The only sandbox with governance built in
E2B and Daytona give you a container. Curate-Me gives you a governed execution environment with 4-tier access control, network isolation, cost caps, PII scanning, and a 41-page ops console.
Feature-by-Feature Comparison
Curate-Me is more than a sandbox — it's a full governance layer for AI agents.
| Feature | Curate-Me | E2B | Daytona | Fly.io | Self-Hosted |
|---|---|---|---|---|---|
| Tiered sandbox access | 4 tiers | ||||
| Network phase separation | |||||
| PII scanning | |||||
| Cost governance (budgets) | |||||
| HITL approval queues | |||||
| Model allowlists | |||||
| Immutable audit trail | 27 events | ||||
| Time-travel debugging | |||||
| Desktop streaming (VNC) | |||||
| Git worktree isolation | |||||
| CI auto-fix | |||||
| Ops console (dashboard) | 41 pages | Basic | Basic | Basic | |
| One-URL migration | N/A | ||||
| Multi-provider gateway | 17+ providers |
Sandbox + Governance = Production-Ready
Containers isolate compute. We govern behavior. These features don't exist in any other sandbox provider.
4-Tier Sandbox
READ_ONLY, WRITE_PROJECT, WRITE_USER, FULL_ACCESS. Others give you a container — we give you granular permission tiers with deny patterns for .env, .pem, and .git/config.
Network Phase Separation
SETUP (network on) → EXECUTION (network off) → TEARDOWN (network on). No other sandbox provider cuts network during execution to prevent data exfiltration.
Cost Governance
Per-request cost limits, daily budget caps, cost velocity anomaly detection. E2B tracks compute costs; we govern LLM costs at the request level.
HITL Approvals
Approval queues for high-cost or sensitive operations. No other sandbox provider offers human-in-the-loop gates for agent actions.
PII Scanning
Regex scan for API keys, passwords, SSNs, and PII before any request hits an LLM provider. Block or redact automatically.
Desktop Streaming
Real-time VNC streaming with takeover control. Watch your agent work, capture screenshots, set breakpoints. No other provider offers this.
How It Works
Your Agent
│
▼
┌──────────────────────────────────────────────┐
│ Curate-Me Gateway (:8002) │
│ │
│ 1. Auth (API key → org context) │
│ 2. Rate Limit (per-org, per-key) │
│ 3. Cost Estimate (vs budget) │
│ 4. PII Scan (secrets, credentials) │
│ 5. Model Allowlist (per-org) │
│ 6. HITL Gate (approval queue) │
│ │
│ ┌──────────────────────────────────┐ │
│ │ Sandbox (4-tier access control) │ │
│ │ Network Phase Separation │ │
│ │ Immutable Audit Trail │ │
│ └──────────────────────────────────┘ │
│ │
└──────────────────┬───────────────────────────┘
│
┌──────────────┼──────────────┐
▼ ▼ ▼
OpenAI Anthropic Google
GPT-5.1 Claude Opus Gemini 2.5More than a sandbox. A governance layer.
Try Curate-Me free. One URL change to get started. No credit card required.