Files and the workspace
How the /workspace filesystem, file size limits, encodings, and directory operations work in CrowNest sandboxes.
Every sandbox has a workspace: the working filesystem area at /workspace
inside the live sandbox. The file APIs let you read, write, list, move, and
delete files there while the sandbox is alive. The workspace disappears
when the sandbox is destroyed, so export anything durable as an
artifact.
Workspace confinement
All file APIs are confined to /workspace. Every path you pass must
resolve inside it; paths that escape — including through symlinks — are
rejected with path_outside_workspace. Sandboxes never receive host or
provider credentials, and the file APIs can't reach anything outside the
workspace.
Reading and writing files
Direct reads and writes work on file content up to 256 KB. Larger files use download URLs instead.
GET /v1/sandboxes/{id}/files/readwith querypathreturns{ content, encoding, sizeBytes, path }. Files over 256 KB returnfile_too_large— request a download URL instead.PUT /v1/sandboxes/{id}/fileswith bodypathandcontentwrites a file, up to 256 KB. Optional fields:overwrite(defaulttrue) andcreateParents(defaultfalse). WithcreateParentsfalse, writing into a missing directory returnsparent_directory_not_found.POST /v1/sandboxes/{id}/files/download-urlwith body{ path }returns{ url, method: "GET", expiresAt }— a short-lived URL that streams the file at any size.
Encodings
Reads and writes accept an encoding of utf8 (default) or base64. Use
base64 for binary content. An unsupported value returns
invalid_file_encoding.
Listing and inspecting
Two read endpoints describe the workspace without transferring file content.
GET /v1/sandboxes/{id}/fileslists a directory (querypath, default/workspace) and returns{ data: FileEntry[] }.GET /v1/sandboxes/{id}/files/statreturns metadata for one path.
Entries have path, type (file or directory), sizeBytes, and
optionally name and modifiedAt.
Directory operations
The write endpoints cover directory creation, moves, and deletion.
POST /v1/sandboxes/{id}/files/mkdircreates a directory (bodypath, optionalparents, defaultfalse). Withoutparents, a missing parent returnsparent_directory_not_found.POST /v1/sandboxes/{id}/files/movemoves or renames (bodyfrom,to, optionaloverwrite, defaultfalse). Withoverwritefalse, an existing destination returnsfile_already_exists.DELETE /v1/sandboxes/{id}/fileswith querypathdeletes a file or an empty directory and returns{ deleted: true }.
[!NOTE] There is no recursive delete. Deleting a non-empty directory returns
directory_not_empty. Remove the contents first, or run a command such asrm -rfinside the sandbox.
File error codes
These error codes are specific to the file APIs:
| Code | Meaning |
|---|---|
path_outside_workspace | The path resolves outside /workspace. |
path_is_directory | A file operation targeted a directory. |
path_not_directory | A directory operation targeted a file. |
file_not_found | The path doesn't exist. |
file_too_large | Content exceeds the 256 KB direct read/write limit. |
file_already_exists | The destination exists and overwrite is false. |
parent_directory_not_found | A parent directory is missing. |
directory_not_empty | Delete targeted a non-empty directory. |
invalid_file_encoding | The encoding value isn't utf8 or base64. |
Next steps
- Artifacts — keep files beyond the sandbox lifetime.
- Commands — run processes that produce and consume workspace files.
- SDK quickstart
- Files API reference