SDK sandbox provisioning: built-in providers, docs restructure, and quickstart overhaul

- Add built-in sandbox providers (local, docker, e2b, daytona, vercel, cloudflare) to the TypeScript SDK so users import directly instead of passing client instances
- Restructure docs: rename architecture to orchestration-architecture, add new architecture page for server overview, improve getting started flow
- Rewrite quickstart to be TypeScript-first with provider CodeGroup and custom provider accordion
- Update all examples to use new provider APIs
- Update persist drivers and foundry for new SDK surface

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

docs/deploy/cloudflare.mdx

@@ -31,7 +31,38 @@ RUN sandbox-agent install-agent claude && sandbox-agent install-agent codex
 EXPOSE 8000
 ```
 
-## TypeScript example
+## TypeScript example (with provider)
+
+For standalone scripts, use the `cloudflare` provider:
+
+```bash
+npm install sandbox-agent@0.3.x @cloudflare/sandbox
+```
+
+```typescript
+import { SandboxAgent } from "sandbox-agent";
+import { cloudflare } from "sandbox-agent/cloudflare";
+
+const sdk = await SandboxAgent.start({
+  sandbox: cloudflare(),
+});
+
+try {
+  const session = await sdk.createSession({ agent: "codex" });
+  const response = await session.prompt([
+    { type: "text", text: "Summarize this repository" },
+  ]);
+  console.log(response.stopReason);
+} finally {
+  await sdk.destroySandbox();
+}
+```
+
+The `cloudflare` provider uses `containerFetch` under the hood, automatically stripping `AbortSignal` to avoid dropped streaming updates.
+
+## TypeScript example (Durable Objects)
+
+For Workers with Durable Objects, use `SandboxAgent.connect(...)` with a custom `fetch` backed by `sandbox.containerFetch(...)`:
 
 ```typescript
 import { getSandbox, type Sandbox } from "@cloudflare/sandbox";
@@ -109,7 +140,6 @@ app.all("*", (c) => c.env.ASSETS.fetch(c.req.raw));
 export default app;
 ```
 
-Create the SDK client inside the Worker using custom `fetch` backed by `sandbox.containerFetch(...)`.
 This keeps all Sandbox Agent calls inside the Cloudflare sandbox routing path and does not require a `baseUrl`.
 
 ## Troubleshooting streaming updates

docs/deploy/daytona.mdx

@@ -15,40 +15,37 @@ See [Daytona network limits](https://www.daytona.io/docs/en/network-limits/).
 
 ## TypeScript example
 
-```typescript
-import { Daytona } from "@daytonaio/sdk";
-import { SandboxAgent } from "sandbox-agent";
+```bash
+npm install sandbox-agent@0.3.x @daytonaio/sdk
+```
 
-const daytona = new Daytona();
+```typescript
+import { SandboxAgent } from "sandbox-agent";
+import { daytona } from "sandbox-agent/daytona";
 
 const envVars: Record<string, string> = {};
 if (process.env.ANTHROPIC_API_KEY) envVars.ANTHROPIC_API_KEY = process.env.ANTHROPIC_API_KEY;
 if (process.env.OPENAI_API_KEY) envVars.OPENAI_API_KEY = process.env.OPENAI_API_KEY;
 
-const sandbox = await daytona.create({ envVars });
+const sdk = await SandboxAgent.start({
+  sandbox: daytona({
+    create: { envVars },
+  }),
+});
 
-await sandbox.process.executeCommand(
-  "curl -fsSL https://releases.rivet.dev/sandbox-agent/0.3.x/install.sh | sh"
-);
-
-await sandbox.process.executeCommand("sandbox-agent install-agent claude");
-await sandbox.process.executeCommand("sandbox-agent install-agent codex");
-
-await sandbox.process.executeCommand(
-  "nohup sandbox-agent server --no-token --host 0.0.0.0 --port 3000 >/tmp/sandbox-agent.log 2>&1 &"
-);
-
-await new Promise((r) => setTimeout(r, 2000));
-
-const baseUrl = (await sandbox.getSignedPreviewUrl(3000, 4 * 60 * 60)).url;
-const sdk = await SandboxAgent.connect({ baseUrl });
-
-const session = await sdk.createSession({ agent: "claude" });
-await session.prompt([{ type: "text", text: "Summarize this repository" }]);
-
-await sandbox.delete();
+try {
+  const session = await sdk.createSession({ agent: "claude" });
+  const response = await session.prompt([
+    { type: "text", text: "Summarize this repository" },
+  ]);
+  console.log(response.stopReason);
+} finally {
+  await sdk.destroySandbox();
+}
 ```
 
