WAVE Sandbox
Propose any shell command. WAVE shows you the exact filesystem diff and a tamper-evident receipt before anything runs — then, on your approval, runs it in containment (in-memory FS, network off, execution-limited). Untrusted input never touches a real host.
For agents
This capability is machine-discoverable. Fetch /llms.txt, the sandbox capability manifest, or the standard agent card. Execution runs through the WAVE API funnel (POST /v1/sandbox/preview → apply → GET /receipt) — the same preview→approve→apply contract shown above.