): &lt;/span&gt;&lt;span class="si"&gt;{&lt;/span&gt;&lt;span class="n"&gt;base_id&lt;/span&gt;&lt;span class="si"&gt;}&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;

&lt;span class="c1"&gt;# Step 2: spin up a new sandbox from the base snapshot
&lt;/span&gt;&lt;span class="n"&gt;sb&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="n"&gt;Sandbox&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;create&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;template&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="n"&gt;base_id&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
&lt;span class="nf"&gt;print&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="sa"&gt;f&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;derived sandbox: &lt;/span&gt;&lt;span class="si"&gt;{&lt;/span&gt;&lt;span class="n"&gt;sb&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="n"&gt;sandbox_id&lt;/span&gt;&lt;span class="si"&gt;}&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;

&lt;span class="c1"&gt;# Step 3: write v1 and drop a checkpoint
&lt;/span&gt;&lt;span class="n"&gt;sb&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;run_code&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;open(&lt;/span&gt;&lt;span class="sh"&gt;'&lt;/span&gt;&lt;span class="s"&gt;/tmp/v.txt&lt;/span&gt;&lt;span class="sh"&gt;'&lt;/span&gt;&lt;span class="s"&gt;, &lt;/span&gt;&lt;span class="sh"&gt;'&lt;/span&gt;&lt;span class="s"&gt;w&lt;/span&gt;&lt;span class="sh"&gt;'&lt;/span&gt;&lt;span class="s"&gt;).write(&lt;/span&gt;&lt;span class="sh"&gt;'&lt;/span&gt;&lt;span class="s"&gt;v1&lt;/span&gt;&lt;span class="sh"&gt;'&lt;/span&gt;&lt;span class="s"&gt;)&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
&lt;span class="n"&gt;checkpoint&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="n"&gt;sb&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;create_snapshot&lt;/span&gt;&lt;span class="p"&gt;()&lt;/span&gt;
&lt;span class="n"&gt;checkpoint_id&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="n"&gt;checkpoint&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="n"&gt;snapshot_id&lt;/span&gt;
&lt;span class="nf"&gt;print&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="sa"&gt;f&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;checkpoint (v1): &lt;/span&gt;&lt;span class="si"&gt;{&lt;/span&gt;&lt;span class="n"&gt;checkpoint_id&lt;/span&gt;&lt;span class="si"&gt;}&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;

&lt;span class="c1"&gt;# Step 4: write v2 and confirm it landed
&lt;/span&gt;&lt;span class="n"&gt;sb&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;run_code&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;open(&lt;/span&gt;&lt;span class="sh"&gt;'&lt;/span&gt;&lt;span class="s"&gt;/tmp/v.txt&lt;/span&gt;&lt;span class="sh"&gt;'&lt;/span&gt;&lt;span class="s"&gt;, &lt;/span&gt;&lt;span class="sh"&gt;'&lt;/span&gt;&lt;span class="s"&gt;w&lt;/span&gt;&lt;span class="sh"&gt;'&lt;/span&gt;&lt;span class="s"&gt;).write(&lt;/span&gt;&lt;span class="sh"&gt;'&lt;/span&gt;&lt;span class="s"&gt;v2&lt;/span&gt;&lt;span class="sh"&gt;'&lt;/span&gt;&lt;span class="s"&gt;)&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
&lt;span class="n"&gt;before&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="n"&gt;sb&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;run_code&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;print(open(&lt;/span&gt;&lt;span class="sh"&gt;'&lt;/span&gt;&lt;span class="s"&gt;/tmp/v.txt&lt;/span&gt;&lt;span class="sh"&gt;'&lt;/span&gt;&lt;span class="s"&gt;).read())&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;).&lt;/span&gt;&lt;span class="n"&gt;logs&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="n"&gt;stdout&lt;/span&gt;
&lt;span class="n"&gt;before&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="n"&gt;before&lt;/span&gt;&lt;span class="p"&gt;[&lt;/span&gt;&lt;span class="mi"&gt;0&lt;/span&gt;&lt;span class="p"&gt;].&lt;/span&gt;&lt;span class="nf"&gt;strip&lt;/span&gt;&lt;span class="p"&gt;()&lt;/span&gt; &lt;span class="k"&gt;if&lt;/span&gt; &lt;span class="n"&gt;before&lt;/span&gt; &lt;span class="k"&gt;else&lt;/span&gt; &lt;span class="sh"&gt;""&lt;/span&gt;
&lt;span class="nf"&gt;print&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="sa"&gt;f&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;before rollback: &lt;/span&gt;&lt;span class="si"&gt;{&lt;/span&gt;&lt;span class="n"&gt;before&lt;/span&gt;&lt;span class="si"&gt;!r}&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
&lt;span class="k"&gt;assert&lt;/span&gt; &lt;span class="n"&gt;before&lt;/span&gt; &lt;span class="o"&gt;==&lt;/span&gt; &lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;v2&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;

&lt;span class="c1"&gt;# Step 5: roll back to the v1 checkpoint
&lt;/span&gt;&lt;span class="n"&gt;sb&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;rollback&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;checkpoint_id&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
&lt;span class="nf"&gt;print&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="sa"&gt;f&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;rolled back to checkpoint &lt;/span&gt;&lt;span class="si"&gt;{&lt;/span&gt;&lt;span class="n"&gt;checkpoint_id&lt;/span&gt;&lt;span class="si"&gt;}&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;

&lt;span class="c1"&gt;# Step 6: verify state is restored to v1 (sandbox_id unchanged)
&lt;/span&gt;&lt;span class="n"&gt;after&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="n"&gt;sb&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;run_code&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;print(open(&lt;/span&gt;&lt;span class="sh"&gt;'&lt;/span&gt;&lt;span class="s"&gt;/tmp/v.txt&lt;/span&gt;&lt;span class="sh"&gt;'&lt;/span&gt;&lt;span class="s"&gt;).read())&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;).&lt;/span&gt;&lt;span class="n"&gt;logs&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="n"&gt;stdout&lt;/span&gt;
&lt;span class="n"&gt;after&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="n"&gt;after&lt;/span&gt;&lt;span class="p"&gt;[&lt;/span&gt;&lt;span class="mi"&gt;0&lt;/span&gt;&lt;span class="p"&gt;].&lt;/span&gt;&lt;span class="nf"&gt;strip&lt;/span&gt;&lt;span class="p"&gt;()&lt;/span&gt; &lt;span class="k"&gt;if&lt;/span&gt; &lt;span class="n"&gt;after&lt;/span&gt; &lt;span class="k"&gt;else&lt;/span&gt; &lt;span class="sh"&gt;""&lt;/span&gt;
&lt;span class="nf"&gt;print&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="sa"&gt;f&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;after rollback: &lt;/span&gt;&lt;span class="si"&gt;{&lt;/span&gt;&lt;span class="n"&gt;after&lt;/span&gt;&lt;span class="si"&gt;!r}&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
&lt;span class="k"&gt;assert&lt;/span&gt; &lt;span class="n"&gt;after&lt;/span&gt; &lt;span class="o"&gt;==&lt;/span&gt; &lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;v1&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="sa"&gt;f&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;expected &lt;/span&gt;&lt;span class="sh"&gt;'&lt;/span&gt;&lt;span class="s"&gt;v1&lt;/span&gt;&lt;span class="sh"&gt;'&lt;/span&gt;&lt;span class="s"&gt;, got &lt;/span&gt;&lt;span class="si"&gt;{&lt;/span&gt;&lt;span class="n"&gt;after&lt;/span&gt;&lt;span class="si"&gt;!r}&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;
&lt;span class="nf"&gt;print&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;OK: rollback restored state to checkpoint (v1)&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;

&lt;span class="c1"&gt;# Cleanup
&lt;/span&gt;&lt;span class="n"&gt;sb&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;kill&lt;/span&gt;&lt;span class="p"&gt;()&lt;/span&gt;
&lt;span class="n"&gt;Sandbox&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;delete_snapshot&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;checkpoint_id&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
&lt;span class="n"&gt;Sandbox&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;delete_snapshot&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;base_id&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
&lt;span class="nf"&gt;print&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;snapshots deleted&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h3&gt;
  
  
  Scenario 2: parallel exploration via efficient cloning
&lt;/h3&gt;

&lt;p&gt;In reinforcement learning or multi-path decision making, &lt;code&gt;clone&lt;/code&gt; can derive many environments from a single source sandbox in one call — each replica is physically isolated yet inherits the source's full runtime state. The example below clones N replicas and then verifies each one inherited a marker file written into the source:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight python"&gt;&lt;code&gt;&lt;span class="kn"&gt;import&lt;/span&gt; &lt;span class="n"&gt;os&lt;/span&gt;
&lt;span class="kn"&gt;from&lt;/span&gt; &lt;span class="n"&gt;cubesandbox&lt;/span&gt; &lt;span class="kn"&gt;import&lt;/span&gt; &lt;span class="n"&gt;Sandbox&lt;/span&gt;
&lt;span class="kn"&gt;from&lt;/span&gt; &lt;span class="n"&gt;env&lt;/span&gt; &lt;span class="kn"&gt;import&lt;/span&gt; &lt;span class="n"&gt;TEMPLATE_ID&lt;/span&gt;

&lt;span class="n"&gt;N&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="nf"&gt;int&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;os&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="n"&gt;environ&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;get&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;FORK_N&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;10&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;))&lt;/span&gt;
&lt;span class="n"&gt;CONCURRENCY&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="nf"&gt;int&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;os&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="n"&gt;environ&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;get&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;FORK_CONCURRENCY&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;5&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;))&lt;/span&gt;

&lt;span class="n"&gt;src&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="n"&gt;Sandbox&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;create&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;template&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="n"&gt;TEMPLATE_ID&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
&lt;span class="n"&gt;src&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;run_code&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;open(&lt;/span&gt;&lt;span class="sh"&gt;'&lt;/span&gt;&lt;span class="s"&gt;/tmp/origin.txt&lt;/span&gt;&lt;span class="sh"&gt;'&lt;/span&gt;&lt;span class="s"&gt;, &lt;/span&gt;&lt;span class="sh"&gt;'&lt;/span&gt;&lt;span class="s"&gt;w&lt;/span&gt;&lt;span class="sh"&gt;'&lt;/span&gt;&lt;span class="s"&gt;).write(&lt;/span&gt;&lt;span class="sh"&gt;'&lt;/span&gt;&lt;span class="s"&gt;I am from sandbox a&lt;/span&gt;&lt;span class="sh"&gt;'&lt;/span&gt;&lt;span class="s"&gt;)&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
&lt;span class="nf"&gt;print&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="sa"&gt;f&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;src sandbox: &lt;/span&gt;&lt;span class="si"&gt;{&lt;/span&gt;&lt;span class="n"&gt;src&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="n"&gt;sandbox_id&lt;/span&gt;&lt;span class="si"&gt;}&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;

&lt;span class="c1"&gt;# ★ Concurrent clone — the SDK fan-outs Sandbox.create internally
&lt;/span&gt;&lt;span class="n"&gt;clones&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="n"&gt;src&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;clone&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;n&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="n"&gt;N&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;concurrency&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="n"&gt;CONCURRENCY&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
&lt;span class="nf"&gt;print&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="sa"&gt;f&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;cloned &lt;/span&gt;&lt;span class="si"&gt;{&lt;/span&gt;&lt;span class="nf"&gt;len&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;clones&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;&lt;span class="si"&gt;}&lt;/span&gt;&lt;span class="s"&gt; sandboxes (concurrency=&lt;/span&gt;&lt;span class="si"&gt;{&lt;/span&gt;&lt;span class="n"&gt;CONCURRENCY&lt;/span&gt;&lt;span class="si"&gt;}&lt;/span&gt;&lt;span class="s"&gt;)&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;

