E2B sandbox audit log in Airtable with Slack security alerts

Build me a compliance audit trail for every E2B sandbox launch. I want to capture each new sandbox in Airtable the moment it starts, and have Geni post a Slack alert to our security channel whenever the launch looks suspicious.

Trigger: a webhook from E2B on the sandbox.lifecycle.created event. Set this up by calling E2B's Create Webhook operation and pointing it at this workflow's webhook URL. E2B signs the payload with an HMAC signatureSecret, so make sure verification is wired in.

When the webhook fires, parse the payload and pull out the sandbox ID, template ID, requested TTL, the keys (not values) of any env vars, and whatever metadata E2B returns about which user, agent, or workflow triggered the launch. Then call E2B List Templates to resolve the template ID to a human-readable template name so the log is actually readable.

Use Airtable Create Records to append a structured row to a base called Sandbox Audit Log. The row should include: timestamp, sandbox ID, template name, template ID, requested TTL in seconds, env var keys (comma-separated, values redacted), and the actor metadata fields (user, agent, workflow if present). Let me supply the Airtable base ID and table name.

After the row is written, run anomaly screening. Flag the launch if any of these are true: (1) the template name is not in my approved-templates allowlist, (2) any env var key matches a prod-sensitive pattern like *PROD*, *SECRET*, or *_TOKEN*, or (3) this actor (from the metadata) has launched more than N sandboxes in the last 5 minutes. Default N to 5 and let me override it, along with the regex patterns and the allowlist.

On a flag, call Slack Bot Send a Message into my security channel with a short alert: the sandbox ID, the rationale (which check tripped and why), the actor, and a link to the Airtable record. Keep the message tight and scannable. Don't alert on clean launches, just write the audit row.

Make all the thresholds and the env var key regex patterns easily editable in one place so I can tune them without rewriting the workflow.

Additional information

What does this prompt do?

Captures every E2B sandbox the moment it launches and writes a structured audit row to Airtable.
Resolves the template ID to a human-readable name so your audit log is actually readable.
Logs the safe stuff: timestamp, sandbox ID, template name, requested TTL, environment variable keys (never their values), and the user, agent, or workflow that triggered the launch.
Watches for suspicious launches and posts a Slack alert when it sees an unknown template, a prod-looking secret name, or a burst of sandboxes from the same actor.

What do I need to use this?

An E2B account with permission to create webhooks on your team.
An Airtable base with a Sandbox Audit Log table ready to receive rows.
A Slack workspace and a security or compliance channel for Geni to post alerts in.

How can I customize it?

Change the burst threshold (default: more than five sandbox launches from the same actor in five minutes).
Edit the patterns that count as prod-sensitive environment variable names, for example PROD, SECRET, or anything ending in _TOKEN.
Maintain an allowlist of approved template names so unfamiliar templates get flagged automatically.
Point Geni at a different Airtable base or table, or send alerts to a different Slack channel.

Frequently asked questions

Are my secret values ever written to Airtable?

No. Geni only logs the names of your environment variables (the keys), never the values. So you might see a row that mentions DATABASE_URL was set, but never the actual connection string.

What exactly gets recorded for each sandbox?

Timestamp, sandbox ID, template name and ID, requested time-to-live, the keys of any environment variables, and whatever metadata E2B returns about who or what triggered the launch.

How does Geni know who launched the sandbox?

E2B includes metadata on every launch identifying the user, agent, or workflow that started it. Geni reads those metadata fields and writes them into the audit row, so you can filter the log by actor.

What counts as suspicious, and can I change it?

By default, Geni flags sandboxes that use a template your team has not used before, environment variable names that look like production secrets, and bursts of more than five launches from the same actor inside five minutes. All three thresholds and patterns are easy to tune.

What if E2B is briefly unreachable when the alert needs to be sent?

The audit row is written as soon as the launch event comes in, so nothing is lost. If a Slack alert fails, Geni retries and surfaces the error in the run history so you can replay it.