AI agents that read your files and run shell commands cannot run in your app process. Actana ships isolation as the default — not the upgrade. Two sandbox flavors, OTP-rotated tokens, MCP-bridged tools, full NDJSON audit log.
~2-3s startup. Asset round-trip supported. MCP server bridging via mcporter. Multi-file skill bundles with executables. Default for production.
~200ms startup. Process-level isolation. 23 built-in tools. Single-file skills. For dev / fast inner loop where assets aren't needed.
Provisioning, OTP rotation, queue acquisition, container creation, bootstrap, materialization, execution, result upload, cleanup. Every phase emits a structured log line.
Each provision generates three single-use tokens (setup / run / upload). The sandbox never sees a long-lived credential.
mcporter generates tool shims so agents call MCP tools as if they were native. No MCP plumbing exposed to end users.
Every sandbox run produces stream.jsonl, result.json, steps.json. Same shape live as in Logs. Watch it now or replay later.
Whitelisted extensions. Filenames sanitized to [a-zA-Z0-9._-]. Duplicates suffixed automatically.
Every workflow execution gets its own files folder. Outputs are pinned to the run that produced them.
Default 30s execution timeout (configurable via MAX_EXECUTION_TIME_SEC). Container force-removed on completion.