&lt;span class="c1"&gt;# Verify every clone inherited the source's state marker
&lt;/span&gt;&lt;span class="n"&gt;expect&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;I am from sandbox a&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;
&lt;span class="n"&gt;ok&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="mi"&gt;0&lt;/span&gt;
&lt;span class="k"&gt;for&lt;/span&gt; &lt;span class="n"&gt;i&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;sb&lt;/span&gt; &lt;span class="ow"&gt;in&lt;/span&gt; &lt;span class="nf"&gt;enumerate&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;clones&lt;/span&gt;&lt;span class="p"&gt;):&lt;/span&gt;
    &lt;span class="n"&gt;r&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="n"&gt;sb&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;run_code&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;print(open(&lt;/span&gt;&lt;span class="sh"&gt;'&lt;/span&gt;&lt;span class="s"&gt;/tmp/origin.txt&lt;/span&gt;&lt;span class="sh"&gt;'&lt;/span&gt;&lt;span class="s"&gt;).read())&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
    &lt;span class="n"&gt;marker&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="n"&gt;r&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="n"&gt;logs&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="n"&gt;stdout&lt;/span&gt;&lt;span class="p"&gt;[&lt;/span&gt;&lt;span class="mi"&gt;0&lt;/span&gt;&lt;span class="p"&gt;].&lt;/span&gt;&lt;span class="nf"&gt;strip&lt;/span&gt;&lt;span class="p"&gt;()&lt;/span&gt; &lt;span class="k"&gt;if&lt;/span&gt; &lt;span class="n"&gt;r&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="n"&gt;logs&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="n"&gt;stdout&lt;/span&gt; &lt;span class="k"&gt;else&lt;/span&gt; &lt;span class="sh"&gt;""&lt;/span&gt;
    &lt;span class="k"&gt;if&lt;/span&gt; &lt;span class="n"&gt;marker&lt;/span&gt; &lt;span class="o"&gt;==&lt;/span&gt; &lt;span class="n"&gt;expect&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;
        &lt;span class="n"&gt;ok&lt;/span&gt; &lt;span class="o"&gt;+=&lt;/span&gt; &lt;span class="mi"&gt;1&lt;/span&gt;
    &lt;span class="nf"&gt;print&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="sa"&gt;f&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;  clone[&lt;/span&gt;&lt;span class="si"&gt;{&lt;/span&gt;&lt;span class="n"&gt;i&lt;/span&gt;&lt;span class="si"&gt;:&lt;/span&gt;&lt;span class="o"&gt;&amp;gt;&lt;/span&gt;&lt;span class="mi"&gt;2&lt;/span&gt;&lt;span class="si"&gt;}&lt;/span&gt;&lt;span class="s"&gt;] &lt;/span&gt;&lt;span class="si"&gt;{&lt;/span&gt;&lt;span class="n"&gt;sb&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="n"&gt;sandbox_id&lt;/span&gt;&lt;span class="si"&gt;}&lt;/span&gt;&lt;span class="s"&gt; marker=&lt;/span&gt;&lt;span class="si"&gt;{&lt;/span&gt;&lt;span class="n"&gt;marker&lt;/span&gt;&lt;span class="si"&gt;!r}&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;

&lt;span class="nf"&gt;print&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="sa"&gt;f&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="se"&gt;\n&lt;/span&gt;&lt;span class="si"&gt;{&lt;/span&gt;&lt;span class="n"&gt;ok&lt;/span&gt;&lt;span class="si"&gt;}&lt;/span&gt;&lt;span class="s"&gt;/&lt;/span&gt;&lt;span class="si"&gt;{&lt;/span&gt;&lt;span class="n"&gt;N&lt;/span&gt;&lt;span class="si"&gt;}&lt;/span&gt;&lt;span class="s"&gt; clones inherited the origin marker&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
&lt;span class="k"&gt;assert&lt;/span&gt; &lt;span class="n"&gt;ok&lt;/span&gt; &lt;span class="o"&gt;==&lt;/span&gt; &lt;span class="n"&gt;N&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;some clones failed to inherit state&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;

&lt;span class="c1"&gt;# Cleanup
&lt;/span&gt;&lt;span class="n"&gt;src&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;kill&lt;/span&gt;&lt;span class="p"&gt;()&lt;/span&gt;
&lt;span class="k"&gt;for&lt;/span&gt; &lt;span class="n"&gt;sb&lt;/span&gt; &lt;span class="ow"&gt;in&lt;/span&gt; &lt;span class="n"&gt;clones&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;
    &lt;span class="n"&gt;sb&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;kill&lt;/span&gt;&lt;span class="p"&gt;()&lt;/span&gt;
&lt;span class="nf"&gt;print&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;all sandboxes killed&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Cube Sandbox is deeply E2B-compatible at the protocol level, but these two primitives do not exist in E2B's native API. The Cube team bridges them at the application layer through the &lt;code&gt;cubesandbox&lt;/code&gt; SDK — meaning developers can unlock these advanced state-management primitives without touching their existing E2B-compatible code.&lt;/p&gt;

&lt;h2&gt;
  
  
  5. A web console for snapshot / clone / rollback (preview), open-sourced alongside
&lt;/h2&gt;

&lt;p&gt;In addition to the SDK-level &lt;code&gt;snapshot&lt;/code&gt; / &lt;code&gt;rollback&lt;/code&gt; / &lt;code&gt;clone&lt;/code&gt; API, this release ships an open-source preview of a Cube-Sandbox-powered OpenClaw web console. Everything new in this release is now point-and-click: a real-time snapshot timeline per sandbox, one-click rollback to any checkpoint, on-demand fan-out to multiple OpenClaw replicas, and bulk lifecycle management.&lt;/p&gt;

&lt;p&gt;What used to require scripting against the SDK — the "time machine" and the "cloning booth" — is now a few clicks in the browser.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fud66odwg5ki06fyfq9qx.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fud66odwg5ki06fyfq9qx.png" alt=" " width="798" height="178"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  Coming soon
&lt;/h2&gt;

&lt;p&gt;In the next release we will push "sandbox security" one layer further — from "isolating &lt;em&gt;where&lt;/em&gt; the Agent runs" to "controlling &lt;em&gt;what&lt;/em&gt; the Agent can touch":&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Built-in content-aware network control and audit&lt;/strong&gt;: content-aware egress access control plus full audit trails at the sandbox network boundary, so "which external API the Agent called and what data it sent out" is fully traceable and interceptable.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Credential vault&lt;/strong&gt;: API keys, database passwords, and cloud credentials managed centrally on the sandbox security side; the Agent only ever sees scoped, ephemeral credentials, keeping secrets out of the model context and out of logs.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;If you are building anything in this space, follow Cube Sandbox — and consider opening an issue or PR to build with us.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;GitHub repo&lt;/strong&gt;: &lt;a href="https://github.com/TencentCloud/CubeSandbox" rel="noopener noreferrer"&gt;https://github.com/TencentCloud/CubeSandbox&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Full release notes&lt;/strong&gt;: &lt;a href="https://github.com/TencentCloud/CubeSandbox/releases/tag/v0.3.0" rel="noopener noreferrer"&gt;https://github.com/TencentCloud/CubeSandbox/releases/tag/v0.3.0&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Snapshot technical docs&lt;/strong&gt;: &lt;a href="https://github.com/TencentCloud/CubeSandbox/blob/master/docs/guide/snapshot-rollback-clone.md" rel="noopener noreferrer"&gt;https://github.com/TencentCloud/CubeSandbox/blob/master/docs/guide/snapshot-rollback-clone.md&lt;/a&gt;
&lt;/li&gt;
&lt;/ul&gt;

</description>
    </item>
    <item>
      <title>CubeSandbox Core Operations Performance Benchmark Report (PVM Cloud Server)</title>
      <dc:creator>JerryLin</dc:creator>
      <pubDate>Mon, 08 Jun 2026 15:59:19 +0000</pubDate>
      <link>https://dev.to/jerrylin_0101/cubesandbox-core-operations-performance-benchmark-report-pvm-cloud-server-4dn8</link>
      <guid>https://dev.to/jerrylin_0101/cubesandbox-core-operations-performance-benchmark-report-pvm-cloud-server-4dn8</guid>
      <description>&lt;h2&gt;
  
  
  1. Overview
&lt;/h2&gt;

&lt;p&gt;CubeSandbox is designed for AI Agent code execution, where ultra-fast cold-start and high concurrency are the two most critical metrics. This post presents performance benchmark data measured on a Tencent Cloud standard CVM (running a PVM kernel), split into two parts:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Chapter 3: Create sandbox from Template&lt;/strong&gt; — cold-start latency, concurrency scaling, single-host deployment density&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Chapter 4: Snapshot operations&lt;/strong&gt; — Snapshot creation, create-from-snapshot, Rollback, Clone&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Every section includes the exact commands needed to reproduce the results on your own hardware.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Important: all benchmark numbers are highly dependent on the test environment and workload.&lt;/strong&gt; Contributing factors include (but are not limited to) host CPU, memory, IO performance, and sandbox internal workload (e.g. the more complex the program running inside the sandbox and the more dirty pages generated, the longer snapshot creation takes). Please evaluate against your own hardware and workload when planning deployments.&lt;/p&gt;

&lt;p&gt;Compared to the &lt;a href="//./2026-06-01-cubesandbox-perf-benchmark.md"&gt;bare-metal benchmark report&lt;/a&gt;, this post uses a standard virtualized CVM (SA9.4XLARGE32) with fewer CPU cores and less memory, and can serve as a reference baseline for small-to-medium scale deployments.&lt;/p&gt;




&lt;h2&gt;
  
  
  2. Test Environment
&lt;/h2&gt;

&lt;h3&gt;
  
  
  2.1 Hardware
&lt;/h3&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Item&lt;/th&gt;
&lt;th&gt;Detail&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Machine&lt;/td&gt;
&lt;td&gt;Tencent Cloud &lt;a href="https://cloud.tencent.com/document/product/213/11518" rel="noopener noreferrer"&gt;Standard CVM SA9.4XLARGE32&lt;/a&gt; (available for purchase from the Tencent Cloud console)&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Availability Zone&lt;/td&gt;
&lt;td&gt;—&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;OS&lt;/td&gt;
&lt;td&gt;OpenCloudOS 9.4&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Kernel&lt;/td&gt;
&lt;td&gt;&lt;code&gt;6.6.69-cube.pvm.host.005.x&lt;/code&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;CPU Model&lt;/td&gt;
&lt;td&gt;AMD EPYC 9K65&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;CPU Config&lt;/td&gt;
&lt;td&gt;1 Socket × 16 Core × 1 Thread = &lt;strong&gt;16 logical cores&lt;/strong&gt;
&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;NUMA Nodes&lt;/td&gt;
&lt;td&gt;1 (node0: 0-15)&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Total Memory&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;32 GiB&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;System Disk&lt;/td&gt;
&lt;td&gt;
&lt;code&gt;/dev/vda&lt;/code&gt; 200 GiB Enhanced SSD cloud disk, formatted as XFS, mounted at &lt;code&gt;/&lt;/code&gt;
&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;SA9.4XLARGE32&lt;/strong&gt; is a Tencent Cloud ninth-generation standard instance powered by AMD EPYC 9K65 processors, suited for general-purpose computing. This post runs a PVM (Parallel Virtual Machine) kernel that supports nested virtualization, enabling CubeSandbox to run on an ordinary cloud server. To reproduce the tests in this post, visit the &lt;a href="https://buy.cloud.tencent.com/cvm" rel="noopener noreferrer"&gt;Tencent Cloud CVM purchase page&lt;/a&gt; to select the same model.&lt;/p&gt;

&lt;p&gt;To install CubeSandbox, refer to the &lt;a href="//../../guide/quickstart.md"&gt;Quick Start Guide&lt;/a&gt;.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;h3&gt;
  
  
  2.2 Sandbox Spec and Template Creation
&lt;/h3&gt;

&lt;p&gt;All tests use sandboxes with the following spec:&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Item&lt;/th&gt;
&lt;th&gt;Detail&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Spec&lt;/td&gt;
&lt;td&gt;2 vCPU / 2 GiB memory&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Test Image&lt;/td&gt;
&lt;td&gt;&lt;code&gt;cube-sandbox-cn.tencentcloudcr.com/cube-sandbox/sandbox-code:latest&lt;/code&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Storage&lt;/td&gt;
&lt;td&gt;CoW reflink (XFS, &lt;code&gt;/data/cubelet/storage/&lt;/code&gt;)&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Memory Tracking&lt;/td&gt;
&lt;td&gt;soft-dirty (&lt;code&gt;/proc/PID/clear_refs&lt;/code&gt;)&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;Build the template before running any tests (use &lt;code&gt;cn&lt;/code&gt; registry in China, &lt;code&gt;int&lt;/code&gt; elsewhere):&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;cubemastercli tpl create-from-image &lt;span class="se"&gt;\&lt;/span&gt;
  &lt;span class="nt"&gt;--image&lt;/span&gt; cube-sandbox-cn.tencentcloudcr.com/cube-sandbox/sandbox-code:latest &lt;span class="se"&gt;\&lt;/span&gt;
  &lt;span class="nt"&gt;--writable-layer-size&lt;/span&gt; 1G &lt;span class="se"&gt;\&lt;/span&gt;
  &lt;span class="nt"&gt;--expose-port&lt;/span&gt; 49999 &lt;span class="se"&gt;\&lt;/span&gt;
  &lt;span class="nt"&gt;--expose-port&lt;/span&gt; 49983 &lt;span class="se"&gt;\&lt;/span&gt;
  &lt;span class="nt"&gt;--probe&lt;/span&gt; 49999
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;After the build finishes, note the template ID:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;&lt;span class="c"&gt;# List templates and grab the first tpl- prefixed ID&lt;/span&gt;
cubemastercli tpl list
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h3&gt;
  
