Skip to main content
A common agent pattern: clone a repo into an isolated sandbox, inspect it, and run checks — without touching the host machine. This example uses a public repository; for private repos, inject credentials via envs at create time.

Setup

uv pip install "nullspace-sdk==0.1.9"
export NULLSPACE_API_KEY=ns_live_...
export NULLSPACE_API_URL=https://api.your-nullspace-domain

Python

workspace_example.py
from nullspace import Sandbox

REPO = "https://github.com/pypa/sampleproject.git"

with Sandbox.create(template="base", timeout=120) as sandbox:
    clone = sandbox.commands.run(
        f"git clone --depth 1 {REPO} /workspace/repo", shell=True, timeout=90
    )
    assert clone.exit_code == 0, clone.stderr

    head = sandbox.commands.run(
        "git -C /workspace/repo rev-parse --short HEAD", shell=True
    )
    print("repo head:", head.stdout.strip())

    checks = sandbox.commands.run(
        "cd /workspace/repo && python3 -m compileall -q src && echo checks-passed",
        shell=True,
    )
    print(checks.stdout.strip())

Expected output

repo head: <short-sha>
checks-passed
From here an agent typically reads files (sandbox.files.read), edits them (sandbox.files.write), re-runs tests, and forks the warm workspace to try multiple approaches in parallel. To run a coding agent itself inside the sandbox — Codex, Claude Code, Amp, or OpenCode — see Agent workspaces. Related: Commands · Filesystem