iii-sandbox

vCPU count; daemon/image default applies when omitted.

`"K=V"` entries injected into the VM's environment.

Auto-stop the VM after this many seconds of inactivity; daemon default applies when omitted.

Catalog name of the image to boot. Bundled presets are `"python"` and `"node"`; pass either string verbatim. The only other accepted values are the literal keys of `sandbox.custom_images` in `iii.config.yaml` — set by the operator. Do NOT pass an OCI ref like `"ghcr.io/iii-hq/node:latest"` or `"docker.io/library/node:20"` unless that exact string is the catalog key. Unknown values return S100 with the allowed set in the error message.

Memory cap in MiB; daemon/image default applies when omitted.

Human label surfaced by `sandbox::list`; not an identifier.

Whether the VM gets outbound networking; daemon default when omitted.

Argv tail passed to `cmd` (each entry is one argv slot).

The binary to execute as a single string — NOT a shell line. `"node"` is correct; `"node -v"` is not (put `-v` in `args`). `handle_exec` rejects values containing whitespace with S001. Shell metacharacters (`;`, `|`, `&&`, `>`, etc.) in `cmd` are not interpreted — the runner spawns `cmd` literally. Use a wrapper script inside the VM if you need shell behavior.

`"K=V"` entries (NOT a map) added to the child's environment.

UUID returned by `sandbox::create`.

Base64-encoded bytes piped to the child's stdin.

Kill-after window in ms; daemon default applies when omitted.

Working directory inside the sandbox; image default when omitted.

Block until the VM is fully reaped before returning.