From dd9e0168ff027822837a4bb5780927f1106f27a9 Mon Sep 17 00:00:00 2001
From: Adam Altman <adam@redocly.com>
Date: Mon, 12 Jan 2026 11:54:07 -0600
Subject: [PATCH 1/4] blog: sandbox env

---
 blog/sandbox-environments-reality-check.md | 422 +++++++++++++++++++++
 1 file changed, 422 insertions(+)
 create mode 100644 blog/sandbox-environments-reality-check.md

diff --git a/blog/sandbox-environments-reality-check.md b/blog/sandbox-environments-reality-check.md
new file mode 100644
index 00000000..0fd7fdba
--- /dev/null
+++ b/blog/sandbox-environments-reality-check.md
@@ -0,0 +1,422 @@
+---
+template: '../@theme/templates/BlogPost'
+title: The sandbox reality check
+description: Organizations want org-level sandbox environments for thousands of APIs.
+Here are the proven patterns that work at scale—and why they require platform building blocks, not just automation.
+seo:
+  title: Sandbox environments reality check | Redocly
+  description: Learn about proven org-level sandbox patterns that work at scale, what makes a real sandbox different from mock servers, and why platform building blocks matter more than automation.
+  image: ./images/sandbox-env.png
+author: adam-altman
+publishedDate: 2026-01-13
+categories:
+  - api-testing
+  - api-lifecycle
+  - developer-portal
+image: sandbox-env.png
+---
+
+# The sandbox reality check
+
+_Why organizations want org-level sandbox environments—and the proven patterns that actually work at scale._
+
+It's a common request: "Can we have a sandbox environment for all our APIs?"
+
+Especially in large organizations with thousands of APIs, teams frequently ask for an org-level sandbox pattern.
+They want developers to test integrations safely, certify workflows, and experiment without touching production.
+
+The good news: there are proven patterns that work at scale.
+
+The reality: they require platform building blocks and architectural thinking, not just automation.
+
+## The request
+
+The pattern is familiar.
+
+A payments team asks: "We need a sandbox for our 3,000+ APIs. Can the developer experience team build it?"
+
+A developer portal team asks: "Can we add a 'Try it' button that calls a sandbox directly from the documentation?"
+
+An integration team asks: "Why can't we just generate sandboxes from OpenAPI specs?"
+
+The request seems reasonable.
+After all, if you have API specifications, shouldn't you be able to create sandbox environments automatically?
+
+The answer is: **No, not really.**
+
+## Mock server vs. sandbox
+
+First, let's clarify what we're talking about.
+
+**A mock server:**
+- Generates responses based on the OpenAPI specification
+- Can be stateless or stateful (a "glorified mock server")
+- Relatively easy to build and maintain
+- Can be misleading because it doesn't reflect real system behavior
+
+**A sandbox:**
+- A real running system with realistic, stateful business logic
+- Same APIs as production, but different credentials and behavior changes
+- Environment-specific logic (fake payments, mocked rails, fake background checks)
+- Persistent, stateful behavior (create data, query it later, reset when needed)
+- Well-defined test inputs to trigger specific logical paths
+
+The difference is fundamental.
+
+A mock server answers: "Can I simulate a request/response?"
+
+A sandbox answers: "Can I simulate a use case?"
+
+## What makes a "real" sandbox
+
+A proper sandbox environment requires several critical components:
+
+**Separate environment with realistic behavior:**
+- Same authentication patterns (OAuth2, mTLS) but different keys/certificates than production
+- Environment-specific business logic (e.g., fake payment processing, mocked third-party services)
+- Realistic error handling and edge cases
+
+**Persistent, stateful behavior:**
+- You can create data (transactions, customers, orders) and query it later
+- State persists across requests until explicitly reset
+- Support for "wipe my sandbox data" functionality for developers
+
+**Well-defined test scenarios:**
+- Specific test inputs that trigger known logical paths
+- Test cards for "approved", "declined", "challenge", "timeout" scenarios
+- Country variants, currency variants, business rule variants
+- Each domain team must define and implement these scenarios
+
+**Instrumentation and analytics:**
+- Ability to observe sandbox usage (for sales, engagement, monitoring)
+- Tracking which APIs are being tested, by whom, and how often
+- Insights into integration patterns and developer behavior
+
+**Stripe as the gold standard:**
+- Stripe has one of the best sandbox implementations in the industry
+- Separate environment with rich special logic (e.g., configurable date/time)
+- Likely represents a multi-million dollar investment for that level of capability
+- Even Stripe doesn't have a "Try It" button calling sandbox directly from browser-based docs
+
+This isn't a simple problem.
+
+## The ownership problem
+
+Here's where it gets complicated.
