Design a sandboxed cloud IDE

System design: Sandboxed cloud IDE (Colab-like)

Design a multi-tenant, browser-based cloud IDE/notebook that lets users run code in an isolated sandbox (similar to hosted notebooks).

Core user experience

• User opens a workspace (project/notebook), edits code in the browser, and runs cells/commands.
• Output appears in the UI (stdout/stderr, rich output).
• Users can view streaming logs while code runs.

Requirements

Functional

• Provision an isolated compute environment per workspace/session.
• Execute arbitrary user code safely (sandboxing).
• Stream execution output/logs to the browser in near real time.
• Support basic file operations (upload/download, persisted workspace state).
• Basic collaboration is optional (call out if you include it).

Non-functional

• Strong isolation between tenants (security is primary).
• Reasonable startup latency for a new session.
• Support autoscaling and fair resource sharing.
• Observability: metrics, tracing, audit logs.

Focus areas to cover

• How you choose and manage the compute substrate (VMs vs containers vs microVMs).
• Isolation model (filesystem, network, process, credentials).
• Log/output streaming architecture.
• Lifecycle management: create, run, idle, suspend/resume, terminate.
• Data persistence strategy (workspace files, checkpoints).

State assumptions and provide an API sketch and high-level architecture diagram description.