Templates
Configure reusable sandbox environments for your runs
What Are Templates?
Templates are reusable sandbox configurations. Define the base image, guardrails, environment variables, and allowed domains once — then reference the template across runs.
There are two types:
- System templates — global defaults provided by coSPEC. Read-only — cannot be modified or deleted.
- Workspace templates — created by your team, fully editable
Base Images
| Image | Pre-installed |
|---|---|
node-22 | Node.js 22, npm, git, common build tools |
python-3.12 | Python 3.12, pip, git, common build tools |
php-8.3 | PHP 8.3, Composer, common extensions (bcmath, gd, intl, mbstring, pdo, zip), git, common build tools |
Sandbox Sizes
Every template has a size that controls how much CPU, memory, and disk the sandbox gets. Set it when creating or updating a template.
| Size | CPU | RAM | Disk |
|---|---|---|---|
s — Small | 1 vCPU | 2 GB | 5 GB |
m — Medium | 2 vCPU | 4 GB | 10 GB |
l — Large | 4 vCPU | 8 GB | 20 GB |
The default size is m. Choose a larger size when agents need to build large projects, run memory-heavy test suites, or work with big repositories.
If a sandbox exceeds its memory limit, the run fails with RUN_RESOURCE_LIMIT_EXCEEDED.
Default Guardrails
Templates set default guardrails for all runs that use them. Individual runs can override these values.
| Guardrail | Default | Description |
|---|---|---|
maxTurns | 100 | Maximum agent turns |
maxCostUsd | $5 | Maximum Anthropic API cost |
timeoutMinutes | 30 | Maximum wall-clock time |
Environment Variables
Set default environment variables on a template. When a run specifies its own env, the values are merged — run values win on conflict.
Network Access
All sandboxes start with a base set of allowed domains. Custom domains you add to a template are additive.
Default Allowed Domains
| Category | Domains | Ports |
|---|---|---|
| Git providers | github.com, *.github.com, *.githubusercontent.com, gitlab.com, *.gitlab.com, bitbucket.org, *.bitbucket.org | 443, 22 |
| Anthropic | api.anthropic.com, statsig.anthropic.com, claude.ai | 443 |
| npm / Yarn | registry.npmjs.org, *.npmjs.org, registry.yarnpkg.com | 443 |
| PyPI | pypi.org, files.pythonhosted.org | 443 |
| Cloud storage | storage.googleapis.com | 443 |
| System packages | *.ubuntu.com, *.debian.org | 80, 443 |
All other outbound traffic is blocked. Private IP ranges (10.x, 172.16.x, 192.168.x, link-local) are always blocked.
When using a self-hosted GitLab instance, the instance domain is automatically added to the sandbox's egress allowlist for the run.
Custom Allowed Domains
Add up to 20 additional domains per template. Wildcard support is available (e.g. *.example.com).
Blocked values: IP addresses, localhost, .local, .internal.
curl -X POST https://api.cospec.io/v1/templates \
-H "Authorization: Bearer csk_live_..." \
-H "Content-Type: application/json" \
-d '{
"name": "Backend Service",
"slug": "backend-service",
"baseImage": "node-22",
"size": "m",
"guardrails": {
"maxTurns": 200,
"maxCostUsd": 10,
"timeoutMinutes": 45
},
"egressDomains": [
"*.example.com",
"api.stripe.com"
],
"envVars": {
"NODE_ENV": "development"
}
}'