feat(experiment): create and delete developer sandboxes

[vegeris]

Changelog

Experimental Feature: --experiment sandboxes

We're adding support for managing Slack developer sandboxes from within the CLI. We now allow one to create or delete a sandbox from the CLI.

• sandbox create allows you to create a new developer sandbox.
• sandbox delete allows you to archive an existing developer sandbox.

Summary

This PR adds sandbox create and sandbox delete commands, which allow one to create or delete a sandbox from the CLI.

Follow up to #379

Testing

Try out the commands:

% hermes sandbox create --experiment=sandboxes --name "my-test-box" --password "secretPassword"

% hermes sandbox delete --experiment=sandboxes --sandbox-id E012345

Requirements

• I've read and understood the Contributing Guidelines and have done my best effort to follow them.
• I've read and agree to the Code of Conduct.

[codecov]

Codecov Report

❌ Patch coverage is 67.54386% with 74 lines in your changes missing coverage. Please review.
✅ Project coverage is 67.03%. Comparing base (4d5f768) to head (a35fbc3).
⚠️ Report is 7 commits behind head on main.

Files with missing lines	Patch %	Lines
internal/api/sandbox.go	0.00%	46 Missing ⚠️
cmd/sandbox/create.go	85.83%	10 Missing and 7 partials ⚠️
cmd/sandbox/delete.go	83.05%	6 Missing and 4 partials ⚠️
cmd/sandbox/sandbox.go	66.66%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #389      +/-   ##
==========================================
+ Coverage   67.01%   67.03%   +0.01%     
==========================================
  Files         218      220       +2     
  Lines       18090    18318     +228     
==========================================
+ Hits        12123    12279     +156     
- Misses       4833     4892      +59     
- Partials     1134     1147      +13     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[vegeris]

Preview:

% hermes sandbox create --experiment=sandboxes --name "EV test box 7245"  --password "jhsdjdkhfkdfgkgd"

🏖️  Sandbox Created
   Team ID: E0197Q6CTV1
   URL: https://ev-test-box-7245.enterprise.dev.slack.com/

Manage this sandbox from the CLI or visit
https://api.slack.com/developer-program/sandboxes

[mwbrooks]

praise: Excellent formatting choice!

[vegeris]

Preview:

% hermes sandbox delete --experiment=sandboxes --sandbox-id E0196ATAVGT
Choose a Slack team where your email address matches your Slack developer account
? Select a team for authentication slackforceorg E014LMDF01H

⚠️  Danger zone
   Sandbox (E0196ATAVGT) and all of its data will be permanently deleted
   This cannot be undone

? Are you sure you want to delete the sandbox? Yes

✅ Sandbox deleted
   Sandbox E0196ATAVGT has been permanently deleted

🏖️  Developer Sandboxes
   Owned by Slack developer account ev@mail.com

  EV test box 8274368 (E0123456)
    URL: https://ev-test-box-29378.slack.com
    Status: ACTIVE
    Created: 2026-03-12
    Expires: 2026-09-12

Learn more at https://docs.slack.dev/tools/developer-sandboxes

[zimeg]

🫧 thought: This is solid! I'm optimistic that a conclusion of the charm experiment might let us hide selections and warnings earlier for outputs that are focused on the result, but nothing to think about in this PR!

[mwbrooks]

praise: Excellent formatting choice!

[vegeris]

I'm wondering if it makes sense to support both of these ways of setting archive date; alternatively we could just accept the date. We currently archive sandboxes via a nightly cron job so even if you create a sandbox with a time to live of a few hours, it won't get archived until that job runs

[mwbrooks]

two-cents: I actually like both flags --archive-date <YYYY-MM-DD> and --archive-ttl <str>. In CI/CD environments, I think the --archive-ttl will be easier to use while --archive-date is more preferred for a human.

If the Slack API supports both, I think we should support both. We'll just need to make sure that developers can't provide both together and document the various expressions supported by TTL.

[zimeg]

@vegeris LGTM! Thanks for bringing a complete sandbox experiment to scripting. I'm excited for these options 🌈 ✨

A few comments that follow are quibbles to implementation but nothing that ought block this from merging. It might be nice to add more tests to API methods, but we can explore some of this in future changes of course 🚢 💨

[zimeg]

🧪 question: Do we have adjacent unit test or two for these API methods?

[zimeg]

💌 praise: Super helpful comment for the unfamiliar explorers I think! Thanks for adding this and team prompts also!

🔭 thought: We might have adjacent experimental changes that we can use to inline this as "help" text within the prompt - #400. It might be nice to revisit this output once that becomes stable?

