Workspace
Introduction
Oblien Workspace gives you cloud workspaces - full Linux microVMs you can create, control, and destroy through code. Each workspace is a hardware-isolated VM with its own kernel, filesystem, network, and resources. Use them to run AI agents, deploy services, develop remotely, or execute untrusted code.
What you can do
- Spin up environments in seconds - Ubuntu, Node.js, Python, Go, Rust, Redis, Postgres
- Execute code remotely - run commands, stream output, manage long-running tasks
- Open terminals - full interactive shell sessions over WebSocket
- Control networking - firewall rules, public port exposure, outbound IP selection
- SSH access - connect from any terminal with password or key auth
- Manage resources - scale CPU, memory, and disk on the fly
- Snapshot & restore - save state and roll back instantly
- Run workloads - managed background processes with logs and lifecycle control
- Monitor everything - live CPU/memory/network stats via SSE streaming
Who it's for
| Use Case | How |
|---|---|
| AI agents | Give your agent a permanent workspace to live in - or create task workspaces on demand |
| Service hosting | Deploy an API server, database, or background worker with a custom domain |
| Dev environments | SSH into a pre-configured environment with terminals, port forwarding, and live preview |
| Code execution | Run untrusted code in isolated microVMs with resource limits and TTL |
| CI/CD runners | Ephemeral build environments that self-destruct after the job |
| API testing | Isolated environments per request with full network control |
Architecture
Your App ──▶ Oblien SDK / REST API ──▶ Oblien Platform ──▶ Micro-VM
(oblien/workspace) (isolated workspace)Each workspace runs as a lightweight microVM with:
- Dedicated kernel - full process isolation, not a container
- Writable filesystem - persistent storage with snapshots
- Virtual network - configurable firewall, public access, outbound IP
- Resource limits - hard caps on CPU, memory, disk
Two ways to interact
npm install oblienimport Oblien from 'oblien';
const client = new Oblien({
clientId: process.env.OBLIEN_CLIENT_ID,
clientSecret: process.env.OBLIEN_CLIENT_SECRET,
});
// Create a workspace
const workspace = await client.workspaces.create({
name: 'my-sandbox',
image: 'node-20',
config: { cpus: 2, memory_mb: 2048 },
});
// Get a scoped handle - bind the ID once
const ws = client.workspace(workspace.id);
// Start and connect to the runtime
await ws.start();
const rt = await ws.runtime(); // auto-enables Runtime API + caches token
const result = await rt.exec.run(
['node', '-e', 'console.log("Hello from the cloud!")'],
);
console.log(result.stdout); // "Hello from the cloud!"
// Sub-resources are also scoped - no ID needed
await ws.ssh.enable();
await ws.snapshots.create();
const stats = await ws.metrics.stats();
// Clean up
await ws.delete();# Create a workspace
curl -X POST https://api.oblien.com/workspace \
-H "X-Client-ID: $OBLIEN_CLIENT_ID" \
-H "X-Client-Secret: $OBLIEN_CLIENT_SECRET" \
-H "Content-Type: application/json" \
-d '{
"name": "my-sandbox",
"image": "node-20",
"config": { "cpus": 2, "memory_mb": 2048 }
}'
# Enable Runtime API + get a runtime token
curl -X POST https://api.oblien.com/workspace/{id}/runtime-api-access/enable \
-H "X-Client-ID: $OBLIEN_CLIENT_ID" \
-H "X-Client-Secret: $OBLIEN_CLIENT_SECRET"
# Execute a command via the runtime
curl -X POST https://workspace.oblien.com/exec \
-H "Authorization: Bearer $RUNTIME_TOKEN" \
-H "Content-Type: application/json" \
-d '{ "command": ["node", "-e", "console.log(\"Hello from the cloud!\")"] }'
# Delete
curl -X DELETE https://api.oblien.com/workspace/{id} \
-H "X-Client-ID: $OBLIEN_CLIENT_ID" \
-H "X-Client-Secret: $OBLIEN_CLIENT_SECRET"Next steps
- Quickstart - Create your first workspace in 5 minutes
- Authentication - API keys and tokens
- SDK Setup - Install and configure the SDK
- API Reference - Complete endpoint documentation
- Plans & Pricing - Compare plans and resource limits