Glossary
InfrastructureEmerging

Ephemeral Workbench

A sandboxed, disposable execution environment provisioned on demand for each agent task and destroyed after use.

Definition

An Ephemeral Workbench is a sandboxed, disposable execution environment that is provisioned on demand for each agent task and destroyed after the task completes. Every agent receives a clean, isolated workspace — never the production codebase or a shared development environment. This isolation is the foundation of the Ephemeral Infrastructure pillar in the Agentic Development Handbook.

Each workbench is configured with the following properties:

  1. Clean Codebase Copy — the agent starts from a known-good state of the repository, eliminating interference from other concurrent agent tasks or uncommitted human changes.
  2. Scoped Access — the workbench grants access only to the files, services, and credentials specified in the Live Spec. The agent cannot reach resources outside its task boundary.
  3. No Shared State Mutation — the agent cannot modify shared databases, configuration stores, or other persistent infrastructure directly. All changes are contained within the workbench.
  4. Artifact Extraction — when a task completes, the Eval Harness validates the output and extracts approved artifacts (code, tests, documentation) before the workbench is torn down.

The security properties of this model follow directly from its disposable nature:

  • Blast Radius Containment — a compromised or misbehaving agent can only affect its own isolated environment, not the broader system.
  • No Persistent Access — credentials and secrets are injected at provisioning time and destroyed with the workbench, leaving no residual access tokens.
  • Auditable by Default — because each workbench maps to exactly one task, every action within it is attributable and traceable.
  • Prompt Injection Resistance — even if an agent is manipulated through its input, the damage is confined to a disposable environment with limited scope.

Ephemeral Workbenches impose a per-task infrastructure cost, but this cost is offset by the elimination of environment drift, dependency conflicts, and the security overhead of managing persistent agent access.

Last updated: 3/11/2026