+The `daytona` provider uses the `rivetdev/sandbox-agent:0.3.2-full` image by default and starts the server automatically.
+
 ## Using snapshots for faster startup
 
 ```typescript

docs/deploy/docker.mdx

@@ -15,43 +15,43 @@ Run the published full image with all supported agents pre-installed:
 docker run --rm -p 3000:3000 \
   -e ANTHROPIC_API_KEY="$ANTHROPIC_API_KEY" \
   -e OPENAI_API_KEY="$OPENAI_API_KEY" \
-  rivetdev/sandbox-agent:0.3.1-full \
+  rivetdev/sandbox-agent:0.3.2-full \
   server --no-token --host 0.0.0.0 --port 3000
 ```
 
-The `0.3.1-full` tag pins the exact version. The moving `full` tag is also published for contributors who want the latest full image.
+The `0.3.2-full` tag pins the exact version. The moving `full` tag is also published for contributors who want the latest full image.
 
-## TypeScript with dockerode
+## TypeScript with the Docker provider
+
+```bash
+npm install sandbox-agent@0.3.x dockerode get-port
+```
 
 ```typescript
-import Docker from "dockerode";
 import { SandboxAgent } from "sandbox-agent";
+import { docker } from "sandbox-agent/docker";
 
-const docker = new Docker();
-const PORT = 3000;
-
-const container = await docker.createContainer({
-  Image: "rivetdev/sandbox-agent:0.3.1-full",
-  Cmd: ["server", "--no-token", "--host", "0.0.0.0", "--port", `${PORT}`],
-  Env: [
-    `ANTHROPIC_API_KEY=${process.env.ANTHROPIC_API_KEY}`,
-    `OPENAI_API_KEY=${process.env.OPENAI_API_KEY}`,
-    `CODEX_API_KEY=${process.env.CODEX_API_KEY}`,
-  ].filter(Boolean),
-  ExposedPorts: { [`${PORT}/tcp`]: {} },
-  HostConfig: {
-    AutoRemove: true,
-    PortBindings: { [`${PORT}/tcp`]: [{ HostPort: `${PORT}` }] },
-  },
+const sdk = await SandboxAgent.start({
+  sandbox: docker({
+    env: [
+      `ANTHROPIC_API_KEY=${process.env.ANTHROPIC_API_KEY}`,
+      `OPENAI_API_KEY=${process.env.OPENAI_API_KEY}`,
+    ].filter(Boolean),
+  }),
 });
 
-await container.start();
+try {
+  const session = await sdk.createSession({ agent: "codex" });
+  await session.prompt([{ type: "text", text: "Summarize this repository." }]);
+} finally {
+  await sdk.destroySandbox();
+}
+```
 
-const baseUrl = `http://127.0.0.1:${PORT}`;
-const sdk = await SandboxAgent.connect({ baseUrl });
+The `docker` provider uses the `rivetdev/sandbox-agent:0.3.2-full` image by default. Override with `image`:
 
-const session = await sdk.createSession({ agent: "codex" });
-await session.prompt([{ type: "text", text: "Summarize this repository." }]);
+```typescript
+docker({ image: "my-custom-image:latest" })
 ```
 
 ## Building a custom image with everything preinstalled

docs/deploy/e2b.mdx

@@ -10,42 +10,37 @@ description: "Deploy Sandbox Agent inside an E2B sandbox."
 
 ## TypeScript example
 
+```bash
+npm install sandbox-agent@0.3.x @e2b/code-interpreter
+```
+
 ```typescript
-import { Sandbox } from "@e2b/code-interpreter";
 import { SandboxAgent } from "sandbox-agent";
+import { e2b } from "sandbox-agent/e2b";
 
 const envs: Record<string, string> = {};
 if (process.env.ANTHROPIC_API_KEY) envs.ANTHROPIC_API_KEY = process.env.ANTHROPIC_API_KEY;
 if (process.env.OPENAI_API_KEY) envs.OPENAI_API_KEY = process.env.OPENAI_API_KEY;
 
-const sandbox = await Sandbox.create({ allowInternetAccess: true, envs });
-
-await sandbox.commands.run(
-  "curl -fsSL https://releases.rivet.dev/sandbox-agent/0.3.x/install.sh | sh"
-);
-
-await sandbox.commands.run("sandbox-agent install-agent claude");
-await sandbox.commands.run("sandbox-agent install-agent codex");
-
-await sandbox.commands.run(
-  "sandbox-agent server --no-token --host 0.0.0.0 --port 3000",
-  { background: true, timeoutMs: 0 }
-);
-
-const baseUrl = `https://${sandbox.getHost(3000)}`;
-const sdk = await SandboxAgent.connect({ baseUrl });
-
-const session = await sdk.createSession({ agent: "claude" });
-const off = session.onEvent((event) => {
-  console.log(event.sender, event.payload);
+const sdk = await SandboxAgent.start({
+  sandbox: e2b({
+    create: { envs },
+  }),
 });
 
-await session.prompt([{ type: "text", text: "Summarize this repository" }]);
-off();
-
-await sandbox.kill();
+try {
+  const session = await sdk.createSession({ agent: "claude" });
+  const response = await session.prompt([
+    { type: "text", text: "Summarize this repository" },
+  ]);
+  console.log(response.stopReason);
+} finally {
+  await sdk.destroySandbox();
+}
 ```
 
