COMPUTE
Every agent run gets a fresh, isolated sandbox. Provisioned in under a second, destroyed when the run ends. Kernel-level memory isolation. Zero shared state between runs.
Book a Demo<1s
SANDBOX STARTUP
ZERO
BLAST RADIUS
// SIX_PRIMITIVES
SIX ISOLATION PRIMITIVES.
Each primitive is enforced at the hypervisor level. Together they make the failure modes of shared AI infrastructure architecturally impossible.
sb_8a2f
pipeline-bot / 512 MB
sb_3c9e
churn-analyzer / 256 MB
sb_f14b
lead-scorer / 512 MB
sb_9d2a
report-bot / 256 MB
Just-in-Time Provisioning
> A fresh, fully isolated sandbox is provisioned in under one second for every agent run — on demand, with no pre-warming and no shared state from previous runs. Each sandbox has its own filesystem, network scope, and process tree. No contamination risk, no cold-start penalty.
Complete Memory Isolation
> Each run's memory is fully isolated at the kernel level. No data leakage between runs, agents, teams, or users — not as a policy, but as a hardware-enforced architectural guarantee. Agent A cannot read Agent B's data even when both run simultaneously on the same physical host.
Runtime Secret Injection
> API keys, database passwords, and service credentials are injected into the sandbox at runtime — in memory only, never written to disk, never stored in agent code, never in logs. When the sandbox is destroyed at run completion, the credentials are gone with it.
Hard Timeouts & Resource Caps
> Every sandbox has hard CPU, memory, and wall-clock time limits enforced at the hypervisor level — not soft guidelines in application code, but kernel-enforced boundaries. An agent stuck in an infinite loop or calling a slow external API indefinitely is hard-stopped and torn down immediately.
run_8a2f
pipeline-bot / teardown in <50ms
run_3c9e
churn-analyzer / teardown in <50ms
run_9d2a
lead-scorer / teardown in <50ms
run_4b1c
report-bot / teardown in <50ms
Auto-Teardown on Completion
> The moment a run completes — whether successfully, failed, or timed out — teardown begins immediately. The process tree is destroyed. Memory pages are zeroed. Credentials are revoked. File handles are closed. The sandbox ceases to exist in under 50ms. Zero idle infrastructure between runs.
C:\sandbox> python3 analysis.py
Loading data... OK
Code Execution Safety
> When agents generate and execute code, that code runs inside the sandbox — not on shared infrastructure. No network access beyond explicitly approved endpoints. No filesystem writes outside the sandbox. No access to the host or other sandboxes. Arbitrary code execution is fully contained by design.
// LIFECYCLE TOUR
EVERY RUN. SAME FOUR PHASES.
The Compute lifecycle is deterministic. Every agent run — whether triggered by Copilot, Console, or Cockpit — follows the same four-phase lifecycle.
PROVISIONING
A fresh, isolated sandbox is provisioned in under one second. Memory is allocated. Network scope is defined. Credentials are injected at runtime. No shared state from previous runs, no pre-warmed pools, no contamination risk.
EXECUTING
The agent runs inside the sandbox. It can call tools, generate code, access the web, and read approved data — all within the exact scope set by Cockpit policies. Every action is traced. Resource caps are enforced at the hypervisor level.
TEARDOWN
When the run completes (successfully, failed, or timed out), teardown begins immediately. The process tree is destroyed. Memory pages are zeroed. Credentials are revoked. No lingering processes, no file leaks, no persistent state.
COMPLETE
The trace is committed to the audit log. The output is returned to the caller — Copilot shows it in the Canvas, Console surfaces it in the trace view, Cockpit logs it for compliance. Persistence is exactly what you asked for, nothing more.
// USE_CASES
WHY ISOLATION MATTERS.
Each primitive addresses a distinct failure mode. These are the risks Compute makes architecturally impossible.
100 concurrent runs, zero cold-start delay
A batch trigger fires 100 agent runs simultaneously. On pre-warmed shared infra, the first runs monopolize warm slots. With Compute's JIT model, all 100 provision fresh sandboxes in under a second — no queuing, no cold-start tax.
- Sub-second provisioning regardless of concurrency
- No shared pool — no queue, no cold-start
- Scales to thousands of concurrent runs
Proving Agent A cannot read Agent B's data
A regulator asks for proof that concurrent agent runs processing different customers' data cannot share memory. Compute's kernel-level isolation makes this architecturally impossible — provable by design, not just policy.
- Kernel-level isolation — not just process separation
- Architecturally impossible, not just policy-controlled
- Audit evidence for regulatory compliance
API keys injected, never stored
Traditional approaches store API keys in environment variables or config files — a persistent attack surface. Compute injects credentials at runtime, in memory only. When the sandbox is destroyed, the credentials are gone with it.
- Runtime injection — never written to disk
- Zero persistent credential exposure
- Auto-revoked on sandbox teardown
A rogue agent can never exhaust shared infra
An agent stuck in an infinite loop or calling a slow external API indefinitely would starve other runs on shared infra. Compute's hypervisor-level timeouts and resource caps hard-stop any run that exceeds its bounds.
- Hypervisor-enforced — not app-level limits
- Hard wall-clock timeout per run
- Other runs unaffected by a single rogue agent
Zero idle infrastructure cost between runs
On always-on infra, idle compute between runs costs money 24/7. Compute destroys sandboxes in <50ms after run completion. Zero idle time, zero idle cost — infrastructure spend proportional to actual agent usage.
- Sandbox destroyed in <50ms on completion
- Zero idle infra between runs
- Cost exactly proportional to actual usage
Agent-generated code can't touch production
An agent generates and executes code to process a data file. On shared infra, that code could write to the filesystem or open network connections. Inside Compute's sandbox, it can do none of those things.
- No host network access — only approved endpoints
- No filesystem writes outside sandbox boundary
- Arbitrary code execution fully contained
// FULL SPEC
EVERYTHING COMPUTE GUARANTEES.
Sandboxes provisioned in under one second, on demand. No pre-warming, no shared pool. Every run gets a fresh environment the moment it starts.
Kernel-level isolation. No cross-contamination between runs, users, or agents. Architecturally impossible to read memory from another run.
API keys and credentials injected at runtime. Never written to disk. Revoked automatically when the sandbox is destroyed.
Every run has a wall-clock timeout. Hypervisor-enforced CPU and memory caps. Runaway agents cannot consume unbounded resources.
Sandbox destroyed immediately on run completion: success, failure, or timeout. No lingering processes, no file leaks, zero persistent state.
Agents that generate and run code do so inside the sandbox, not on shared infra. Arbitrary code execution is fully contained. Production is never at risk.
// THE PLATFORM
COMPUTE RUNS UNDER EVERYTHING.
Every agent run in every product executes on Compute. It is the foundation layer that makes AlchemiStudio safe, predictable, and auditable at any scale.
Cockpit policies are applied before a Compute sandbox is provisioned. Governance is the first gate every run must pass.
See Cockpit →Console API calls and agent runs all execute inside Compute sandboxes. Developers trace every run, see every resource usage.
See Console →Every Copilot workflow step executes in isolation on Compute. Business teams get safety guarantees they never have to think about.
See Copilot →