  
  2.3 Metric Definitions
&lt;/h3&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Metric&lt;/th&gt;
&lt;th&gt;Meaning&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;avg&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;Mean across all rounds&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;min&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;Minimum observed&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;p95&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;95th percentile (95% of requests complete within this time)&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;max&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;Maximum observed&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;wall&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;End-to-end elapsed time for the entire batch (first request sent → last one done); used in concurrency scenarios&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;per&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;Amortized per-operation time (wall ÷ number of operations in the batch); used in concurrency scenarios&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;All times are in &lt;strong&gt;milliseconds (ms)&lt;/strong&gt;. A &lt;strong&gt;warm-up&lt;/strong&gt; round is run before each scenario (results discarded) to eliminate page-cache cold-read noise. Concurrent test rounds run serially — no cross-round concurrency — to avoid mutual interference.&lt;/p&gt;




&lt;h2&gt;
  
  
  3. Create Sandbox from Template
&lt;/h2&gt;

&lt;p&gt;This chapter measures the end-to-end time to start a ready-to-use sandbox — calling &lt;code&gt;POST /sandboxes&lt;/code&gt; (with &lt;code&gt;template_id&lt;/code&gt;) until the sandbox reaches &lt;code&gt;running&lt;/code&gt;. This is the most common usage pattern.&lt;/p&gt;

&lt;h3&gt;
  
  
  3.1 Setup and Verification
&lt;/h3&gt;

&lt;p&gt;&lt;strong&gt;Step 1: Install the Python SDK and set environment variables&lt;/strong&gt;&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;pip &lt;span class="nb"&gt;install &lt;/span&gt;e2b-code-interpreter

&lt;span class="nb"&gt;export &lt;/span&gt;&lt;span class="nv"&gt;CUBE_API_URL&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;http://&amp;lt;your-server-ip&amp;gt;:3000
&lt;span class="nb"&gt;export &lt;/span&gt;&lt;span class="nv"&gt;E2B_API_KEY&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;e2b_000000           &lt;span class="c"&gt;# any non-empty string for local deploys&lt;/span&gt;
&lt;span class="nb"&gt;export &lt;/span&gt;&lt;span class="nv"&gt;CUBE_TEMPLATE_ID&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&amp;lt;your-template-id&amp;gt;  &lt;span class="c"&gt;# from cubemastercli tpl list&lt;/span&gt;
&lt;span class="nb"&gt;export &lt;/span&gt;&lt;span class="nv"&gt;SSL_CERT_FILE&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;/root/.local/share/mkcert/rootCA.pem  &lt;span class="c"&gt;# mkcert certificate path&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;strong&gt;Step 2: Run a Hello World to verify the environment&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Before running any benchmarks, run the following script to confirm sandboxes can be created and execute code:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight python"&gt;&lt;code&gt;&lt;span class="kn"&gt;import&lt;/span&gt; &lt;span class="n"&gt;os&lt;/span&gt;
&lt;span class="kn"&gt;from&lt;/span&gt; &lt;span class="n"&gt;e2b_code_interpreter&lt;/span&gt; &lt;span class="kn"&gt;import&lt;/span&gt; &lt;span class="n"&gt;Sandbox&lt;/span&gt;

&lt;span class="k"&gt;with&lt;/span&gt; &lt;span class="n"&gt;Sandbox&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;create&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;template&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="n"&gt;os&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="n"&gt;environ&lt;/span&gt;&lt;span class="p"&gt;[&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;CUBE_TEMPLATE_ID&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;])&lt;/span&gt; &lt;span class="k"&gt;as&lt;/span&gt; &lt;span class="n"&gt;sandbox&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;
    &lt;span class="n"&gt;result&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="n"&gt;sandbox&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;run_code&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;print(&lt;/span&gt;&lt;span class="sh"&gt;'&lt;/span&gt;&lt;span class="s"&gt;Hello from Cube Sandbox, safely isolated!&lt;/span&gt;&lt;span class="sh"&gt;'&lt;/span&gt;&lt;span class="s"&gt;)&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
    &lt;span class="nf"&gt;print&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;result&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
    &lt;span class="nf"&gt;print&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;✅ Environment verification passed — ready for benchmarking&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Save as &lt;code&gt;hello.py&lt;/code&gt; and run:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;python hello.py
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;If you see &lt;code&gt;✅ Environment verification passed&lt;/code&gt;, CubeSandbox is deployed correctly and you can proceed. If it errors, refer to the &lt;a href="//../../guide/quickstart.md"&gt;Quick Start&lt;/a&gt; to troubleshoot.&lt;/p&gt;

&lt;h3&gt;
  
  
  3.2 Cold-Start Latency and Concurrency Scaling
&lt;/h3&gt;

&lt;p&gt;Use the &lt;a href="https://github.com/TencentCloud/CubeSandbox/tree/master/examples/cube-bench" rel="noopener noreferrer"&gt;&lt;code&gt;cube-bench&lt;/code&gt;&lt;/a&gt; tool to measure sandbox creation latency at different concurrency levels. &lt;code&gt;cube-bench&lt;/code&gt; drives CubeAPI via Go goroutines and reports full percentile statistics.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Build (requires Go 1.21+):&lt;/strong&gt;&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;&lt;span class="nb"&gt;cd &lt;/span&gt;examples/cube-bench
make
&lt;span class="c"&gt;# output: ./bin/cube-bench&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;strong&gt;Run:&lt;/strong&gt;&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;&lt;span class="c"&gt;# Set environment variables&lt;/span&gt;
&lt;span class="nb"&gt;export &lt;/span&gt;&lt;span class="nv"&gt;E2B_API_URL&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;http://&amp;lt;your-server-ip&amp;gt;:3000
&lt;span class="nb"&gt;export &lt;/span&gt;&lt;span class="nv"&gt;E2B_API_KEY&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;e2b_000000
&lt;span class="nb"&gt;export &lt;/span&gt;&lt;span class="nv"&gt;CUBE_TEMPLATE_ID&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&amp;lt;your-template-id&amp;gt;

&lt;span class="c"&gt;# 1-concurrent, 20 total (create then immediately delete)&lt;/span&gt;
./bin/cube-bench &lt;span class="nt"&gt;-c&lt;/span&gt; 1 &lt;span class="nt"&gt;-n&lt;/span&gt; 20 &lt;span class="nt"&gt;-w&lt;/span&gt; 3

&lt;span class="c"&gt;# 10-concurrent, 200 total&lt;/span&gt;
./bin/cube-bench &lt;span class="nt"&gt;-c&lt;/span&gt; 10 &lt;span class="nt"&gt;-n&lt;/span&gt; 200 &lt;span class="nt"&gt;-w&lt;/span&gt; 3

&lt;span class="c"&gt;# 20-concurrent, 300 total&lt;/span&gt;
./bin/cube-bench &lt;span class="nt"&gt;-c&lt;/span&gt; 20 &lt;span class="nt"&gt;-n&lt;/span&gt; 300 &lt;span class="nt"&gt;-w&lt;/span&gt; 3
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;blockquote&gt;
&lt;p&gt;&lt;code&gt;-w 3&lt;/code&gt; runs 3 warm-up rounds whose results are discarded before measurement.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;&lt;strong&gt;Results (Tencent Cloud SA9.4XLARGE32 PVM, 2 vCPU / 2 GiB sandbox):&lt;/strong&gt;&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Concurrency&lt;/th&gt;
&lt;th&gt;Requests&lt;/th&gt;
&lt;th&gt;avg&lt;/th&gt;
&lt;th&gt;min&lt;/th&gt;
&lt;th&gt;P50&lt;/th&gt;
&lt;th&gt;P90&lt;/th&gt;
&lt;th&gt;P95&lt;/th&gt;
&lt;th&gt;P99&lt;/th&gt;
&lt;th&gt;max&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;1&lt;/td&gt;
&lt;td&gt;20&lt;/td&gt;
&lt;td&gt;66.7 ms&lt;/td&gt;
&lt;td&gt;55.9 ms&lt;/td&gt;
&lt;td&gt;64.5 ms&lt;/td&gt;
&lt;td&gt;77.5 ms&lt;/td&gt;
&lt;td&gt;78.2 ms&lt;/td&gt;
&lt;td&gt;80.2 ms&lt;/td&gt;
&lt;td&gt;80.2 ms&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;10&lt;/td&gt;
&lt;td&gt;200&lt;/td&gt;
&lt;td&gt;170.9 ms&lt;/td&gt;
&lt;td&gt;85.4 ms&lt;/td&gt;
&lt;td&gt;168.5 ms&lt;/td&gt;
&lt;td&gt;206.4 ms&lt;/td&gt;
&lt;td&gt;216.7 ms&lt;/td&gt;
&lt;td&gt;286.1 ms&lt;/td&gt;
&lt;td&gt;323.5 ms&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;20&lt;/td&gt;
&lt;td&gt;300&lt;/td&gt;
&lt;td&gt;364.6 ms&lt;/td&gt;
&lt;td&gt;116.5 ms&lt;/td&gt;
&lt;td&gt;356.2 ms&lt;/td&gt;
&lt;td&gt;459.0 ms&lt;/td&gt;
&lt;td&gt;521.4 ms&lt;/td&gt;
&lt;td&gt;673.8 ms&lt;/td&gt;
&lt;td&gt;744.0 ms&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;blockquote&gt;
&lt;p&gt;Each tier is tested independently — all sandboxes are cleaned up and the resource pool is given time to recover between tiers to avoid interference. &lt;strong&gt;100% success rate&lt;/strong&gt; across all tiers.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;&lt;strong&gt;Key findings:&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Serial creation latency ~&lt;strong&gt;67 ms&lt;/strong&gt; (min 55.9 / P95 78.2), extremely low and stable&lt;/li&gt;
&lt;li&gt;At 10-concurrent, avg 171 ms — amortized per-sandbox just &lt;strong&gt;17.1 ms&lt;/strong&gt;, showing strong concurrency scaling&lt;/li&gt;
&lt;li&gt;At 20-concurrent, avg 365 ms — amortized per-sandbox &lt;strong&gt;18.2 ms&lt;/strong&gt;, P99 674 ms reflects minor tail latency under queue pressure&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  3.3 Single-Host Deployment Density (Memory Overhead)
&lt;/h3&gt;

&lt;p&gt;CubeSandbox uses kernel sharing and Copy-on-Write (CoW) to compress its per-instance overhead to extremely low levels. This section measures net per-instance cost by "clearing the machine → launching sandboxes in batches → recording memory changes."&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;⚠️⚠️⚠️ &lt;strong&gt;Important Safety Warning&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Before each batch, always run &lt;code&gt;free -h&lt;/code&gt; to confirm sufficient remaining memory. Launch only a small batch at a time, observe memory after each batch, and only proceed when safe — never launch too many at once!&lt;/strong&gt; Running out of memory triggers OOM Killer, which at minimum kills processes and at worst corrupts the running environment, requiring redeployment. Decide batch sizes based on your machine's actual available memory.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;&lt;strong&gt;Step 1: Record the baseline (empty machine memory)&lt;/strong&gt;&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;&lt;span class="nb"&gt;export &lt;/span&gt;&lt;span class="nv"&gt;E2B_API_URL&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;http://&amp;lt;your-server-ip&amp;gt;:3000
&lt;span class="nb"&gt;export &lt;/span&gt;&lt;span class="nv"&gt;E2B_API_KEY&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;e2b_000000
&lt;span class="nb"&gt;export &lt;/span&gt;&lt;span class="nv"&gt;CUBE_TEMPLATE_ID&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&amp;lt;your-template-id&amp;gt;

&lt;span class="c"&gt;# Ensure no leftover sandboxes&lt;/span&gt;
cubemastercli list

&lt;span class="c"&gt;# Record empty-machine memory usage&lt;/span&gt;
free &lt;span class="nt"&gt;-h&lt;/span&gt;
&lt;span class="c"&gt;# Also record shim process count (should be 0)&lt;/span&gt;
ps &lt;span class="nt"&gt;--no-headers&lt;/span&gt; &lt;span class="nt"&gt;-C&lt;/span&gt; containerd-shim-cube-rs | &lt;span class="nb"&gt;wc&lt;/span&gt; &lt;span class="nt"&gt;-l&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;strong&gt;Step 2: Launch sandboxes in batches, record memory with &lt;code&gt;free -h&lt;/code&gt; after each batch&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Use &lt;code&gt;cube-bench&lt;/code&gt; in &lt;code&gt;create-only&lt;/code&gt; mode to create sandboxes and keep them alive:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;&lt;span class="c"&gt;# Set environment variables (same as §3.2; re-export if you open a new terminal)&lt;/span&gt;
&lt;span class="nb"&gt;export &lt;/span&gt;&lt;span class="nv"&gt;E2B_API_URL&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;http://&amp;lt;your-server-ip&amp;gt;:3000
&lt;span class="nb"&gt;export &lt;/span&gt;&lt;span class="nv"&gt;E2B_API_KEY&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;e2b_000000              &lt;span class="c"&gt;# any non-empty string for local deploys&lt;/span&gt;
&lt;span class="nb"&gt;export &lt;/span&gt;&lt;span class="nv"&gt;CUBE_TEMPLATE_ID&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&amp;lt;your-template-id&amp;gt; &lt;span class="c"&gt;# from cubemastercli tpl list&lt;/span&gt;

