CrowNest vs direct Cloudflare Sandbox
Use CrowNest when agents need durable evidence, scoped product controls, and replayable run records on top of the runtime primitive.
Cloudflare Sandbox is the runtime primitive. CrowNest is the product layer for agents and applications that need that runtime to leave behind durable, queryable proof.
Use CrowNest when the output of a run must be inspectable after the sandbox is gone: an exit code, stdout and stderr events, explicit artifact IDs, archive checksums, source metadata, timing, and an Evidence Bundle that other agents or CI jobs can read later.
What CrowNest adds
| Need | Direct runtime call | CrowNest surface |
|---|---|---|
| Durable run proof | Caller stores logs and exit codes | Workspace Run evidence persists terminal proof. |
| Artifact retention | Caller copies files out before cleanup | Artifacts are explicit retained resources. |
| Auth and scoping | Runtime credential handling | Org, project, and API-key scopes gate every public operation. |
| Idempotent remote workflows | Caller defines retry records | Workspace Runs and uploads accept idempotency keys. |
| Agent replay | Caller builds event storage | Events can be streamed live or replayed by sequence. |
| Dashboard inspection | Caller builds the operator surface | Runs, previews, artifacts, and usage are visible in the dashboard. |
| Usage and quotas | Caller meters product actions | CrowNest records billable usage and enforces plan/project limits. |
Evidence-first workflow
For repository-sized work, create a Workspace Run from an archive, stream events for progress, then read the Evidence Bundle as the durable result.
crownest workspace-runs run-archive repo.tgz --template python-node -- pnpm test
crownest workspace-runs evidence wsr_abc123 --output evidence.jsonThe event stream is useful while the command is running. The Evidence Bundle is the handoff object after the run is terminal: it records status, exit code, archive checksum, artifact IDs, artifact collection errors, timing, metadata, and failure details.
When direct runtime calls are enough
Call the runtime directly when you own the whole execution loop and do not need a product record afterward. That can be right for short-lived internal tools, runtime experiments, or one-off scripts where stdout in the caller process is the only output.
Use CrowNest when another person, job, or agent needs to answer "what happened?" after the environment has been cleaned up.