Demos
One capability each. One command to prove it.
Every demo drives the public SDK against a live control plane, asserts its security claim off the immutable audit log, and writes an evidence bundle. Each runs on a laptop against the in-process simulator for smoke, and is recorded on the backend it actually proves.
The seven demos
Pick a guarantee. Watch it hold.
Each card is a self-contained demo with its own driver and page. The badges name the backend the recording runs on.
The secret the code never holds
The external-service secret lives in the control plane and is injected at the egress-proxy boundary — it never enters the sandbox.
View demo →Five hostile workloads. Five sandboxes. Zero escapes.
Four hostile workloads contained, one clean run returns — each in its own ephemeral, isolated session. The anatomy of a run.
View demo →No network card. None.
A Firecracker microVM with no network device at all — stronger than --network none. Default-deny egress; the metadata IP attempt is denied.
View demo →Same workload. Three kernels. One verdict.
The same hostile workload yields the same security verdict on Docker, gVisor/K8s, and Firecracker. Pick the isolation tech; the contract holds.
View demo →A stateful session you can pull the plug on
A warm session takes multiple exec turns sharing one kernel namespace, bounded by an idle-TTL, and reaped to nothing when it goes idle.
View demo →Clone the private repo. Never see its key.
Shallow-clone a private repo with a brokered, withheld git credential mounted only on the init-container — the workload hunts for the token and finds nothing.
View demo →Fan out many. Isolate each. Aggregate one.
Submit N workloads as one fleet; they fan out through the admission queue in waves, each isolated, with one hostile member contained and the aggregate summed over the clean shards.
View demo →