./bin/cube-bench &lt;span class="nt"&gt;-c&lt;/span&gt; 1  &lt;span class="nt"&gt;-n&lt;/span&gt; 1  &lt;span class="nt"&gt;-m&lt;/span&gt; create-only &lt;span class="o"&gt;&amp;amp;&amp;amp;&lt;/span&gt; free &lt;span class="nt"&gt;-m&lt;/span&gt;   &lt;span class="c"&gt;# cumulative: 1&lt;/span&gt;
./bin/cube-bench &lt;span class="nt"&gt;-c&lt;/span&gt; 4  &lt;span class="nt"&gt;-n&lt;/span&gt; 4  &lt;span class="nt"&gt;-m&lt;/span&gt; create-only &lt;span class="o"&gt;&amp;amp;&amp;amp;&lt;/span&gt; free &lt;span class="nt"&gt;-m&lt;/span&gt;   &lt;span class="c"&gt;# cumulative: 5&lt;/span&gt;
./bin/cube-bench &lt;span class="nt"&gt;-c&lt;/span&gt; 5  &lt;span class="nt"&gt;-n&lt;/span&gt; 5  &lt;span class="nt"&gt;-m&lt;/span&gt; create-only &lt;span class="o"&gt;&amp;amp;&amp;amp;&lt;/span&gt; free &lt;span class="nt"&gt;-m&lt;/span&gt;   &lt;span class="c"&gt;# cumulative: 10&lt;/span&gt;
./bin/cube-bench &lt;span class="nt"&gt;-c&lt;/span&gt; 10 &lt;span class="nt"&gt;-n&lt;/span&gt; 10 &lt;span class="nt"&gt;-m&lt;/span&gt; create-only &lt;span class="o"&gt;&amp;amp;&amp;amp;&lt;/span&gt; free &lt;span class="nt"&gt;-m&lt;/span&gt;   &lt;span class="c"&gt;# cumulative: 20&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;strong&gt;Step 3: Calculate per-instance overhead&lt;/strong&gt;&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Per-VM amortized overhead = (current used - baseline used) ÷ VM count
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;strong&gt;Results (Tencent Cloud SA9.4XLARGE32 PVM, 2 vCPU / 2 GiB sandbox):&lt;/strong&gt;&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Live Sandboxes&lt;/th&gt;
&lt;th&gt;System Available (MB)&lt;/th&gt;
&lt;th&gt;Per-VM Amortized Overhead&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;0 (baseline)&lt;/td&gt;
&lt;td&gt;25570 MB&lt;/td&gt;
&lt;td&gt;—&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;1&lt;/td&gt;
&lt;td&gt;25536 MB&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;~34 MB&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;5&lt;/td&gt;
&lt;td&gt;25436 MB&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;~27 MB&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;10&lt;/td&gt;
&lt;td&gt;25252 MB&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;~32 MB&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;20&lt;/td&gt;
&lt;td&gt;24990 MB&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;~29 MB&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;blockquote&gt;
&lt;p&gt;Measured per-VM amortized overhead is approximately &lt;strong&gt;27–34 MB&lt;/strong&gt;. CoW on-demand allocation is clearly effective — a 2 GiB sandbox at idle uses only ~30 MB in practice.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;&lt;strong&gt;Estimated single-host capacity (SA9.4XLARGE32, 32 GiB memory):&lt;/strong&gt;&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Total memory:                     32768 MB
System baseline usage (measured): 7198 MB  (= 32768 - 25570, from empty-machine available)
Safety headroom reserved (10%):   3276 MB
Available for sandboxes:         22294 MB  (= 32768 - 7198 - 3276)

Idle/light-load scenario (CoW on-demand allocation, ~30 MB amortized per sandbox):
  22294 ÷ 30 ≈ 743 sandboxes

Full-load scenario (each sandbox writes the full 2 GiB):
  22294 ÷ (2048 + 30) ≈ 10 sandboxes
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;






&lt;h2&gt;
  
  
  4. Snapshot Operations
&lt;/h2&gt;

&lt;p&gt;Snapshot is a core CubeSandbox feature, supporting memory + filesystem snapshots on running sandboxes that can be restored near-instantly (Clone / Rollback).&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Install dependencies:&lt;/strong&gt;&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;&lt;span class="nb"&gt;cd &lt;/span&gt;examples/snapshot-rollback-clone
pip &lt;span class="nb"&gt;install&lt;/span&gt; &lt;span class="nt"&gt;-r&lt;/span&gt; requirements.txt   &lt;span class="c"&gt;# installs the cubesandbox SDK&lt;/span&gt;

&lt;span class="c"&gt;# The following environment variables are prerequisites for all 4.x benchmark scripts;&lt;/span&gt;
&lt;span class="c"&gt;# export in each new shell (or write to env.sh and source it)&lt;/span&gt;
&lt;span class="nb"&gt;export &lt;/span&gt;&lt;span class="nv"&gt;E2B_API_URL&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;http://&amp;lt;your-server-ip&amp;gt;:3000
&lt;span class="nb"&gt;export &lt;/span&gt;&lt;span class="nv"&gt;CUBE_API_URL&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;http://&amp;lt;your-server-ip&amp;gt;:3000   &lt;span class="c"&gt;# same as E2B_API_URL&lt;/span&gt;
&lt;span class="nb"&gt;export &lt;/span&gt;&lt;span class="nv"&gt;E2B_API_KEY&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;e2b_000000                       &lt;span class="c"&gt;# any non-empty string for local deploys&lt;/span&gt;
&lt;span class="nb"&gt;export &lt;/span&gt;&lt;span class="nv"&gt;CUBE_TEMPLATE_ID&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&amp;lt;your-template-id&amp;gt;          &lt;span class="c"&gt;# from cubemastercli tpl list&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;blockquote&gt;
&lt;p&gt;Sections 4.1–4.5 below assume you have completed the above &lt;code&gt;export&lt;/code&gt; in your current shell (scripts read these variables via &lt;code&gt;env.py&lt;/code&gt;). Re-export if you open a new terminal.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;h3&gt;
  
  
  4.1 Snapshot Creation vs Concurrency
&lt;/h3&gt;

&lt;p&gt;&lt;strong&gt;How it works:&lt;/strong&gt; calls &lt;code&gt;POST /sandboxes/{id}/snapshots&lt;/code&gt; on a running sandbox. N concurrent requests target N independent sandboxes simultaneously, measuring wall time until all snapshots complete.&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;CubeSandbox serializes snapshot requests on a &lt;strong&gt;single sandbox&lt;/strong&gt; internally, so the concurrency test targets N distinct sandboxes (one snapshot request per sandbox), and the actual success count equals the concurrency.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;&lt;strong&gt;Run:&lt;/strong&gt; (script: &lt;a href="https://github.com/TencentCloud/CubeSandbox/blob/master/examples/snapshot-rollback-clone/bench_snapshot_concurrency.py" rel="noopener noreferrer"&gt;&lt;code&gt;bench_snapshot_concurrency.py&lt;/code&gt;&lt;/a&gt;)&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;&lt;span class="nb"&gt;cd &lt;/span&gt;examples/snapshot-rollback-clone
&lt;span class="nb"&gt;export &lt;/span&gt;&lt;span class="nv"&gt;E2B_API_URL&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;http://&amp;lt;your-server-ip&amp;gt;:3000
&lt;span class="nb"&gt;export &lt;/span&gt;&lt;span class="nv"&gt;E2B_API_KEY&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;e2b_000000
&lt;span class="nb"&gt;export &lt;/span&gt;&lt;span class="nv"&gt;CUBE_TEMPLATE_ID&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&amp;lt;your-template-id&amp;gt;

python bench_snapshot_concurrency.py &lt;span class="nt"&gt;-c&lt;/span&gt; 1  &lt;span class="nt"&gt;-n&lt;/span&gt; 5
python bench_snapshot_concurrency.py &lt;span class="nt"&gt;-c&lt;/span&gt; 5  &lt;span class="nt"&gt;-n&lt;/span&gt; 5 &lt;span class="nt"&gt;--no-header&lt;/span&gt;
python bench_snapshot_concurrency.py &lt;span class="nt"&gt;-c&lt;/span&gt; 10 &lt;span class="nt"&gt;-n&lt;/span&gt; 5 &lt;span class="nt"&gt;--no-header&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;strong&gt;Results&lt;/strong&gt; (fresh sandboxes snapshotted as-is; measured dirty pages ~&lt;strong&gt;8 MB&lt;/strong&gt;, confirmed by &lt;code&gt;PagemapAnon snapshot saved&lt;/code&gt; in &lt;code&gt;/data/log/CubeVmm/vmm.log&lt;/code&gt;; this is the sandbox baseline anonymous memory page size and is not a variable in this section):&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Concurrency&lt;/th&gt;
&lt;th&gt;Rounds&lt;/th&gt;
&lt;th&gt;wall avg&lt;/th&gt;
&lt;th&gt;wall min&lt;/th&gt;
&lt;th&gt;wall p95&lt;/th&gt;
&lt;th&gt;wall max&lt;/th&gt;
&lt;th&gt;per-snapshot avg&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;1&lt;/td&gt;
&lt;td&gt;5&lt;/td&gt;
&lt;td&gt;41.4 ms&lt;/td&gt;
&lt;td&gt;37.6 ms&lt;/td&gt;
&lt;td&gt;48.7 ms&lt;/td&gt;
&lt;td&gt;48.7 ms&lt;/td&gt;
&lt;td&gt;41.4 ms&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;5&lt;/td&gt;
&lt;td&gt;5&lt;/td&gt;
&lt;td&gt;58.2 ms&lt;/td&gt;
&lt;td&gt;51.0 ms&lt;/td&gt;
&lt;td&gt;66.1 ms&lt;/td&gt;
&lt;td&gt;66.1 ms&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;11.6 ms&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;10&lt;/td&gt;
&lt;td&gt;5&lt;/td&gt;
&lt;td&gt;114.1 ms&lt;/td&gt;
&lt;td&gt;66.2 ms&lt;/td&gt;
&lt;td&gt;285.2 ms&lt;/td&gt;
&lt;td&gt;285.2 ms&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;11.4 ms&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;Serial snapshot ~&lt;strong&gt;41 ms&lt;/strong&gt;; at 5-concurrent, batch wall ~&lt;strong&gt;58 ms&lt;/strong&gt;, per-snapshot amortized drops to ~&lt;strong&gt;11.6 ms&lt;/strong&gt;; at 10-concurrent, batch wall ~&lt;strong&gt;114 ms&lt;/strong&gt;, amortized further drops to ~&lt;strong&gt;11.4 ms&lt;/strong&gt; — significant concurrency amortization.&lt;/p&gt;

&lt;h3&gt;
  
  
  4.2 Snapshot Creation vs Dirty Page Size
&lt;/h3&gt;

&lt;p&gt;&lt;strong&gt;Background:&lt;/strong&gt; CubeSandbox uses the soft-dirty mechanism to save only memory pages modified since the last snapshot. Actual write volume = dirty page count × 4 KiB, typically far less than total sandbox memory (2 GiB).&lt;/p&gt;

