Multi-agent DAG orchestration, purpose-built for enterprise engineering teams Learn more →

Sandboxes

Your cloud.
Our engineers.

Cendriix provisions a real, production-grade sandbox in your AWS, GCP, Azure, or in our managed account. You don't write any code. You don't write any infra. You don't write any CI. You don't write Dockerfiles, Kubernetes manifests, Terraform, or IAM policies. We do, and then we hand you the live URL.

Four ways to host. Same product.

Pin to one cloud, use our managed account, or let Cendriix decide based on cost and latency. You can migrate between them any time without rewriting anything.

Amazon Web Services
12 regions
CloudFormation stacks. You keep IAM.
Cross-account role. We never touch your prod. Full CloudTrail audit in your account.
Google Cloud
9 regions
Deployment Manager + gcloud. Workload Identity Federation.
No service account key files. Short-lived tokens via WIF. Audit logs to Cloud Logging.
Azure
8 regions
Bicep templates. Managed Identity.
No client secrets stored. Federated credentials via OIDC. Activity log to Log Analytics.

Or pick later: cendriix init with no flags spins up a managed sandbox by default.

What gets provisioned automatically.

Every sandbox gets all of this. Not as add-ons. Not as config you write. Cendriix writes 100% of the code. The founder writes zero.

Compute
Fargate / Cloud Run / Container Apps. Auto-scaled. No servers to manage.
Database
RDS / Cloud SQL / Postgres Flexible Server. Daily backups + point-in-time recovery.
Cache
ElastiCache / Memorystore / Cache for Redis. In-cluster encryption at rest.
Storage
S3 / GCS / Azure Blob. Versioning, lifecycle policies, server-side encryption.
CDN
CloudFront / Cloud CDN / Front Door. WAF rules applied. DDoS protection on.
Queue
SQS / Pub/Sub / Service Bus. Dead-letter queues. At-least-once delivery.
Secrets manager
AWS Secrets Manager / GCP Secret Manager / Azure Key Vault. Rotation built in.
Observability
CloudWatch / Cloud Logging / App Insights. Dashboards + alerts pre-configured.
Identity
Cognito / Auth0 / Cendriix-managed. Founder picks. MFA on by default.
Networking
VPC + private subnets + NAT gateway + security groups. Zero public-IP exposure.
Compliance baseline
Encryption at rest + in transit. Audit logging. GDPR tagging. SOC 2-aligned controls.
Cost guard
Budget alert + auto-pause when spend threshold is crossed. You set the cap.

Time to live URL.

From plain-English description to a hot URL in under five minutes.

0:00
You describe
One sentence. "A booking app for barbers."
0:15
Cendriix plans
Architecture diagram drafted. Infra-as-code generated.
0:30
IAM granted
Cross-account role assumed. CloudFormation stack starts.
1:30
Infra applied
VPC, RDS, ECS cluster, ALB, Route53 record, live.
4:00
First deploy
Cendriix pushes the first working build to your cluster.
5:00
URL hot
Your live URL is ready. No engineer touched a terminal.
Median TTL: 4m 38s across 1,247 sandboxes in the last 30 days.p95: 11m

You don't write any of this. We do.

The founder sees plain English. Your engineering team gets a full audit trail. Neither of you touches a terminal.

Founder view
Setting up your database...
Configuring automatic backups...
Linking your booking API...
Deploying to us-east-1...
Your app is live. Opening URL...
Audit trail, what Cendriix actually applied
# Generated by cendriix@agent.sre.provision
resource
"aws_db_instance" "postgres_primary" {
engine = "postgres"
engine_version = "15.4"
instance_class = "db.t4g.medium"
multi_az = true
backup_retention_period = 7
storage_encrypted = true
deletion_protection = true
}

Top: what you see as a founder. Bottom: the complete Terraform that Cendriix applied on your behalf, stored in your audit trail. Your engineering team can inspect every line, any time, in full. You never need to look at it.

Ready to stop writing infra?

The first sandbox is free. No cloud account required. Pick your cloud later, or never.

See it live in the app: view the sandboxes console