+The `e2b` provider handles sandbox creation, Sandbox Agent installation, agent setup, and server startup automatically.
+
 ## Faster cold starts
 
 For faster startup, create a custom E2B template with Sandbox Agent and target agents pre-installed.

docs/deploy/local.mdx

@@ -32,12 +32,15 @@ Or with npm/Bun:
 
 ## With the TypeScript SDK
 
-The SDK can spawn and manage the server as a subprocess:
+The SDK can spawn and manage the server as a subprocess using the `local` provider:
 
 ```typescript
 import { SandboxAgent } from "sandbox-agent";
+import { local } from "sandbox-agent/local";
 
-const sdk = await SandboxAgent.start();
+const sdk = await SandboxAgent.start({
+  sandbox: local(),
+});
 
 const session = await sdk.createSession({
   agent: "claude",
@@ -47,7 +50,21 @@ await session.prompt([
   { type: "text", text: "Summarize this repository." },
 ]);
 
-await sdk.dispose();
+await sdk.destroySandbox();
 ```
 
 This starts the server on an available local port and connects automatically.
+
+Pass options to customize the local provider:
+
+```typescript
+const sdk = await SandboxAgent.start({
+  sandbox: local({
+    port: 3000,
+    log: "inherit",
+    env: {
+      ANTHROPIC_API_KEY: process.env.MY_ANTHROPIC_KEY,
+    },
+  }),
+});
+```

docs/deploy/vercel.mdx

@@ -10,52 +10,40 @@ description: "Deploy Sandbox Agent inside a Vercel Sandbox."
 
 ## TypeScript example
 
-```typescript
-import { Sandbox } from "@vercel/sandbox";
-import { SandboxAgent } from "sandbox-agent";
-
-const envs: Record<string, string> = {};
-if (process.env.ANTHROPIC_API_KEY) envs.ANTHROPIC_API_KEY = process.env.ANTHROPIC_API_KEY;
-if (process.env.OPENAI_API_KEY) envs.OPENAI_API_KEY = process.env.OPENAI_API_KEY;
-
-const sandbox = await Sandbox.create({
-  runtime: "node24",
-  ports: [3000],
-});
-
-const run = async (cmd: string, args: string[] = []) => {
-  const result = await sandbox.runCommand({ cmd, args, env: envs });
-  if (result.exitCode !== 0) {
-    throw new Error(`Command failed: ${cmd} ${args.join(" ")}`);
-  }
-};
-
-await run("sh", ["-c", "curl -fsSL https://releases.rivet.dev/sandbox-agent/0.3.x/install.sh | sh"]);
-await run("sandbox-agent", ["install-agent", "claude"]);
-await run("sandbox-agent", ["install-agent", "codex"]);
-
-await sandbox.runCommand({
-  cmd: "sandbox-agent",
-  args: ["server", "--no-token", "--host", "0.0.0.0", "--port", "3000"],
-  env: envs,
-  detached: true,
-});
-
-const baseUrl = sandbox.domain(3000);
-const sdk = await SandboxAgent.connect({ baseUrl });
-
-const session = await sdk.createSession({ agent: "claude" });
-
-const off = session.onEvent((event) => {
-  console.log(event.sender, event.payload);
-});
-
-await session.prompt([{ type: "text", text: "Summarize this repository" }]);
-off();
-
-await sandbox.stop();
+```bash
+npm install sandbox-agent@0.3.x @vercel/sandbox
 ```
 
+```typescript
+import { SandboxAgent } from "sandbox-agent";
+import { vercel } from "sandbox-agent/vercel";
+
+const env: Record<string, string> = {};
+if (process.env.ANTHROPIC_API_KEY) env.ANTHROPIC_API_KEY = process.env.ANTHROPIC_API_KEY;
+if (process.env.OPENAI_API_KEY) env.OPENAI_API_KEY = process.env.OPENAI_API_KEY;
+
+const sdk = await SandboxAgent.start({
+  sandbox: vercel({
+    create: {
+      runtime: "node24",
+      env,
+    },
+  }),
+});
+
+try {
+  const session = await sdk.createSession({ agent: "claude" });
+  const response = await session.prompt([
+    { type: "text", text: "Summarize this repository" },
+  ]);
+  console.log(response.stopReason);
+} finally {
+  await sdk.destroySandbox();
+}
+```
+
+The `vercel` provider handles sandbox creation, Sandbox Agent installation, agent setup, and server startup automatically.
+
 ## Authentication
 
 Vercel Sandboxes support OIDC token auth (recommended) and access-token auth.