Container sandboxes
Ephemeral Docker containers with language/runtime images managed by Waclaude. Best for microservices and CLI utilities.
VM sandboxes
Provisioned KVM/Firecracker VMs for workloads requiring kernel modules, system packages, or complex networking.
GPU & custom runners
Attach dedicated GPU pools or custom hardware. Waclaude provides Terraform modules to hook into existing capacity.
Runtime configuration snippet
sandboxes:
default:
type: container
image: ghcr.io/obscurelabs/node-20-secure
cpu: '4'
memory: 8Gi
payments_vm:
type: vm
image: projects/waclaude-payments/base
cpu: '8'
memory: 16Gi
network_profile: pci-compliant
gpu_ci:
type: custom
driver: self_hosted
labels: [gpu, cuda11]
capacity: 4