&lt;p&gt;The test precisely controls dirty page size by pre-writing data to &lt;code&gt;/dev/shm&lt;/code&gt; (tmpfs). The "Dirty Page" column shows actual bytes written as read from &lt;code&gt;/data/log/CubeVmm/vmm.log&lt;/code&gt; — it differs from the theoretical write size due to Guest OS background activity.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Run:&lt;/strong&gt; (script: &lt;a href="https://github.com/TencentCloud/CubeSandbox/blob/master/examples/snapshot-rollback-clone/bench_snapshot_dirty.py" rel="noopener noreferrer"&gt;&lt;code&gt;bench_snapshot_dirty.py&lt;/code&gt;&lt;/a&gt;)&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;&lt;span class="nb"&gt;cd &lt;/span&gt;examples/snapshot-rollback-clone
&lt;span class="nb"&gt;export &lt;/span&gt;&lt;span class="nv"&gt;E2B_API_URL&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;http://&amp;lt;your-server-ip&amp;gt;:3000
&lt;span class="nb"&gt;export &lt;/span&gt;&lt;span class="nv"&gt;E2B_API_KEY&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;e2b_000000
&lt;span class="nb"&gt;export &lt;/span&gt;&lt;span class="nv"&gt;CUBE_TEMPLATE_ID&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&amp;lt;your-template-id&amp;gt;

python bench_snapshot_dirty.py &lt;span class="nt"&gt;-d&lt;/span&gt; 0    &lt;span class="nt"&gt;-n&lt;/span&gt; 3
python bench_snapshot_dirty.py &lt;span class="nt"&gt;-d&lt;/span&gt; 10   &lt;span class="nt"&gt;-n&lt;/span&gt; 3 &lt;span class="nt"&gt;--no-header&lt;/span&gt;
python bench_snapshot_dirty.py &lt;span class="nt"&gt;-d&lt;/span&gt; 50   &lt;span class="nt"&gt;-n&lt;/span&gt; 3 &lt;span class="nt"&gt;--no-header&lt;/span&gt;
python bench_snapshot_dirty.py &lt;span class="nt"&gt;-d&lt;/span&gt; 100  &lt;span class="nt"&gt;-n&lt;/span&gt; 3 &lt;span class="nt"&gt;--no-header&lt;/span&gt;
python bench_snapshot_dirty.py &lt;span class="nt"&gt;-d&lt;/span&gt; 200  &lt;span class="nt"&gt;-n&lt;/span&gt; 3 &lt;span class="nt"&gt;--no-header&lt;/span&gt;
python bench_snapshot_dirty.py &lt;span class="nt"&gt;-d&lt;/span&gt; 500  &lt;span class="nt"&gt;-n&lt;/span&gt; 3 &lt;span class="nt"&gt;--no-header&lt;/span&gt;
python bench_snapshot_dirty.py &lt;span class="nt"&gt;-d&lt;/span&gt; 800  &lt;span class="nt"&gt;-n&lt;/span&gt; 3 &lt;span class="nt"&gt;--no-header&lt;/span&gt;
python bench_snapshot_dirty.py &lt;span class="nt"&gt;-d&lt;/span&gt; 1024 &lt;span class="nt"&gt;-n&lt;/span&gt; 3 &lt;span class="nt"&gt;--no-header&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;blockquote&gt;
&lt;p&gt;Tests run in serial mode; one warm-up is discarded before each data point, then 3 measured runs are averaged. The "create sandbox avg" column shows the time to create a new sandbox from that snapshot, reflecting whether dirty page size affects restore speed.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;&lt;strong&gt;Results:&lt;/strong&gt;&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Write Size&lt;/th&gt;
&lt;th&gt;Dirty Page&lt;/th&gt;
&lt;th&gt;snapshot avg&lt;/th&gt;
&lt;th&gt;snapshot min&lt;/th&gt;
&lt;th&gt;snapshot p95&lt;/th&gt;
&lt;th&gt;snapshot max&lt;/th&gt;
&lt;th&gt;create sandbox avg&lt;/th&gt;
&lt;th&gt;create sandbox min&lt;/th&gt;
&lt;th&gt;create sandbox p95&lt;/th&gt;
&lt;th&gt;create sandbox max&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;0 MB&lt;/td&gt;
&lt;td&gt;8.3 MB&lt;/td&gt;
&lt;td&gt;42.1 ms&lt;/td&gt;
&lt;td&gt;37.6 ms&lt;/td&gt;
&lt;td&gt;45.9 ms&lt;/td&gt;
&lt;td&gt;45.9 ms&lt;/td&gt;
&lt;td&gt;71.6 ms&lt;/td&gt;
&lt;td&gt;65.4 ms&lt;/td&gt;
&lt;td&gt;77.7 ms&lt;/td&gt;
&lt;td&gt;77.7 ms&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;10 MB&lt;/td&gt;
&lt;td&gt;41.2 MB&lt;/td&gt;
&lt;td&gt;55.3 ms&lt;/td&gt;
&lt;td&gt;54.1 ms&lt;/td&gt;
&lt;td&gt;56.6 ms&lt;/td&gt;
&lt;td&gt;56.6 ms&lt;/td&gt;
&lt;td&gt;73.1 ms&lt;/td&gt;
&lt;td&gt;60.4 ms&lt;/td&gt;
&lt;td&gt;82.5 ms&lt;/td&gt;
&lt;td&gt;82.5 ms&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;50 MB&lt;/td&gt;
&lt;td&gt;122.6 MB&lt;/td&gt;
&lt;td&gt;67.7 ms&lt;/td&gt;
&lt;td&gt;66.5 ms&lt;/td&gt;
&lt;td&gt;69.6 ms&lt;/td&gt;
&lt;td&gt;69.6 ms&lt;/td&gt;
&lt;td&gt;70.3 ms&lt;/td&gt;
&lt;td&gt;63.9 ms&lt;/td&gt;
&lt;td&gt;81.4 ms&lt;/td&gt;
&lt;td&gt;81.4 ms&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;100 MB&lt;/td&gt;
&lt;td&gt;195.2 MB&lt;/td&gt;
&lt;td&gt;85.7 ms&lt;/td&gt;
&lt;td&gt;82.5 ms&lt;/td&gt;
&lt;td&gt;88.7 ms&lt;/td&gt;
&lt;td&gt;88.7 ms&lt;/td&gt;
&lt;td&gt;68.3 ms&lt;/td&gt;
&lt;td&gt;62.3 ms&lt;/td&gt;
&lt;td&gt;71.6 ms&lt;/td&gt;
&lt;td&gt;71.6 ms&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;200 MB&lt;/td&gt;
&lt;td&gt;296.8 MB&lt;/td&gt;
&lt;td&gt;100.9 ms&lt;/td&gt;
&lt;td&gt;98.5 ms&lt;/td&gt;
&lt;td&gt;102.6 ms&lt;/td&gt;
&lt;td&gt;102.6 ms&lt;/td&gt;
&lt;td&gt;65.9 ms&lt;/td&gt;
&lt;td&gt;62.7 ms&lt;/td&gt;
&lt;td&gt;71.2 ms&lt;/td&gt;
&lt;td&gt;71.2 ms&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;500 MB&lt;/td&gt;
&lt;td&gt;602.6 MB&lt;/td&gt;
&lt;td&gt;168.6 ms&lt;/td&gt;
&lt;td&gt;165.4 ms&lt;/td&gt;
&lt;td&gt;172.9 ms&lt;/td&gt;
&lt;td&gt;172.9 ms&lt;/td&gt;
&lt;td&gt;68.1 ms&lt;/td&gt;
&lt;td&gt;54.5 ms&lt;/td&gt;
&lt;td&gt;75.7 ms&lt;/td&gt;
&lt;td&gt;75.7 ms&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;800 MB&lt;/td&gt;
&lt;td&gt;908.3 MB&lt;/td&gt;
&lt;td&gt;215.8 ms&lt;/td&gt;
&lt;td&gt;212.1 ms&lt;/td&gt;
&lt;td&gt;217.6 ms&lt;/td&gt;
&lt;td&gt;217.6 ms&lt;/td&gt;
&lt;td&gt;68.1 ms&lt;/td&gt;
&lt;td&gt;60.9 ms&lt;/td&gt;
&lt;td&gt;79.1 ms&lt;/td&gt;
&lt;td&gt;79.1 ms&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;1024 MB&lt;/td&gt;
&lt;td&gt;1136.3 MB&lt;/td&gt;
&lt;td&gt;257.5 ms&lt;/td&gt;
&lt;td&gt;251.2 ms&lt;/td&gt;
&lt;td&gt;267.6 ms&lt;/td&gt;
&lt;td&gt;267.6 ms&lt;/td&gt;
&lt;td&gt;62.3 ms&lt;/td&gt;
&lt;td&gt;56.5 ms&lt;/td&gt;
&lt;td&gt;69.6 ms&lt;/td&gt;
&lt;td&gt;69.6 ms&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;&lt;strong&gt;Key findings:&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Snapshot creation time scales near-linearly with dirty page size&lt;/strong&gt;: baseline (8.3 MB dirty) ~42 ms, +~22 ms per 100 MB of additional dirty data, ~258 ms at 1024 MB&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Create-from-snapshot time is independent of dirty page size&lt;/strong&gt;: stable at &lt;strong&gt;54–83 ms&lt;/strong&gt; regardless of snapshot size, because restore uses CoW (copy-on-write) on-demand loading and does not depend on dirty page size&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  4.3 Create Sandbox from Snapshot
&lt;/h3&gt;

&lt;p&gt;&lt;strong&gt;How it works:&lt;/strong&gt; creates a snapshot first, then launches N sandboxes concurrently via &lt;code&gt;POST /sandboxes&lt;/code&gt; (with &lt;code&gt;snapshot_id&lt;/code&gt;), measuring end-to-end wall time until all sandboxes reach &lt;code&gt;running&lt;/code&gt;.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Run:&lt;/strong&gt; (script: &lt;a href="https://github.com/TencentCloud/CubeSandbox/blob/master/examples/snapshot-rollback-clone/bench_create_concurrency.py" rel="noopener noreferrer"&gt;&lt;code&gt;bench_create_concurrency.py&lt;/code&gt;&lt;/a&gt;)&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;&lt;span class="nb"&gt;cd &lt;/span&gt;examples/snapshot-rollback-clone
&lt;span class="nb"&gt;export &lt;/span&gt;&lt;span class="nv"&gt;E2B_API_URL&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;http://&amp;lt;your-server-ip&amp;gt;:3000
&lt;span class="nb"&gt;export &lt;/span&gt;&lt;span class="nv"&gt;E2B_API_KEY&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;e2b_000000
&lt;span class="nb"&gt;export &lt;/span&gt;&lt;span class="nv"&gt;CUBE_TEMPLATE_ID&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&amp;lt;your-template-id&amp;gt;

python bench_create_concurrency.py &lt;span class="nt"&gt;-c&lt;/span&gt; 1  &lt;span class="nt"&gt;-n&lt;/span&gt; 3
python bench_create_concurrency.py &lt;span class="nt"&gt;-c&lt;/span&gt; 10 &lt;span class="nt"&gt;-n&lt;/span&gt; 3 &lt;span class="nt"&gt;--no-header&lt;/span&gt;
python bench_create_concurrency.py &lt;span class="nt"&gt;-c&lt;/span&gt; 20 &lt;span class="nt"&gt;-n&lt;/span&gt; 3 &lt;span class="nt"&gt;--no-header&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;strong&gt;Results:&lt;/strong&gt;&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Concurrency&lt;/th&gt;
&lt;th&gt;n total&lt;/th&gt;
&lt;th&gt;Rounds&lt;/th&gt;
&lt;th&gt;wall avg&lt;/th&gt;
&lt;th&gt;wall min&lt;/th&gt;
&lt;th&gt;wall p95&lt;/th&gt;
&lt;th&gt;wall max&lt;/th&gt;
&lt;th&gt;per-sandbox avg&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;1&lt;/td&gt;
&lt;td&gt;1&lt;/td&gt;
&lt;td&gt;3&lt;/td&gt;
&lt;td&gt;66.7 ms&lt;/td&gt;
&lt;td&gt;65.8 ms&lt;/td&gt;
&lt;td&gt;68.3 ms&lt;/td&gt;
&lt;td&gt;68.3 ms&lt;/td&gt;
&lt;td&gt;66.7 ms&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;10&lt;/td&gt;
&lt;td&gt;10&lt;/td&gt;
&lt;td&gt;3&lt;/td&gt;
&lt;td&gt;387.9 ms&lt;/td&gt;
&lt;td&gt;364.4 ms&lt;/td&gt;
&lt;td&gt;420.3 ms&lt;/td&gt;
&lt;td&gt;420.3 ms&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;38.8 ms&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;20&lt;/td&gt;
&lt;td&gt;20&lt;/td&gt;
&lt;td&gt;3&lt;/td&gt;
&lt;td&gt;701.3 ms&lt;/td&gt;
&lt;td&gt;660.5 ms&lt;/td&gt;
&lt;td&gt;742.4 ms&lt;/td&gt;
&lt;td&gt;742.4 ms&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;35.1 ms&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;Single sandbox startup ~&lt;strong&gt;67 ms&lt;/strong&gt;; at 10-concurrent, wall ~&lt;strong&gt;388 ms&lt;/strong&gt;, amortized just &lt;strong&gt;38.8 ms/sandbox&lt;/strong&gt;; at 20-concurrent, wall ~&lt;strong&gt;701 ms&lt;/strong&gt;, amortized just &lt;strong&gt;35.1 ms/sandbox&lt;/strong&gt; — demonstrating good concurrency scaling.&lt;/p&gt;

&lt;h3&gt;
  
