Docs

Templates

Configure reusable sandbox environments for your runs

What Are Templates?

Templates are reusable sandbox configurations. Define the base image, guardrails, environment variables, and egress domains once — then reference the template across runs.

There are two types:

  • System templates — global defaults provided by coSPEC. Read-only — cannot be modified or deleted.
  • Workspace templates — created by your team, fully editable

Base Images

ImagePre-installed
node-22Node.js 22, npm, git, common build tools
python-3.12Python 3.12, pip, git, common build tools

Default Guardrails

Templates set default guardrails for all runs that use them. Individual runs can override these values.

GuardrailDefaultDescription
maxTurns100Maximum agent turns
maxCostUsd$5Maximum Anthropic API cost
timeoutMinutes30Maximum wall-clock time

Environment Variables

Set default environment variables on a template. When a run specifies its own env, the values are merged — run values win on conflict.

Egress Control

All sandboxes start with a base set of allowed domains. Custom domains you add to a template are additive.

Default Allowed Domains

CategoryDomainsPorts
Git providersgithub.com, *.github.com, *.githubusercontent.com, gitlab.com, *.gitlab.com, bitbucket.org, *.bitbucket.org443, 22
Anthropicapi.anthropic.com, statsig.anthropic.com, claude.ai443
npm / Yarnregistry.npmjs.org, *.npmjs.org, registry.yarnpkg.com443
PyPIpypi.org, files.pythonhosted.org443
Cloud storagestorage.googleapis.com443
System packages*.ubuntu.com, *.debian.org80, 443

All other outbound traffic is blocked. Private IP ranges (10.x, 172.16.x, 192.168.x, link-local) are always blocked.

Custom Egress Domains

Add up to 20 additional domains per template. Wildcard support is available (e.g. *.example.com).

Blocked values: IP addresses, localhost, .local, .internal.

Terminal
curl -X POST https://api.cospec.io/v1/templates \
  -H "Authorization: Bearer csk_live_..." \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Backend Service",
    "slug": "backend-service",
    "baseImage": "node-22",
    "guardrails": {
      "maxTurns": 200,
      "maxCostUsd": 10,
      "timeoutMinutes": 45
    },
    "egressDomains": [
      "*.example.com",
      "api.stripe.com"
    ],
    "envVars": {
      "NODE_ENV": "development"
    }
  }'

Agents

What agents can do inside coSPEC sandboxes

API Keys

Create and manage API keys for programmatic access

On this page

What Are Templates?Base ImagesDefault GuardrailsEnvironment VariablesEgress ControlDefault Allowed DomainsCustom Egress Domains