Not just a sandbox runner. ContactLab is the operating system for governed AI agent adoption — sandbox definitions, governance catalog, controlled execution, live monitoring, approval workflows, evidence retention, usage visibility, and role-based administration. Every capability works together as a single control loop.
Each capability is a governed surface. Together, they form the control loop that moves AI agents from informal usage to a governed operating model.
Configure runtime, base image, tools, skills, prompt templates, managed files, MCP connections, scoped secrets, and approved egress before the agent starts. Templates are reusable across teams or customizable per use case. The sandbox definition is the policy contract for the entire run.
Agents run in one-shot environments that exist only for the task duration. The runner is provisioned, the agent executes, evidence is captured, and the environment is destroyed. No persistent access. No residual credentials. No cross-session contamination between tenants or teams.
Network starts default-deny. Only pre-approved destinations are reachable. Cloud identity is scoped per workload. Secrets are injected only during execution and never persist beyond the session. The agent reaches only what the sandbox explicitly permits.
View run status, tool activity, runtime events, policy blocks, and token usage in real time. Cancel runaway runs. Keep execution inside predefined boundaries. Every action the agent takes is captured as a structured event in the session history.
Route sensitive execution steps through human approval before the agent continues. Security and platform teams control what requires review. No agent action bypasses your approval workflow. Reviewers see full context before deciding.
Artifacts, diffs, manifests, and logs are stored in tenant-scoped storage with configurable retention. Evidence survives the ephemeral runner. Reviewers see what changed in the codebase hours or months after the session ended.
Track active runs per team, token consumption, cost signals, and governance metrics across your organization. See which teams adopt agents fastest, where policies trigger most, and where governance maturity stands.
Every session produces a structured record connecting the agent's actions to organizational policy. Session metadata, tool calls, policy decisions, artifact manifests, and review outcomes are retained for compliance and audit.
Tenant-scoped login, role-based permissions, and user administration. Control who can define sandboxes, launch runs, approve actions, and review evidence. Every user operates within their assigned scope. Cross-tenant access is impossible by design.
No cold-start problem. ContactLab ships with a curated catalog of pre-configured resources your teams use from day one. Security pre-approves catalog items. Teams self-serve within governed boundaries.
Ready-to-use, one-click governed skills for every workflow. Your teams select from a curated catalog and launch governed execution immediately. No custom configuration. No security review per skill.
Teams start with platform-managed templates instead of building from scratch. Choose a sandbox, select skills, attach context, and launch. Governance is embedded in every catalog item — not bolted on after. Adoption starts in hours, not weeks. Governance is a capability, not a bottleneck.
Every agent run follows a three-phase governance flow. Define the boundaries, execute within them, review the outcome. The cycle repeats with continuous improvement.
Platform teams configure sandbox templates: runtime, tools, network policy, secrets scope, execution limits. Templates are reusable across teams. Policies are defined once, applied to every run. Teams select from the governance catalog or customize for their use case.
Agents run inside governed boundaries. Events stream in real time. Human approvals gate sensitive steps. Network and credential limits are enforced by the platform, not by agent behavior. The runner is destroyed after execution completes.
Reviewers analyze the full session: events, artifacts, policy decisions, diffs. They record an outcome — approved, rejected, or escalated. Evidence is retained for audit. Usage metrics feed back into governance maturity. Every cycle makes the next one stronger.
Every session produces a structured record that connects the agent's actions to organizational policy. This is not logging — it is evidence for compliance, audit, and continuous governance improvement.
Book a 30-minute walkthrough. See governed execution for Claude Code or Codex CLI in a live environment. Your first governed run in weeks, not months.