Sandboxing

Tasks execute in signed, ephemeral containers on provider machines. No shared state between tenants. No network access except to our task gateway.

• Per-task container lifecycle — spawned, executed, destroyed
• Filesystem isolated to a tmpfs scratch dir
• Outbound network blocked by default; allowlist per-job
• Zero logs retained by default; opt-in retention for debugging