MCP Path

Sandbox create (max)

Sandbox create (max) is a public reference for browser environment, window state, and isolated execution surfaces. It names the signal, policy, or flow an agent should understand before choosing a concrete tool.

Catalog path

Reference page for a documented MCP capability path.

Type: MCP path
Family: Sandbox Management
Effect: read-only
Status: Reference
Path: 33.5

Purpose

What this entry explains

What it does

This reference explains Sandbox create (max) for browser environment, window state, and isolated execution surfaces. It is kept as a named reference so agents can cite the flow without inventing a tool name.

Use when

Use this entry when an agent needs to check the state or evidence for "Sandbox create (max)" for browser environment, window state, and isolated execution surfaces.
Use it as a reference path when the catalog describes a capability but no single public tool name is explicit.
Use it before chaining follow-up tools so the next step is based on current evidence.

Reference Use

How agents should cite and apply this area

Examples are maintained at family level and use only public tool names or reference paths already present in the catalog.

Signal, gate, behavior, boundary

Sandbox create (max) describes a signal for browser environment, window state, and isolated execution surfaces. The path shows which signal, gate, behavior, or boundary must be checked before choosing a concrete tool.

When agents cite it

An agent cites this path when it needs Sandbox create (max) as context for a decision, block, target check, or follow-up tool choice.

Why no callable name

The public source does not name one callable tool for this path. The documentation therefore keeps it as a reference path and does not invent a callable name.

Signals and rule

Relevant response signals: sandbox_create. Safety axes: Read current state, Browser state. The reference path alone is not permission to execute. Before acting, check current MCP discovery, visible target, scope, and the actual response.

Family example

An agent needs to change visible state in browser environment, window state, and isolated execution surfaces without guessing target or result from an earlier session.

The agent starts with nova.sandbox_context, reads the current response or reference, and only then chooses the concrete next tool.

nova.sandbox_context nova.resolve_sandbox nova.tabs

Change only the confirmed target, then check visible state and stop on mismatch.

Contract

Inputs and important response fields

This page is a public reference. Agents and integrators should still read current MCP tool discovery before execution, because schemas can be gated by settings or version.

Inputs

No stable public input field is derived from the catalog source for this path. Read current MCP discovery before execution.

Response field	Explanation
`sandbox_create`	Response field named by the catalog source. Treat it as current evidence for the next decision.

Safety

Boundary before execution

Effect

Reads current state or evidence. It should not be treated as permission to act without a fresh next-step check.

Agent rule

Use the response as current evidence, then choose a more specific next tool only after target, scope, and freshness are clear.

Human control

For humans, this entry explains what an agent reads in browser environment, window state, and isolated execution surfaces and which current signal should be checked before trusting the result.

High-Impact Review

Execution boundary and recheck hints

Review category: Auto-apply/mutating flows

Execution boundary

Mutating steps may run only with confirmed target, expected effect, user control, and result check.

Typical false assumption

False assumption: a guard or auto-apply signal replaces current target and result checks.

Visible user control

The user must be able to review action, target, approval, block signal, and visible result.

Agent rule

Execute only the intended step, then verify state and stop on warning, block, or target change.

Abort or recheck

Recheck if candidate budget, gate, visible state, or expected effect do not line up.

Safety Axes

How this path can affect work

Axes are stable catalog signals for humans, agents, and LLM discovery. One path can carry several axes.

Read current state read_current_state

Reads current state, response signals, or evidence without treating that alone as permission for a follow-up action.

Use the signal as current evidence and re-check target, scope, and visible state before any follow-up action.

Browser state browser_state_change

Changes tab, navigation, focus, claim, scroll position, window state, or browser environment.

Confirm the target context visibly before execution and verify that the expected browser state was reached afterwards.