  
  4.4 Rollback
&lt;/h3&gt;

&lt;p&gt;&lt;strong&gt;How it works:&lt;/strong&gt; calls &lt;code&gt;POST /sandboxes/{id}/rollback&lt;/code&gt; on running sandboxes to restore memory and filesystem state in-place to the specified Snapshot, without recreating the sandbox.&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;Snapshot ownership constraint:&lt;/strong&gt; CubeSandbox only allows a sandbox to roll back to a checkpoint &lt;strong&gt;it created itself&lt;/strong&gt;. Therefore each concurrent sandbox must independently complete the full "snapshot + rollback" flow.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;&lt;strong&gt;Run:&lt;/strong&gt; (script: &lt;a href="https://github.com/TencentCloud/CubeSandbox/blob/master/examples/snapshot-rollback-clone/bench_rollback_concurrency.py" rel="noopener noreferrer"&gt;&lt;code&gt;bench_rollback_concurrency.py&lt;/code&gt;&lt;/a&gt;)&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;&lt;span class="nb"&gt;cd &lt;/span&gt;examples/snapshot-rollback-clone
&lt;span class="nb"&gt;export &lt;/span&gt;&lt;span class="nv"&gt;E2B_API_URL&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;http://&amp;lt;your-server-ip&amp;gt;:3000
&lt;span class="nb"&gt;export &lt;/span&gt;&lt;span class="nv"&gt;E2B_API_KEY&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;e2b_000000
&lt;span class="nb"&gt;export &lt;/span&gt;&lt;span class="nv"&gt;CUBE_TEMPLATE_ID&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&amp;lt;your-template-id&amp;gt;

python bench_rollback_concurrency.py &lt;span class="nt"&gt;-c&lt;/span&gt; 1  &lt;span class="nt"&gt;-n&lt;/span&gt; 5
python bench_rollback_concurrency.py &lt;span class="nt"&gt;-c&lt;/span&gt; 5  &lt;span class="nt"&gt;-n&lt;/span&gt; 5 &lt;span class="nt"&gt;--no-header&lt;/span&gt;
python bench_rollback_concurrency.py &lt;span class="nt"&gt;-c&lt;/span&gt; 10 &lt;span class="nt"&gt;-n&lt;/span&gt; 5 &lt;span class="nt"&gt;--no-header&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;strong&gt;Results:&lt;/strong&gt;&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Concurrency&lt;/th&gt;
&lt;th&gt;Rounds&lt;/th&gt;
&lt;th&gt;wall avg&lt;/th&gt;
&lt;th&gt;wall min&lt;/th&gt;
&lt;th&gt;wall p95&lt;/th&gt;
&lt;th&gt;wall max&lt;/th&gt;
&lt;th&gt;per-rollback avg&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;1&lt;/td&gt;
&lt;td&gt;5&lt;/td&gt;
&lt;td&gt;90.0 ms&lt;/td&gt;
&lt;td&gt;82.0 ms&lt;/td&gt;
&lt;td&gt;98.3 ms&lt;/td&gt;
&lt;td&gt;98.3 ms&lt;/td&gt;
&lt;td&gt;90.0 ms&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;5&lt;/td&gt;
&lt;td&gt;5&lt;/td&gt;
&lt;td&gt;325.5 ms&lt;/td&gt;
&lt;td&gt;322.9 ms&lt;/td&gt;
&lt;td&gt;329.4 ms&lt;/td&gt;
&lt;td&gt;329.4 ms&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;65.1 ms&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;10&lt;/td&gt;
&lt;td&gt;5&lt;/td&gt;
&lt;td&gt;821.4 ms&lt;/td&gt;
&lt;td&gt;778.7 ms&lt;/td&gt;
&lt;td&gt;858.1 ms&lt;/td&gt;
&lt;td&gt;858.1 ms&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;82.1 ms&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;blockquote&gt;
&lt;p&gt;Single Rollback flow ~&lt;strong&gt;90 ms&lt;/strong&gt;; at 5-concurrent, batch wall ~&lt;strong&gt;326 ms&lt;/strong&gt;, per-rollback amortized drops to ~&lt;strong&gt;65 ms&lt;/strong&gt;; at 10-concurrent, batch wall ~&lt;strong&gt;821 ms&lt;/strong&gt;, amortized ~&lt;strong&gt;82 ms/rollback&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;Note: Because CubeSandbox requires sandboxes to roll back only to their own checkpoints, shared snapshots cannot be reused — each concurrent sandbox must independently complete the full "snapshot + rollback" flow.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;h3&gt;
  
  
  4.5 Clone
&lt;/h3&gt;

&lt;p&gt;&lt;strong&gt;How it works:&lt;/strong&gt; calls &lt;code&gt;POST /sandboxes/{id}/clone&lt;/code&gt; to fork N new sandboxes from a &lt;strong&gt;running&lt;/strong&gt; source sandbox, fully preserving the source's memory and filesystem state (including dirty pages).&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;Note:&lt;/strong&gt; disk files in this test were already in Page Cache; results exclude cold-read IO overhead.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;&lt;strong&gt;Run:&lt;/strong&gt; (script: &lt;a href="https://github.com/TencentCloud/CubeSandbox/blob/master/examples/snapshot-rollback-clone/bench_clone_concurrency.py" rel="noopener noreferrer"&gt;&lt;code&gt;bench_clone_concurrency.py&lt;/code&gt;&lt;/a&gt;)&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;&lt;span class="nb"&gt;cd &lt;/span&gt;examples/snapshot-rollback-clone
&lt;span class="nb"&gt;export &lt;/span&gt;&lt;span class="nv"&gt;E2B_API_URL&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;http://&amp;lt;your-server-ip&amp;gt;:3000
&lt;span class="nb"&gt;export &lt;/span&gt;&lt;span class="nv"&gt;E2B_API_KEY&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;e2b_000000
&lt;span class="nb"&gt;export &lt;/span&gt;&lt;span class="nv"&gt;CUBE_TEMPLATE_ID&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&amp;lt;your-template-id&amp;gt;

python bench_clone_concurrency.py &lt;span class="nt"&gt;-n&lt;/span&gt; 1  &lt;span class="nt"&gt;-c&lt;/span&gt; 1  &lt;span class="nt"&gt;--rounds&lt;/span&gt; 5
python bench_clone_concurrency.py &lt;span class="nt"&gt;-n&lt;/span&gt; 10 &lt;span class="nt"&gt;-c&lt;/span&gt; 5  &lt;span class="nt"&gt;--rounds&lt;/span&gt; 3 &lt;span class="nt"&gt;--no-header&lt;/span&gt;
python bench_clone_concurrency.py &lt;span class="nt"&gt;-n&lt;/span&gt; 20 &lt;span class="nt"&gt;-c&lt;/span&gt; 10 &lt;span class="nt"&gt;--rounds&lt;/span&gt; 3 &lt;span class="nt"&gt;--no-header&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;strong&gt;Results (source sandbox dirty pages ~10 MB):&lt;/strong&gt;&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Scenario&lt;/th&gt;
&lt;th&gt;n&lt;/th&gt;
&lt;th&gt;Concurrency&lt;/th&gt;
&lt;th&gt;Rounds&lt;/th&gt;
&lt;th&gt;wall avg&lt;/th&gt;
&lt;th&gt;wall min&lt;/th&gt;
&lt;th&gt;wall p95&lt;/th&gt;
&lt;th&gt;wall max&lt;/th&gt;
&lt;th&gt;per-clone avg&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;1 sandbox, 1-concurrent&lt;/td&gt;
&lt;td&gt;1&lt;/td&gt;
&lt;td&gt;1&lt;/td&gt;
&lt;td&gt;5&lt;/td&gt;
&lt;td&gt;270.6 ms&lt;/td&gt;
&lt;td&gt;260.8 ms&lt;/td&gt;
&lt;td&gt;280.5 ms&lt;/td&gt;
&lt;td&gt;280.5 ms&lt;/td&gt;
&lt;td&gt;270.6 ms&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;10 sandboxes, 5-concurrent&lt;/td&gt;
&lt;td&gt;10&lt;/td&gt;
&lt;td&gt;5&lt;/td&gt;
&lt;td&gt;3&lt;/td&gt;
&lt;td&gt;541.6 ms&lt;/td&gt;
&lt;td&gt;522.9 ms&lt;/td&gt;
&lt;td&gt;557.7 ms&lt;/td&gt;
&lt;td&gt;557.7 ms&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;54.2 ms&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;20 sandboxes, 10-concurrent&lt;/td&gt;
&lt;td&gt;20&lt;/td&gt;
&lt;td&gt;10&lt;/td&gt;
&lt;td&gt;3&lt;/td&gt;
&lt;td&gt;789.7 ms&lt;/td&gt;
&lt;td&gt;757.2 ms&lt;/td&gt;
&lt;td&gt;815.3 ms&lt;/td&gt;
&lt;td&gt;815.3 ms&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;39.5 ms&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;Single sandbox clone ~&lt;strong&gt;271 ms&lt;/strong&gt;; 10 sandboxes at 5-concurrent, batch wall ~&lt;strong&gt;542 ms&lt;/strong&gt;, per-clone amortized drops to ~&lt;strong&gt;54 ms&lt;/strong&gt;; 20 sandboxes at 10-concurrent, batch wall ~&lt;strong&gt;790 ms&lt;/strong&gt;, amortized further drops to ~&lt;strong&gt;40 ms/sandbox&lt;/strong&gt; — significant concurrency amortization.&lt;/p&gt;

&lt;h3&gt;
  
  
  4.6 Pause / Resume
&lt;/h3&gt;

&lt;p&gt;&lt;strong&gt;How it works:&lt;/strong&gt; Creates &lt;code&gt;concurrency&lt;/code&gt; sandboxes, pauses all of them concurrently via &lt;code&gt;POST /sandboxes/{id}/pause&lt;/code&gt;, then resumes all concurrently via &lt;code&gt;POST /sandboxes/{id}/resume&lt;/code&gt;. Records wall time and per-sandbox amortized latency for both operations.&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;⚠️ &lt;strong&gt;Current implementation note:&lt;/strong&gt; Pause currently uses &lt;strong&gt;full-memory-copy mode&lt;/strong&gt; — on pause, all anonymous memory pages of the sandbox are written to persistent storage. Latency scales linearly with sandbox memory size (~371 ms per sandbox at 2 GiB on PVM). A future release will upgrade to &lt;strong&gt;soft-dirty incremental mode&lt;/strong&gt;, which only saves pages dirtied since the last checkpoint. For an idle sandbox this is expected to reduce pause latency by &lt;strong&gt;80–90%&lt;/strong&gt; — significantly.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;&lt;strong&gt;Run:&lt;/strong&gt; (script: &lt;a href="https://github.com/TencentCloud/CubeSandbox/blob/master/examples/snapshot-rollback-clone/bench_pause_resume_concurrency.py" rel="noopener noreferrer"&gt;&lt;code&gt;bench_pause_resume_concurrency.py&lt;/code&gt;&lt;/a&gt;)&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;&lt;span class="nb"&gt;cd &lt;/span&gt;examples/snapshot-rollback-clone
&lt;span class="nb"&gt;export &lt;/span&gt;&lt;span class="nv"&gt;E2B_API_URL&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;http://&amp;lt;your-server-ip&amp;gt;:3000
&lt;span class="nb"&gt;export &lt;/span&gt;&lt;span class="nv"&gt;E2B_API_KEY&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;e2b_000000
&lt;span class="nb"&gt;export &lt;/span&gt;&lt;span class="nv"&gt;CUBE_TEMPLATE_ID&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&amp;lt;your-template-id&amp;gt;

python bench_pause_resume_concurrency.py &lt;span class="nt"&gt;-c&lt;/span&gt; 1  &lt;span class="nt"&gt;-n&lt;/span&gt; 5
python bench_pause_resume_concurrency.py &lt;span class="nt"&gt;-c&lt;/span&gt; 10 &lt;span class="nt"&gt;-n&lt;/span&gt; 5 &lt;span class="nt"&gt;--no-header&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;strong&gt;Pause results:&lt;/strong&gt;&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Concurrency&lt;/th&gt;
&lt;th&gt;Rounds&lt;/th&gt;
&lt;th&gt;wall avg&lt;/th&gt;
&lt;th&gt;wall min&lt;/th&gt;
&lt;th&gt;wall p95&lt;/th&gt;
&lt;th&gt;wall max&lt;/th&gt;
&lt;th&gt;per-pause avg&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;1&lt;/td&gt;
&lt;td&gt;5&lt;/td&gt;
&lt;td&gt;370.8 ms&lt;/td&gt;
&lt;td&gt;351.0 ms&lt;/td&gt;
&lt;td&gt;384.0 ms&lt;/td&gt;
&lt;td&gt;384.0 ms&lt;/td&gt;
&lt;td&gt;370.8 ms&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;10&lt;/td&gt;
&lt;td&gt;5&lt;/td&gt;
&lt;td&gt;1586.0 ms&lt;/td&gt;
&lt;td&gt;1529.5 ms&lt;/td&gt;
&lt;td&gt;1679.8 ms&lt;/td&gt;
&lt;td&gt;1679.8 ms&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;158.6 ms&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;&lt;strong&gt;Resume results:&lt;/strong&gt;&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Concurrency&lt;/th&gt;
&lt;th&gt;Rounds&lt;/th&gt;
&lt;th&gt;wall avg&lt;/th&gt;
&lt;th&gt;wall min&lt;/th&gt;
&lt;th&gt;wall p95&lt;/th&gt;
&lt;th&gt;wall max&lt;/th&gt;
&lt;th&gt;per-resume avg&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;1&lt;/td&gt;
&lt;td&gt;5&lt;/td&gt;
&lt;td&gt;18.9 ms&lt;/td&gt;
&lt;td&gt;9.5 ms&lt;/td&gt;
&lt;td&gt;32.8 ms&lt;/td&gt;
&lt;td&gt;32.8 ms&lt;/td&gt;
&lt;td&gt;18.9 ms&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;10&lt;/td&gt;
&lt;td&gt;5&lt;/td&gt;
&lt;td&gt;26.6 ms&lt;/td&gt;
&lt;td&gt;19.3 ms&lt;/td&gt;
&lt;td&gt;39.9 ms&lt;/td&gt;
&lt;td&gt;39.9 ms&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;2.7 ms&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;&lt;strong&gt;Key findings:&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Resume is extremely fast with excellent concurrency scaling:&lt;/strong&gt; single resume ~19 ms; at 10-concurrent, per-resume amortized just &lt;strong&gt;2.7 ms/sandbox&lt;/strong&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Pause is the current bottleneck:&lt;/strong&gt; in full-copy mode, single pause ~371 ms, 10-concurrent per-pause amortized &lt;strong&gt;158.6 ms/sandbox&lt;/strong&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;After soft-dirty mode lands:&lt;/strong&gt; pause latency is expected to drop significantly, with 10-concurrent per-pause falling into single-digit milliseconds&lt;/li&gt;
&lt;/ul&gt;

