The sandbox control plane stores tenant-owned definitions, immutable versions, approvals, runs, minimized observations, and audit events. Actual execution is disabled by default and uses a dedicated worker.
Sandbox availability requires an operator-completed provider conformance gate, immutable runtime digests, a healthy dedicated worker, and the relevant deployment switches. Do not weaken the profile when the provider is unavailable.

Safe lifecycle

Each run requires an idempotency key. Retrying admission with the same key converges on the same durable run rather than creating duplicate execution.

Credentials

Register test credentials through the credential-management API with a key carrying the independent credentials scope. Lucim stores encrypted secret material in the control plane and returns policy metadata only. Approved credential bindings constrain origin, method, path, scope, and use count. A one-use HTTPS broker grant lets the sandbox perform only the approved request. Provider credentials never enter the run plan, command arguments, or sandbox environment.

Use cases

  • replaying a risky upstream change against a known integration;
  • validating a repository-derived command inside the approved isolated profile;
  • testing a remote API or MCP call with a dedicated test credential;
  • producing evidence for a human remediation decision.
See Product stages and Security for the surrounding gates.