feat(experiment): create and delete developer sandboxes

[vegeris]

Changelog

Experimental Feature: --experiment sandboxes

We're adding support for managing Slack developer sandboxes from within the CLI. We now allow one to create or delete a sandbox from the CLI.

• sandbox create allows you to create a new developer sandbox.
• sandbox delete allows you to delete an existing developer sandbox.

Summary

This PR adds sandbox create and sandbox delete commands, which allow one to create or delete a sandbox from the CLI.

Follow up to #379

Testing

Try out the commands:

% hermes sandbox create --experiment=sandboxes --name "my-test-box" --password "secretPassword"

% hermes sandbox delete --experiment=sandboxes --sandbox-id E012345

Requirements

• I've read and understood the Contributing Guidelines and have done my best effort to follow them.
• I've read and agree to the Code of Conduct.

[codecov]

Codecov Report

❌ Patch coverage is 83.33333% with 48 lines in your changes missing coverage. Please review.
✅ Project coverage is 68.93%. Comparing base (8b31c6a) to head (b5de063).
⚠️ Report is 2 commits behind head on main.

Files with missing lines	Patch %	Lines
cmd/sandbox/create.go	84.66%	20 Missing and 5 partials ⚠️
cmd/sandbox/delete.go	73.52%	14 Missing and 4 partials ⚠️
internal/api/sandbox.go	95.83%	1 Missing and 1 partial ⚠️
internal/style/style.go	0.00%	2 Missing ⚠️
cmd/sandbox/sandbox.go	66.66%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #389      +/-   ##
==========================================
+ Coverage   68.62%   68.93%   +0.30%     
==========================================
  Files         218      220       +2     
  Lines       18162    18446     +284     
==========================================
+ Hits        12464    12716     +252     
- Misses       4538     4558      +20     
- Partials     1160     1172      +12     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[vegeris]

Preview:

% hermes sandbox create --experiment=sandboxes --name "EV test box 7245"  --password "jhsdjdkhfkdfgkgd"

🏖️  Sandbox Created
   Team ID: E0197Q6CTV1
   URL: https://ev-test-box-7245.enterprise.dev.slack.com/

Manage this sandbox from the CLI or visit
https://api.slack.com/developer-program/sandboxes

[mwbrooks]

praise: Excellent formatting choice!

[vegeris]

Preview:

% hermes sandbox delete --experiment=sandboxes --sandbox-id E0196ATAVGT
Choose a Slack team where your email address matches your Slack developer account
? Select a team for authentication slackforceorg E014LMDF01H

⚠️  Danger zone
   Sandbox (E0196ATAVGT) and all of its data will be permanently deleted
   This cannot be undone

? Are you sure you want to delete the sandbox? Yes

✅ Sandbox deleted
   Sandbox E0196ATAVGT has been permanently deleted

🏖️  Developer Sandboxes
   Owned by Slack developer account ev@mail.com

  EV test box 8274368 (E0123456)
    URL: https://ev-test-box-29378.slack.com
    Status: ACTIVE
    Created: 2026-03-12
    Expires: 2026-09-12

Learn more at https://docs.slack.dev/tools/developer-sandboxes

[zimeg]

🫧 thought: This is solid! I'm optimistic that a conclusion of the charm experiment might let us hide selections and warnings earlier for outputs that are focused on the result, but nothing to think about in this PR!

[mwbrooks]

praise: Excellent formatting choice!

[zimeg]

@vegeris LGTM! Thanks for bringing a complete sandbox experiment to scripting. I'm excited for these options 🌈 ✨

A few comments that follow are quibbles to implementation but nothing that ought block this from merging. It might be nice to add more tests to API methods, but we can explore some of this in future changes of course 🚢 💨

[zimeg]

🌟 praise: To kind epoch!

[zimeg]

🫧 thought: This is solid! I'm optimistic that a conclusion of the charm experiment might let us hide selections and warnings earlier for outputs that are focused on the result, but nothing to think about in this PR!

[zimeg]

🏁 issue(non-blocking): We might want prompt alternatives for required flags but no blocker for this PR!

[vegeris]

I went ahead and added those prompts 👀

[zimeg]

🍕 praise: Toward common workplace shenanigan IIRC!

[vegeris]

I changed this line to just Team domain. If not provided, will be derived from org name, thinking we don't need to give an example of a domain. If it makes the messaging more fun / Slack-y I can bring it back!

[zimeg]

Suggested change

	tests := []struct {
	name string
	tests := map[string]struct {

🧪 quibble: Let's use table tests here! I was confused in thinking "24h" was both the expected case and actual result at a glance...

[zimeg]

👾 ramble: And perhaps a bounds of expected archive date might be most confident in testing? Like, some "24h" is greater than now but less than "48h" from now?

[mwbrooks]

Agreed, we have a standard table test format now and all of our other tests have been updated to use it. Let's use it here too.

[vegeris]

Updated!

[mwbrooks]

✅ Looking good @vegeris! Thank you for adding the sandbox create and sandbox delete commands.

🧪 Local testing works well!

✏️ I've left some suggestions that I'd appreciate you handle before merging this PR. The 🔡 alphabetical ones feel like nits but go a long way for future maintainers who need to read and find content.

[mwbrooks]

suggestion: In the Long Description can be list all of the available formats for TTL? 1h, 1d, 1w?, 1m? 1y?, etc

[vegeris]

Good point; I also updated the parsing of archiveTTL to only recognize day/week/month; no 'hour' option (though we'll likely look at adding support for these shorter archive times in the future)

[mwbrooks]

praise: Excellent formatting choice!

[vegeris]

Decided to include support for the partner flag, since we have validation on the backend to make sure only partner developers can create partner sandboxes

[vegeris]

🏁 I added some basic validation around acceptable archive dates but I'm not sure if we want to keep this in the CI; the backend will error out if an invalid date is provided but the error message isn't particularly user friendly (it's the generic 'invalid_args' response). This at least highlights which arg is invalid

[vegeris]

Actually, I think I'll just include validation for 'date cannot be in the past' for the --archive-date flag and that's it. It's not possible to provide a date in the past for --archive-ttl anyway. This just leaves out any extra validation for max archive date (backend will return invalid_args)

[vegeris]

I'm going to go ahead and merge but happy to do a follow up if anything else comes up 🚀