# CrowNest vs direct Cloudflare Sandbox (/docs/guides/crownest-vs-cloudflare-sandbox)



Cloudflare Sandbox is the runtime primitive. CrowNest is the product layer for
agents and applications that need that runtime to leave behind durable,
queryable proof.

Use CrowNest when the output of a run must be inspectable after the sandbox is
gone: an exit code, stdout and stderr events, explicit artifact IDs, archive
checksums, source metadata, timing, and an Evidence Bundle that other agents or
CI jobs can read later.

## What CrowNest adds [#what-crownest-adds]

| Need                        | Direct runtime call                    | CrowNest surface                                                                 |
| --------------------------- | -------------------------------------- | -------------------------------------------------------------------------------- |
| Durable run proof           | Caller stores logs and exit codes      | [Workspace Run evidence](/docs/concepts/workspace-runs) persists terminal proof. |
| Artifact retention          | Caller copies files out before cleanup | [Artifacts](/docs/concepts/artifacts) are explicit retained resources.           |
| Auth and scoping            | Runtime credential handling            | Org, project, and API-key scopes gate every public operation.                    |
| Idempotent remote workflows | Caller defines retry records           | Workspace Runs and uploads accept idempotency keys.                              |
| Agent replay                | Caller builds event storage            | Events can be streamed live or replayed by sequence.                             |
| Dashboard inspection        | Caller builds the operator surface     | Runs, previews, artifacts, and usage are visible in the dashboard.               |
| Usage and quotas            | Caller meters product actions          | CrowNest records billable usage and enforces plan/project limits.                |

## Evidence-first workflow [#evidence-first-workflow]

For repository-sized work, create a Workspace Run from an archive, stream events
for progress, then read the Evidence Bundle as the durable result.

```bash title="Terminal"
crownest workspace-runs run-archive repo.tgz --template python-node -- pnpm test
crownest workspace-runs evidence wsr_abc123 --output evidence.json
```

The event stream is useful while the command is running. The Evidence Bundle is
the handoff object after the run is terminal: it records status, exit code,
archive checksum, artifact IDs, artifact collection errors, timing, metadata,
and failure details.

## When direct runtime calls are enough [#when-direct-runtime-calls-are-enough]

Call the runtime directly when you own the whole execution loop and do not need
a product record afterward. That can be right for short-lived internal tools,
runtime experiments, or one-off scripts where stdout in the caller process is
the only output.

Use CrowNest when another person, job, or agent needs to answer "what happened?"
after the environment has been cleaned up.

## Related pages [#related-pages]

* [Workspace Runs](/docs/concepts/workspace-runs)
* [Workspace Runs API](/docs/api/workspace-runs)
* [Workspace Runs SDK](/docs/sdk/workspace-runs)
* [Workspace Runs CLI](/docs/cli/workspace-runs)