Suggested change

	clients.IO.PrintInfo(ctx, false, "%s", style.Secondary("Choose a Slack team where your email address matches your Slack developer account"))
	// TODO(experiment:charm): Change this to prompt "help" message once charm is stable
	clients.IO.PrintInfo(ctx, false, "%s", style.Secondary("Choose a Slack team where your email address matches your Slack developer account"))

[zimeg]

🌟 praise: To kind epoch!

[zimeg]

🐭 suggestion: We can perhaps use strings.Trim here instead?

[zimeg]

🔍 suggestion: I forget what "string" characters are available in a loop, but would the strings.ToLower or the unicode.ToLower function be more clear here?

[zimeg]

Suggested change

	Text: "Sandbox deleted",
	Text: "Sandbox Deleted",

🧮 suggestion: Title casings for section headers!

[zimeg]

🫧 thought: This is solid! I'm optimistic that a conclusion of the charm experiment might let us hide selections and warnings earlier for outputs that are focused on the result, but nothing to think about in this PR!

[zimeg]

🏁 issue(non-blocking): We might want prompt alternatives for required flags but no blocker for this PR!

[zimeg]

🍕 praise: Toward common workplace shenanigan IIRC!

[zimeg]

Suggested change

	tests := []struct {
	name string
	tests := map[string]struct {

🧪 quibble: Let's use table tests here! I was confused in thinking "24h" was both the expected case and actual result at a glance...

[zimeg]

👾 ramble: And perhaps a bounds of expected archive date might be most confident in testing? Like, some "24h" is greater than now but less than "48h" from now?

[mwbrooks]

Agreed, we have a standard table test format now and all of our other tests have been updated to use it. Let's use it here too.

[mwbrooks]

✅ Looking good @vegeris! Thank you for adding the sandbox create and sandbox delete commands.

🧪 Local testing works well!

✏️ I've left some suggestions that I'd appreciate you handle before merging this PR. The 🔡 alphabetical ones feel like nits but go a long way for future maintainers who need to read and find content.

[mwbrooks]

two-cents: I actually like both flags --archive-date <YYYY-MM-DD> and --archive-ttl <str>. In CI/CD environments, I think the --archive-ttl will be easier to use while --archive-date is more preferred for a human.

If the Slack API supports both, I think we should support both. We'll just need to make sure that developers can't provide both together and document the various expressions supported by TTL.

[mwbrooks]

suggestion: In the Long Description can be list all of the available formats for TTL? 1h, 1d, 1w?, 1m? 1y?, etc

[mwbrooks]

question: Should this be Cannot be used with --archive-ttl?

Suggested change

	cmd.Flags().StringVar(&createCmdFlags.archiveDate, "archive-date", "", "Explicit archive date in yyyy-mm-dd format. Cannot be used with --archive")
	cmd.Flags().StringVar(&createCmdFlags.archiveDate, "archive-date", "", "Explicit archive date in yyyy-mm-dd format. Cannot be used with --archive-ttl")

[mwbrooks]

question: Have we checked what happens when we throw a panic(err) here? I don't want developers to see some Golang stack trace.

I don't think we've used the .MarkFlagRequired anywhere before.

[mwbrooks]

praise: Excellent formatting choice!

[mwbrooks]

suggestion: We'd really appreciate it if you can alphabetize these to be declared above the ListSandboxes function. 🙏🏻

[mwbrooks]

nit: Alphabetical please

Suggested change

	sandboxListMethod = "developer.sandbox.list"
	sandboxCreateMethod = "enterprise.signup.createDevOrg"
	sandboxDeleteMethod = "developer.sandbox.delete"
	sandboxCreateMethod = "enterprise.signup.createDevOrg"
	sandboxDeleteMethod = "developer.sandbox.delete"
	sandboxListMethod = "developer.sandbox.list"

[mwbrooks]

nit: Alphabetical please

Suggested change

	ListSandboxes(ctx context.Context, token string, filter string) ([]types.Sandbox, error)
	CreateSandbox(ctx context.Context, token, name, domain, password, locale, owningOrgID, template, eventCode string, archiveDate int64) (teamID, sandboxURL string, err error)
	DeleteSandbox(ctx context.Context, token, sandboxID string) error
	CreateSandbox(ctx context.Context, token, name, domain, password, locale, owningOrgID, template, eventCode string, archiveDate int64) (teamID, sandboxURL string, err error)
	DeleteSandbox(ctx context.Context, token, sandboxID string) error
	ListSandboxes(ctx context.Context, token string, filter string) ([]types.Sandbox, error)

[mwbrooks]

nit: Please declare this at the top of the file.

[mwbrooks]

nit: Please put the CreateSandbox and DeleteSandbox above the ListSandbox.