Reference

Sandboxes

Sandboxes let Cessy run controlled custom code for workflows that cannot be expressed declaratively. Use them carefully.

Good sandbox use

  • deterministic data transforms
  • integration payload shaping
  • controlled policy support code
  • migration helpers
  • preview or testing utilities

Poor sandbox use

  • replacing command handlers
  • storing business state outside events
  • bypassing permissions
  • calling secrets from frontend code
  • hiding side effects that operators cannot inspect

Boundaries

Sandboxed code should have explicit inputs, outputs, credentials, timeouts, and error behavior. Keep external calls behind configured adapters when possible.

Verification

For sandbox-backed workflows, test:

  • success path
  • invalid input
  • external failure
  • timeout
  • retry behavior
  • Activity and error visibility