feat: add POST /api/sandbox endpoint

app/api/sandbox/route.ts

@@ -0,0 +1,38 @@
+import { NextRequest, NextResponse } from "next/server";
+import { getCorsHeaders } from "@/lib/networking/getCorsHeaders";
+import { createSandboxPostHandler } from "@/lib/sandbox/createSandboxPostHandler";
+
+/**
+ * OPTIONS handler for CORS preflight requests.
+ *
+ * @returns A NextResponse with CORS headers.
+ */
+export async function OPTIONS() {
+  return new NextResponse(null, {
+    status: 200,
+    headers: getCorsHeaders(),
+  });
+}
+
+/**
+ * POST /api/sandbox
+ *
+ * Creates a new ephemeral sandbox environment.
+ * Sandboxes are isolated Linux microVMs that can be used to evaluate
+ * account-generated code, run AI agent output safely, or execute reproducible tasks.
+ *
+ * Request:
+ * - No request body required
+ * - Authentication via x-api-key header
+ *
+ * Response:
+ * - 200: { sandboxId: string, status: string, timeout: number, createdAt: string }
+ * - 400: { error: "Failed to create sandbox" }
+ * - 401: { status: "error", error: "x-api-key header required" or "Invalid API key" }
+ *
+ * @param request - The request object
+ * @returns A NextResponse with the created sandbox data or error
+ */
+export async function POST(request: NextRequest) {
+  return createSandboxPostHandler(request);
+}

lib/sandbox/createSandbox.ts

@@ -0,0 +1,29 @@
+import { Sandbox } from "@vercel/sandbox";
+
+/**
+ * Response from creating a sandbox.
+ * Uses Sandbox class types from @vercel/sandbox SDK.
+ */
+export interface SandboxCreatedResponse {
+  sandboxId: Sandbox["sandboxId"];
+  status: Sandbox["status"];
+  timeout: Sandbox["timeout"];
+  createdAt: string;
+}
+
+/**
+ * Creates a new ephemeral sandbox environment using Vercel Sandbox SDK.
+ *
+ * @returns The created sandbox details
+ * @throws Error if sandbox creation fails
+ */
+export async function createSandbox(): Promise<SandboxCreatedResponse> {
+  const sandbox = await Sandbox.create();
+
+  return {
+    sandboxId: sandbox.sandboxId,
+    status: sandbox.status,
+    timeout: sandbox.timeout,
+    createdAt: sandbox.createdAt.toISOString(),
+  };
+}

lib/sandbox/createSandboxPostHandler.ts

@@ -0,0 +1,29 @@
+import { NextRequest, NextResponse } from "next/server";
+import { getCorsHeaders } from "@/lib/networking/getCorsHeaders";
+import { getApiKeyAccountId } from "@/lib/auth/getApiKeyAccountId";
+import { createSandbox } from "@/lib/sandbox/createSandbox";
+
+/**
+ * Handler for POST /api/sandbox.
+ *
+ * Creates a new ephemeral sandbox environment. Requires authentication via x-api-key header.
+ * No request body is required.
+ *
+ * @param request - The request object
+ * @returns A NextResponse with sandbox data or error
+ */
+export async function createSandboxPostHandler(request: NextRequest): Promise<NextResponse> {
+  const accountIdOrError = await getApiKeyAccountId(request);
+  if (accountIdOrError instanceof NextResponse) {
+    return accountIdOrError;
+  }
+
+  try {
+    const sandbox = await createSandbox();
+
+    return NextResponse.json(sandbox, { status: 200, headers: getCorsHeaders() });
+  } catch (error) {
+    const message = error instanceof Error ? error.message : "Failed to create sandbox";
+    return NextResponse.json({ error: message }, { status: 400, headers: getCorsHeaders() });
+  }
+}

package.json

@@ -17,8 +17,6 @@
   },
   "dependencies": {
     "@ai-sdk/anthropic": "^3.0.13",
-    "autoevals": "^0.0.129",
-    "braintrust": "^0.4.9",
     "@ai-sdk/gateway": "^3.0.14",
     "@ai-sdk/google": "^3.0.8",
     "@ai-sdk/mcp": "^0.0.12",
@@ -31,9 +29,12 @@
     "@privy-io/node": "^0.6.2",
     "@supabase/supabase-js": "^2.86.0",
     "@trigger.dev/sdk": "^4.2.0",
+    "@vercel/sandbox": "^1.3.1",
     "ai": "6.0.0-beta.122",
     "apify-client": "^2.20.0",
     "arweave": "^1.15.7",
+    "autoevals": "^0.0.129",
+    "braintrust": "^0.4.9",
     "bullmq": "^5.65.1",
     "googleapis": "^168.0.0",
     "ioredis": "^5.8.2",