> ## Documentation Index
> Fetch the complete documentation index at: https://docs.budscollab.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Sandboxing

> How generated code moves from private preview to validated artifact.

The sandbox is a workbench, not the installed app. Eve and other sandbox agents
must return a validated exported artifact; the live sandbox itself is not
installed. Treat the live sandbox as not installed in BudsCollab.

```text theme={null}
blueprint -> sandbox preview -> exported artifact -> validation -> registry review
```

Generated projects should never receive BudsCollab secrets or private runtime
imports. Static games and custom renderers should export to a sandboxed iframe
artifact with a typed host bridge.

Sandbox-ready projects should expose the same artifact scripts that Eve uses:

```bash theme={null}
pnpm run build:budscollab-artifact
pnpm run validate:budscollab-artifact
```

Those scripts must emit `budscollab.blueprint.json`,
`budscollab.package.json`, `budscollab-app-review.json`,
`budscollab-showcase.json`, and `SHOWCASE.md`.

Eve sandbox agents also carry `sandbox-sdk-handoff.json`. That envelope names
the artifacts Eve may return to review, including
`budscollab-registry-acceptance-request.json`,
`budscollab-registry-publisher-verification.json`,
`budscollab-registry-review-evidence.json`, and
`budscollab-registry-signing-request.json`, and
`budscollab-registry-install-policy.json`, and keeps
`marketplaceInstallAllowed` false until a production artifact store, artifact
hash, review storage, artifact signing, and host install policy exist. The
artifact hash must be stored before any install path opens.

They also carry `sandbox-artifact-receipt.json`. That receipt is local evidence
that the sandbox returned validated SDK artifacts, requires a SHA-256 digest
policy, and keeps `liveSandboxInstallAllowed`, `marketplaceInstallAllowed`, and
`installableUntilSigned` false. It does not claim production artifact storage is
implemented.

Use `pnpm verify:eve:local` to check the public Eve sandbox contract and the
checked-in Research Bud handoff files when they are present. Use
`pnpm verify:eve:artifacts ./sandbox-output` after a sandbox run to verify that
the returned artifact directory contains the handoff, receipt, review, showcase,
registry preflight, and signing artifacts before review.
