Why Sandboxed Execution Matters

When you give an AI agent the ability to run code, write files, and execute shell commands, security becomes paramount. AZAD takes a defense-in-depth approach to agent sandboxing.

Every agent runs in an isolated environment with explicit permission grants. By default, agents can read your project files and write to their workspace. Everything else — network access, system commands, file deletion — requires your approval.

Permissions are granular and auditable. You can see exactly what each agent accessed, modified, and executed. Every file change is tracked and reversible.

This isn't just about preventing malicious behavior. Sandboxing also prevents accidents — an agent that misunderstands your intent can't accidentally delete your production database or push to main.

AZAD supports multiple sandbox backends: local process isolation, Docker containers, SSH remotes, and cloud sandboxes. Choose the level of isolation that fits your workflow.