Architecture
Rigbox separates platform operations from user code. Your workspaces run in isolated micro-VMs that have no access to platform credentials, other users’ data, or control plane services.Workspace isolation
Each workspace is a Firecracker micro-VM — not a container. This gives you:- Dedicated kernel — each VM boots its own Linux kernel, fully independent from other workspaces
- Own filesystem — isolated ext4 disk with no shared volumes
- Private network — workspaces cannot communicate with each other directly
- systemd init — full Linux userspace with service management
- No platform secrets — credentials and internal tokens never enter the VM
App routing
When you expose a port from a workspace, Rigbox creates a public URL with automatic HTTPS:- Each app gets a unique subdomain:
{name}.rigbox.dev - HTTPS termination is automatic — your service only needs to listen on HTTP inside the VM
- Routes are created and removed dynamically as you add or delete apps
- Visibility controls determine who can access each app (public, private, or privileged)
AI proxy
The managed AI proxy lets your workspace code call AI providers without holding API keys:- Provider API keys never enter your VM — the proxy injects them at request time
- Token usage is metered and deducted from your credit balance
- The proxy is opt-in per workspace — activate via the API or CLI (
rig proxy on) - Supports Anthropic, OpenAI, Google Gemini, and Brave Search
Regions
Workspaces run in specific regions. SSH connections to{region}.rigbox.dev (e.g., eu-west-1.rigbox.dev) connect directly to the region for lowest latency. The base hostname rigbox.dev routes to any region but may add latency depending on your location.
See SSH Access for connection details.
Learn more
Security & Isolation
Credential protection, access control, and network model
Resource Limits
Plan tiers, quotas, and rate limits