Skip to main content
Access is for humans and operator tools that need to inspect or control a running sandbox after creation. Keep networking docs for ports, preview URLs, tokens, and WebSockets; use this section when the question is “how do I get into the sandbox?” Desktop environments are a build surface for browser, desktop app, and visual-agent workflows. See Desktop Environments when the question is “how does an agent use a GUI?”

Choose An Access Surface

GoalUse
Open an interactive terminal through the SDK, CLI, or WebSocketPTY sessions
Connect a local OpenSSH client or an SSH-native toolSSH access
Inspect a failed retained agent or service sandboxDebug retained sandboxes

Access And Lifecycle

Access surfaces attach to an existing sandbox. They do not replace the sandbox lifecycle APIs:
  1. Create or connect to a sandbox.
  2. Use commands, files, volumes, templates, and preview URLs for normal application behavior.
  3. Attach PTY or SSH when a person needs to inspect state, debug a failure, or operate an interactive tool.
  4. Destroy disposable sandboxes, or use retention, hibernate, auto-resume, and volumes when state must survive.

Access From Agent Runs

Agent jobs and services expose backing sandbox IDs. Use normal sandbox access commands to inspect retained runs: 
nullspace agent sandbox repo-review-agent --run adrun_123
nullspace sandbox pty create sb_123 --cols 120 --rows 30
nullspace sandbox pty connect sb_123 --session-id ses_123
nullspace ssh sb_123
Use Agent Deployments when you want repeatable named agent jobs and services. Use Agent workspaces when you want Codex, Claude Code, Amp, or OpenCode running inside a sandbox you control.