{"schema":"wave.capability/v1","name":"wave-sandbox","title":"WAVE Sandbox — safe execution front door","summary":"Propose an untrusted shell command; get the exact filesystem diff and a tamper-evident receipt; approve; WAVE runs it in containment (in-memory FS, network off, execution limits).","status":"staging","audiences":["human","agent"],"discovery":{"llms_txt":"https://sandbox.wave.online/llms.txt","playground":"https://sandbox.wave.online/","manifest":"https://sandbox.wave.online/.well-known/wave-capability.json","agent_card":"https://sandbox.wave.online/.well-known/agent-card.json"},"contract":{"base":"https://api.wave.online/v1/sandbox","availability":"pending-launch","auth":{"type":"gateway-trust","header":"x-wave-gateway-secret","note":"issued by the WAVE gateway; not user-supplied"},"operations":[{"op":"preview","method":"POST","path":"/preview","body":{"command":"string","files":"object?"},"meter":"wave_sandbox_preview"},{"op":"apply","method":"POST","path":"/apply","body":{"command":"string","approval":"string (receipt.id from preview)"},"meter":"wave_sandbox_exec"},{"op":"receipt","method":"GET","path":"/receipt/{id}"}]},"tiers":{"edge":"core shell (echo, grep, jq, awk, sha256sum, …)","node":"contained sqlite3 (sql.js) + js-exec (QuickJS)","escalate":"git/build/docker — never auto-run; routed to an isolated Firecracker tier"},"safety":["untrusted command never touches a real host shell/disk/network","preview is non-executing; apply requires an approval token equal to the previewed receipt id","receipts are hash-only and tenant-isolated"]}