&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;full-copy → soft-dirty optimization:&lt;/strong&gt; The current full-copy mode writes up to 2 GiB of VM anonymous memory to disk on every pause, creating high IO pressure. The soft-dirty incremental mode tracks dirty pages via &lt;code&gt;/proc/PID/clear_refs&lt;/code&gt; since the last checkpoint; pause only writes actually modified pages (typically a few MB for an idle sandbox), reducing pause latency by &lt;strong&gt;80–90%&lt;/strong&gt; and significantly increasing high-concurrency throughput.&lt;/p&gt;
&lt;/blockquote&gt;




&lt;h2&gt;
  
  
  Appendix: Benchmark Script Index
&lt;/h2&gt;

&lt;p&gt;All benchmark scripts used in this post are located in the repository directories:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;&lt;a href="https://github.com/TencentCloud/CubeSandbox/tree/master/examples/cube-bench" rel="noopener noreferrer"&gt;&lt;code&gt;examples/cube-bench/&lt;/code&gt;&lt;/a&gt;&lt;/strong&gt; — Template-based concurrent creation benchmark tool (Go)&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;&lt;a href="https://github.com/TencentCloud/CubeSandbox/tree/master/examples/snapshot-rollback-clone" rel="noopener noreferrer"&gt;&lt;code&gt;examples/snapshot-rollback-clone/&lt;/code&gt;&lt;/a&gt;&lt;/strong&gt; — Snapshot / Rollback / Clone / Pause-Resume Python scripts&lt;/li&gt;
&lt;/ul&gt;

</description>
      <category>agents</category>
      <category>ai</category>
      <category>infrastructure</category>
      <category>performance</category>
    </item>
    <item>
      <title>Cube Sandbox is Now Open Source: Why We Built a Fast and Secure Sandbox for AI Agents？</title>
      <dc:creator>JerryLin</dc:creator>
      <pubDate>Thu, 30 Apr 2026 19:26:15 +0000</pubDate>
      <link>https://dev.to/jerrylin_0101/cube-sandbox-is-now-open-source-why-we-built-a-fast-and-secure-sandbox-for-ai-agents-d4k</link>
      <guid>https://dev.to/jerrylin_0101/cube-sandbox-is-now-open-source-why-we-built-a-fast-and-secure-sandbox-for-ai-agents-d4k</guid>
      <description>&lt;p&gt;With the rapid advancement of LLM capabilities, AI Agent applications are experiencing explosive growth. Recently, Anthropic unveiled its latest Managed Agent architecture, which completely decouples Agents into three core components: Session, Harness, and Sandbox. This confirms a key industry consensus: the best practice for supporting complex tool calls and code execution in Agents is to isolate them in a fully independent sandbox environment.&lt;/p&gt;

&lt;p&gt;However, as the critical component in the Agent architecture that carries code execution, a Sandbox must simultaneously meet two extremely demanding requirements: &lt;strong&gt;impenetrable security isolation&lt;/strong&gt; and &lt;strong&gt;extreme concurrent elasticity for "spin up and tear down on demand"&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;Existing infrastructure faces a severe trade-off:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;&lt;p&gt;&lt;strong&gt;Containers&lt;/strong&gt;: Fast startup, high concurrency, but the shared kernel mechanism cannot defend against malicious code escapes generated by LLMs, resulting in extremely poor multi-tenant security.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;&lt;strong&gt;Traditional Virtual Machines&lt;/strong&gt;: Hardware-level isolation is secure enough, but heavy OS overhead leads to minute-level cold starts and hundreds of MB memory usage, making them completely unsuitable for the transient, high-density scheduling demands of Agents.&lt;/p&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;To break this boundary between performance and security, we have built a high-performance open-source secure sandbox service from scratch based on RustVMM and KVM — &lt;strong&gt;Cube Sandbox&lt;/strong&gt;. Today, the project is fully open-sourced on GitHub:&lt;/p&gt;

&lt;p&gt;&lt;a href="https://github.com/TencentCloud/CubeSandbox" rel="noopener noreferrer"&gt;GitHub - TencentCloud/CubeSandbox: Instant, Concurrent, Secure &amp;amp; Lightweight Sandbox for AI Agents.&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  What is CubeSandbox?
&lt;/h2&gt;

&lt;p&gt;Cube Sandbox is a high-performance, out-of-the-box secure sandbox service built on RustVMM and KVM. It supports both single-machine deployment and easy scaling to multi-machine cluster services. It is also the industry’s first open-source sandbox service that combines hardware-level isolation with sub-100ms startup.&lt;/p&gt;

&lt;p&gt;Instead of wrapping Docker with an extra layer, we developed Cube Sandbox based on CloudHypervisor. Through a series of innovations and tests, we have outperformed traditional industry solutions in multiple dimensions. A brief comparison is shown below:&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Metric&lt;/th&gt;
&lt;th&gt;Data&lt;/th&gt;
&lt;th&gt;What it means&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Cold Start&lt;/td&gt;
&lt;td&gt;&amp;lt;60ms&lt;/td&gt;
&lt;td&gt;2.5–50x faster than traditional solutions, faster than a blink of an eye&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Memory per Instance&lt;/td&gt;
&lt;td&gt;&amp;lt;5MB&lt;/td&gt;
&lt;td&gt;6x lower overhead than traditional solutions&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Isolation Level&lt;/td&gt;
&lt;td&gt;KVM Hardware-level&lt;/td&gt;
&lt;td&gt;Each sandbox has an independent Guest OS kernel, not sharing the host kernel&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Concurrency Capacity&lt;/td&gt;
&lt;td&gt;2000+ per machine&lt;/td&gt;
&lt;td&gt;P95 remains within 137ms for 50 concurrent creations&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;E2B Compatibility&lt;/td&gt;
&lt;td&gt;Native support&lt;/td&gt;
&lt;td&gt;No business code changes required; just change one environment variable; OpenAI Python SDK also works seamlessly&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Deployment Scenarios&lt;/td&gt;
&lt;td&gt;Single-machine &amp;amp; Cluster&lt;/td&gt;
&lt;td&gt;Can be experienced on a single machine as a personal Agent assistant, or easily scaled into a high-concurrency cluster service&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Faka.doubaocdn.com%2Fs%2FXdrT1wL2wM" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Faka.doubaocdn.com%2Fs%2FXdrT1wL2wM" alt="Cold Start Comparison" width="1092" height="780"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Faka.doubaocdn.com%2Fs%2FpUnE1wL2wM" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Faka.doubaocdn.com%2Fs%2FpUnE1wL2wM" alt="Memory Overhead Comparison" width="1084" height="780"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  Technical Principles: How to Achieve Speed, Lightweight, and Security?
&lt;/h2&gt;

&lt;p&gt;Cube Sandbox follows a clear top-down layered architecture, divided into control plane and data plane. The core components are as follows:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;&lt;p&gt;&lt;strong&gt;CubeAPI&lt;/strong&gt;: E2B-compatible REST API gateway. Switching from E2B Cloud to Cube Sandbox only requires changing environment variables such as URL.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;&lt;strong&gt;CubeMaster&lt;/strong&gt;: Orchestration scheduler that receives E2B API requests and distributes them to corresponding Cubelets, responsible for resource scheduling and cluster state maintenance.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;&lt;strong&gt;CubeProxy&lt;/strong&gt;: Reverse proxy and request routing component that forwards requests from SDK clients to corresponding sandbox instances by parsing the &lt;code&gt;&amp;lt;port&amp;gt;-&amp;lt;sandbox_id&amp;gt;.&amp;lt;domain&amp;gt;&lt;/code&gt; format in the Host header.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;&lt;strong&gt;Cubelet&lt;/strong&gt;: Local scheduling component on compute nodes that manages the full lifecycle of all sandbox instances on a single node.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;&lt;strong&gt;CubeVS&lt;/strong&gt;: Kernel-level forwarding based on eBPF, providing complete network isolation mechanisms and security policy support at the network layer.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;&lt;strong&gt;CubeHypervisor &amp;amp; CubeShim&lt;/strong&gt;: Virtualization layer of Cube Sandbox. CubeHypervisor manages KVM MicroVMs, and CubeShim implements the containerd Shim v2 interface to integrate sandboxes into the container runtime.&lt;/p&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Faka.doubaocdn.com%2Fs%2F4U2A1wL2wM" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Faka.doubaocdn.com%2Fs%2F4U2A1wL2wM" alt="Cube Sandbox Layered Architecture" width="1238" height="826"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;em&gt;Cube Sandbox Layered Architecture Diagram&lt;/em&gt;&lt;/p&gt;

&lt;p&gt;Here are some core technical points in our self-developed Cube Sandbox:&lt;/p&gt;

&lt;h3&gt;
  
  
  1) Self-developed Lightweight VMM (CubeVM)
&lt;/h3&gt;

&lt;p&gt;This is the core of the entire project. Instead of directly using Firecracker (AWS open-source MicroVM), we implemented a VMM from scratch in Rust, optimized specifically for AI Agent scenarios.&lt;/p&gt;

&lt;p&gt;Why build our own? Because Firecracker is a general-purpose MicroVM, and its startup process includes many steps unnecessary for Agent sandbox scenarios. We performed full-link tailoring and optimization for this scenario:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;&lt;p&gt;&lt;strong&gt;Minimized device model&lt;/strong&gt;: Only retain virtual devices essential for sandbox scenarios (virtio-net, virtio-blk, serial), removing all unnecessary peripheral simulations.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;&lt;strong&gt;Customized Guest Kernel&lt;/strong&gt;: A tailored Linux kernel that retains only the minimal feature set required for Agent execution, drastically shortening the kernel boot path.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;&lt;strong&gt;User-space interrupt handling&lt;/strong&gt;: Critical I/O paths are completed in user space, reducing kernel-mode switching overhead.&lt;/p&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  2) Resource Pool Pre-creation + Snapshot Cloning (Key to &amp;lt;60ms Cold Start)
&lt;/h3&gt;

&lt;p&gt;Fast cold start is not achieved by “the VM itself starting quickly” (which only reaches hundreds of milliseconds), but through a complete resource pool + snapshot mechanism:&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Faka.doubaocdn.com%2Fs%2FPC6w1wL2wM" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Faka.doubaocdn.com%2Fs%2FPC6w1wL2wM" alt="Snapshot Cloning Mechanism" width="2040" height="816"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Specifically:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;&lt;p&gt;&lt;strong&gt;Resource pool pre-creation&lt;/strong&gt;: A batch of already started “blank sandboxes” are maintained in the background. When a request arrives, it is directly taken from the pool, skipping the entire startup process.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;&lt;strong&gt;Snapshot cloning&lt;/strong&gt;: Based on Copy-on-Write (CoW) technology, new instances are cloned instantly from a template sandbox. Memory pages are allocated physical memory only when actually written.&lt;/p&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;This is why a single instance uses &amp;lt;5MB memory: most memory pages are shared with the template (read-only), and only pages actually written during Agent execution occupy additional memory.&lt;/p&gt;

&lt;h3&gt;
  
  
  3) Network Isolation and Security Control
&lt;/h3&gt;

&lt;p&gt;Security is not just VM isolation; the network layer is also critical:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;&lt;p&gt;Each sandbox has an independent virtual network stack.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Kernel-level outbound traffic filtering is implemented based on eBPF, allowing fine-grained control over which external addresses each sandbox can access.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Supports dynamic delivery and updating of network policies without restarting the sandbox.&lt;/p&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  4) E2B Protocol Compatibility
&lt;/h3&gt;

&lt;p&gt;E2B is currently the de facto standard protocol in the AI Agent sandbox field, used by products such as Manus, Perplexity, and Hugging Face. We natively compatible with the E2B protocol at the API layer, which means:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;&lt;p&gt;Projects already using the E2B SDK only need to change the endpoint to the CubeSandbox address, with no other code changes.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;No need to learn a new SDK or modify business logic.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;It provides an “open-source alternative” to E2B: better performance, fully open-source, and self-hostable.&lt;/p&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Currently, Cube Sandbox is continuously expanding its ecosystem capabilities and building compatibility and integration solutions with mainstream Agent frameworks and the open-source community.&lt;/p&gt;

