By default, a sandbox can reach any public IP on the internet. The platform always blocks egress to private, link-local, and loopback ranges regardless of your allow rules. Use network rules to narrow the allowlist further.
Rules control what a sandbox may reach. To see what it actually reached — every connection, allowed or blocked — use the network log. Allow specific destinations
allowOut / allow_out accepts a mix of CIDRs and domain patterns. Combine it with denyOut: ["0.0.0.0/0"] to build a strict allowlist - deny everything, then add exceptions.
const sandbox = await Sandbox.create({
name: "restricted",
network: {
allowOut: ["api.openai.com", "*.github.com", "140.82.112.0/20"],
denyOut: ["0.0.0.0/0"],
},
})
| Field | Accepts | Notes |
|---|
allowOut / allow_out | CIDRs + domains | Domains support wildcards (*.example.com). A wildcard matches subdomains at any depth but not the bare domain — *.example.com does not match example.com; list both if you need the apex. |
denyOut / deny_out | CIDRs only | Use 0.0.0.0/0 to deny the entire internet and rely on allowOut for exceptions. |
Update rules on a running sandbox
Networking can be updated after creation - changes apply immediately to new connections.
await sandbox.update({
network: {
allowOut: ["api.anthropic.com", "api.openai.com"],
denyOut: ["0.0.0.0/0"],
},
})
Blocking *.superserve.ai will break the SDK’s ability to communicate with the sandbox.