&lt;p&gt;Event-level snapshot rollback capability is also coming soon — sub-100ms state rollback, providing additional protection for the unpredictable behavior of Agents.&lt;/p&gt;

&lt;p&gt;For detailed technical principles, please refer to: &lt;a href="https://km.woa.com/articles/show/657197" rel="noopener noreferrer"&gt;https://km.woa.com/articles/show/657197&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  Case Studies
&lt;/h2&gt;

&lt;p&gt;At present, Cube Sandbox has been verified by large-scale real workloads in Tencent Cloud’s internal production environments and external customers — it has supported tens of billions of calls, powering stable operation of hundreds-of-millions user products such as Tencent Yuanbao. In more complex scenarios, it has also enabled a leading domestic model application vendor to schedule hundreds of thousands of sandbox instances in minutes under Agentic RL training, effectively solving pain points such as malicious code execution, data leakage, and resource abuse caused by Agent autonomy. Here are several typical cases:&lt;/p&gt;

&lt;h3&gt;
  
  
  Case 1: Leading Domestic Model Application — Leap in Code Execution Experience
&lt;/h3&gt;

&lt;p&gt;&lt;strong&gt;Pain Point&lt;/strong&gt;: AI Agents need to execute code in real time and return results. Traditional solutions either use Docker (shared kernel, high security risks) or VMs (startup takes seconds, users wait). Moreover, sandboxes are not recycled in time after code execution, leading to serious resource waste during peak hours.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;After accessing CubeSandbox&lt;/strong&gt;: Each request is assigned an independent micro virtual machine with hardware-level isolation, maximizing security. Resource pool pre-creation + snapshot cloning reduce sandbox delivery to &amp;lt;60ms, and code running latency drops from seconds to hundreds of milliseconds — users feel “Agent responds instantly”. Meanwhile, on-demand creation and immediate destruction reduce resource usage by 95%.&lt;/p&gt;

&lt;h3&gt;
  
  
  Case 2: Leading Domestic Model Vendor — Qualitative Leap in RL Training Efficiency
&lt;/h3&gt;

&lt;p&gt;&lt;strong&gt;Pain Point&lt;/strong&gt;: Agentic RL training requires massive sandboxes for code execution experiments — each episode needs an independent isolated environment, which is destroyed and recreated after running. Traditional solutions are extremely slow to spin up training sandboxes; the cumulative waiting time for thousands of episodes is huge, causing massive GPU computing power idling.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;After accessing CubeSandbox&lt;/strong&gt;: &amp;lt;5MB memory per instance increases single-machine concurrency by dozens of times, and &amp;lt;60ms startup ensures almost zero waiting between episodes. Training sandboxes that previously took 30 minutes to spin up are now ready in 1 minute, greatly improving training efficiency. Each episode runs in a clean independent environment, eliminating the risk of residual files contaminating training results.&lt;/p&gt;

&lt;h3&gt;
  
  
  Case 3: Secure Agent Tool Invocation
&lt;/h3&gt;

&lt;p&gt;&lt;strong&gt;Pain Point&lt;/strong&gt;: In addition to running code, Agents also need to call various external APIs, search, and perform file operations. Preventing data leakage and unauthorized access is a critical security red line in enterprise scenarios.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;CubeSandbox Solution&lt;/strong&gt;: Each sandbox has an independent network stack, with no external network access by default. Fine-grained outbound whitelists are implemented through eBPF kernel-level traffic control — only domains required for business are allowed, others are blocked. Policies can be dynamically delivered without restarting sandboxes, and all outbound requests are fully auditable and traceable.&lt;/p&gt;

&lt;h2&gt;
  
  
  How to Deploy and Experience
&lt;/h2&gt;

&lt;h3&gt;
  
  
  Environment Requirements:
&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;&lt;p&gt;Linux system (KVM support required)&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Recommended: OpenCloudOS 9&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Hardware must support virtualization&lt;/p&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  Deployment Process:
&lt;/h3&gt;

&lt;p&gt;We have simplified the deployment process to 4 steps, and users can achieve faster access and deployment through one-click deployment scripts:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;strong&gt;Start development VM&lt;/strong&gt; (skip if you already have an x86_64 bare-metal Linux server)&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;Clone the repository and start a disposable OpenCloudOS 9 development VM:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;git clone https://github.com/tencentcloud/CubeSandbox.git

&lt;span class="nb"&gt;cd &lt;/span&gt;CubeSandbox/dev-env

./prepare&lt;span class="se"&gt;\_&lt;/span&gt;image.sh

./run&lt;span class="se"&gt;\_&lt;/span&gt;vm.sh
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Open a new terminal:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;&lt;span class="nb"&gt;cd &lt;/span&gt;CubeSandbox/dev-env &lt;span class="o"&gt;&amp;amp;&amp;amp;&lt;/span&gt; ./login.sh
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;ol&gt;
&lt;li&gt;&lt;strong&gt;Start Cube Sandbox Service&lt;/strong&gt;&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;Execute inside the logged-in VM:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;curl &lt;span class="nt"&gt;-sL&lt;/span&gt; https://cnb.cool/CubeSandbox/CubeSandbox/-/git/raw/master/deploy/one-click/online-install.sh | &lt;span class="nv"&gt;MIRROR&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;cn bash
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;ol&gt;
&lt;li&gt;&lt;strong&gt;Create Code Interpreter Sandbox Template&lt;/strong&gt;&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;After installation, create a code interpreter template using the pre-built image:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;cubemastercli tpl create-from-image &lt;span class="se"&gt;\\&lt;/span&gt;

&amp;amp;#x20&lt;span class="p"&gt;;&lt;/span&gt; &lt;span class="se"&gt;\-&lt;/span&gt;&lt;span class="nt"&gt;-image&lt;/span&gt; ccr.ccs.tencentyun.com/ags-image/sandbox-code:latest &lt;span class="se"&gt;\\&lt;/span&gt;

&amp;amp;#x20&lt;span class="p"&gt;;&lt;/span&gt; &lt;span class="se"&gt;\-&lt;/span&gt;&lt;span class="nt"&gt;-writable-layer-size&lt;/span&gt; 1G &lt;span class="se"&gt;\\&lt;/span&gt;

&amp;amp;#x20&lt;span class="p"&gt;;&lt;/span&gt; &lt;span class="se"&gt;\-&lt;/span&gt;&lt;span class="nt"&gt;-expose-port&lt;/span&gt; 49999 &lt;span class="se"&gt;\\&lt;/span&gt;

&amp;amp;#x20&lt;span class="p"&gt;;&lt;/span&gt; &lt;span class="se"&gt;\-&lt;/span&gt;&lt;span class="nt"&gt;-expose-port&lt;/span&gt; 49983 &lt;span class="se"&gt;\\&lt;/span&gt;

&amp;amp;#x20&lt;span class="p"&gt;;&lt;/span&gt; &lt;span class="se"&gt;\-&lt;/span&gt;&lt;span class="nt"&gt;-probe&lt;/span&gt; 49999
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Wait for the command to complete, and the template status will become READY. Record the template_id from the output for the next step.&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;&lt;strong&gt;Run Your First Agent Code&lt;/strong&gt;&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;Install Python SDK:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;yum &lt;span class="nb"&gt;install&lt;/span&gt; &lt;span class="nt"&gt;-y&lt;/span&gt; python3 python3-pip

pip config &lt;span class="nb"&gt;set &lt;/span&gt;global.index-url https://mirrors.ustc.edu.cn/pypi/simple

pip &lt;span class="nb"&gt;install &lt;/span&gt;e2b-code-interpreter
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Set environment variables:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;&lt;span class="nb"&gt;export &lt;/span&gt;E2B&lt;span class="se"&gt;\_&lt;/span&gt;API&lt;span class="se"&gt;\_&lt;/span&gt;&lt;span class="nv"&gt;URL&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="s2"&gt;"http://127.0.0.1:3000"&lt;/span&gt;

&lt;span class="nb"&gt;export &lt;/span&gt;E2B&lt;span class="se"&gt;\_&lt;/span&gt;API&lt;span class="se"&gt;\_&lt;/span&gt;&lt;span class="nv"&gt;KEY&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="s2"&gt;"dummy"&lt;/span&gt;

&lt;span class="nb"&gt;export &lt;/span&gt;CUBE&lt;span class="se"&gt;\_&lt;/span&gt;TEMPLATE&lt;span class="se"&gt;\_&lt;/span&gt;&lt;span class="nv"&gt;ID&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="s2"&gt;"&lt;/span&gt;&lt;span class="se"&gt;\&amp;lt;&lt;/span&gt;&lt;span class="s2"&gt;your-template-id&amp;gt;"&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Run code in an isolated sandbox:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight python"&gt;&lt;code&gt;&lt;span class="kn"&gt;import&lt;/span&gt; &lt;span class="n"&gt;os&lt;/span&gt;

&lt;span class="k"&gt;from&lt;/span&gt; &lt;span class="n"&gt;e2b&lt;/span&gt;\&lt;span class="n"&gt;_code&lt;/span&gt;\&lt;span class="n"&gt;_interpreter&lt;/span&gt; &lt;span class="kn"&gt;import&lt;/span&gt; &lt;span class="n"&gt;Sandbox&lt;/span&gt;

&lt;span class="k"&gt;with&lt;/span&gt; &lt;span class="n"&gt;Sandbox&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;create&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;template&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="n"&gt;os&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="n"&gt;environ&lt;/span&gt;\&lt;span class="p"&gt;[&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;CUBE\_TEMPLATE\_ID&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;])&lt;/span&gt; &lt;span class="k"&gt;as&lt;/span&gt; &lt;span class="n"&gt;sandbox&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;

&lt;span class="o"&gt;&amp;amp;&lt;/span&gt;&lt;span class="c1"&gt;#x20;   result = sandbox.run\_code("print('Hello from Cube Sandbox, safely isolated!')")
&lt;/span&gt;
&lt;span class="o"&gt;&amp;amp;&lt;/span&gt;&lt;span class="c1"&gt;#x20;   print(result)
&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;For more variable descriptions and examples, see Quick Start — Step 4.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fp26-flow-sign.byteimg.com%2Ftos-cn-i-ik7evvg4ik%2Frc%2Fpc%2Fsuper_tool%2F913eaa39760f4de0880b400849a2adcc.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fp26-flow-sign.byteimg.com%2Ftos-cn-i-ik7evvg4ik%2Frc%2Fpc%2Fsuper_tool%2F913eaa39760f4de0880b400849a2adcc.png" alt="Millisecond-level Startup Demo" width="800" height="400"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;em&gt;Millisecond-level Startup&lt;/em&gt;&lt;/p&gt;

&lt;p&gt;Want to explore more? Check out the &lt;code&gt;examples/&lt;/code&gt; directory, covering code execution, Shell commands, file operations, browser automation, network policies, pause/resume, OpenClaw integration, RL training, and other scenarios.&lt;/p&gt;

&lt;p&gt;💡 &lt;strong&gt;Special Recommendation&lt;/strong&gt;: Cube Sandbox has been perfectly adapted to OpenCloudOS 9 (OC9). We strongly recommend internal colleagues to build an ultra-fast, secure Agent execution environment based on the native OC9 + Cube combination.&lt;/p&gt;

&lt;h2&gt;
  
  
  Conclusion &amp;amp; Invitation to Collaborate
&lt;/h2&gt;

&lt;p&gt;We open-source Cube Sandbox completely because we firmly believe: in the era of intelligent agents, high-performance, high-security underlying infrastructure should not be monopolized by closed-source commercial APIs — it should become an open, self-hostable industry cornerstone.&lt;/p&gt;

&lt;p&gt;The project has just been released and is still in the early stage of rapid iteration. We sincerely welcome internal architects, R&amp;amp;D colleagues, and product colleagues to check out our code, put forward suggestions, share ideas, and build together with us.&lt;/p&gt;

&lt;p&gt;👉 &lt;strong&gt;GitHub Open Source Repository&lt;/strong&gt;: &lt;a href="https://github.com/TencentCloud/CubeSandbox" rel="noopener noreferrer"&gt;GitHub - TencentCloud/CubeSandbox&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;👉 &lt;strong&gt;Quick Start Guide&lt;/strong&gt;: &lt;a href="https://github.com/TencentCloud/CubeSandbox/blob/master/docs/zh/guide/quickstart.md" rel="noopener noreferrer"&gt;CubeSandbox/docs/zh/guide/quickstart.md&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;If this project inspires or helps your business, please light up a Star 🌟 on GitHub! If you have any Bug feedback or Feature requests during experience or integration, welcome to join our internal WeChat group below for feedback and communication, or submit Issue/PR in the repository. Let’s build the underlying secure cockpit foundation for the intelligent agent era together!&lt;/p&gt;

</description>
      <category>ai</category>
    </item>
  </channel>
</rss>