+
+**Today's reality:**
+- Individual API/product teams are responsible for their own sandbox environments
+- Developer experience teams cannot own or build universal sandboxes
+- Any proper sandbox must be designed and implemented by API owners/business domains
+
+**Why ownership matters:**
+- Sandboxes require deep knowledge of business logic and dependencies
+- They need control over backend systems and test data
+- They require ongoing maintenance and scenario definition
+- They need domain expertise to define realistic test cases
+
+**What developer experience teams can do:**
+- Integrate with existing sandboxes (per API/team) into "Try it" where security/auth allow
+- Support patterns (e.g., proxying, "Try it" wiring) as a secondary layer
+- Provide documentation and discovery for sandbox environments
+- Help teams understand what's needed to build proper sandboxes
+
+**What developer experience teams cannot do:**
+- Stand up real sandboxes for product teams
+- Derive sandbox behavior from OpenAPI specs alone
+- Own the business logic and test scenarios
+- Make risk decisions about relaxing security requirements
+
+The developer experience team can facilitate, but they can't own.
+
+## The authentication challenge
+
+One of the biggest challenges is authentication.
+
+**mTLS and cert-based auth:**
+- Not web-friendly by design
+- To enable "Try it" from the developer portal, you'd need a backend proxy that:
+  - Holds or accesses user certs/keys securely
+  - Signs requests on behalf of the user
+- Raises security concerns and complexity (storing/uploading keys, scoping per user, etc.)
+
+**For sandbox environments:**
+- Some teams ask whether requirements can be relaxed because it's "fake money"
+- That's a business/risk decision, not a developer experience decision
+- Even sandboxes need proper security boundaries
+
+**Browser-based "Try it" limitations:**
+- Web auth constraints (mTLS not directly doable in browser; needs proxies)
+- You can't realistically do full integration flows in the developer portal UI
+- For payment-style APIs, sandbox's primary purpose is safe integration and certification, not clicking a single button on a web page
+
+True integration means system-to-system calls from the consumer's environment to the sandbox.
+
+Browser-based testing is useful, but it's not the same as real integration testing.
+
+## Why you can't derive sandboxes from specs
+
+Here's a critical point: **You cannot derive a real sandbox only from the OpenAPI spec.**
+
+**What OpenAPI specs provide:**
+- API contract (endpoints, parameters, responses)
+- Schema definitions
+- Authentication requirements
+- Basic documentation
+
+**What OpenAPI specs don't provide:**
+- Full business logic and dependencies
+- Test scenarios and edge cases
+- State management requirements
+- Integration patterns with other systems
+- Domain-specific behavior (e.g., payment processing rules)
+
+**What you need for a real sandbox:**
+- Knowledge of full business logic and dependencies
+- Control over backend systems and test data
+- Ability to configure environment-specific behavior
+- Domain expertise to define realistic test scenarios
+
+It's a spectrum, and each point on that spectrum requires different levels of investment and ownership.
+
+## The org-level pattern question
+
+Here's the reality: **There are common org-level sandbox patterns that work at scale, but they require separating "a place to safely test" from "a million snowflake sandboxes."**
+
+The main trick is architectural patterns and platform support, not magic automation.
+
+When you're dealing with hundreds or thousands of services, you can't have each team build completely independent sandboxes.
+Instead, successful organizations use one of several proven patterns.
+
+## Common org-level sandbox patterns
+
+Here are the patterns that actually work at scale:
+
+### 1. Shared sandbox environment + tenant isolation (most common)
+
+**The pattern:**
+- One (or a small number) of shared sandbox clusters
+- Isolation is done at the tenant/account level (and sometimes namespace + quotas)
+
+**Pros:**
+- Cheapest to run
+- Easiest to govern
+- Consistent developer experience
+
+**Cons:**
+- Noisy neighbors
+- Harder to support "I need prod-like data" requests
+
+**When it works well:**
+- Strong rate limits/quotas
+- Per-tenant data partitions
+- Good observability
+- Clear "no PII" policy
+
+### 2. "Sandbox is just prod, but restricted"
+
+**The pattern:**
+- Prod codepaths, but no side effects (or side effects go to a sink)
+- Hard caps on spend / rate / blast radius
+
+**Typical techniques:**
+- "Dry-run" headers (`Prefer: return=minimal`, `X-Dry-Run: true`)
+- Idempotency + policy gates that refuse "dangerous" actions unless allowlisted
+- Writes go to a shadow datastore or are auto-expired
+
+**Pros:**
+- Closest behavior to prod
+
+**Cons:**
+- Hard to guarantee no leakage
+- Requires discipline across services
+
+### 3. Virtualized / mocked sandbox at the edge ("API facade sandbox")
+
+**The pattern:**
+- A single sandbox gateway
+- Backed by mocks, simulators, contract tests, and recorded fixtures
+- Optionally selective pass-through to a few real sandboxed backends
+
+**Pros:**
+- Scales across thousands of services without running them all
+
+**Cons:**
+- Can drift from reality unless you invest in contract testing + refresh pipelines
+
+**When it works well:**
+- Partner/public APIs where "predictable" beats "perfectly prod-like"
+
+### 4. Per-team or per-domain sandboxes (federated)
+
+**The pattern:**
+- Each domain owns its own sandbox
+- Org provides a standard blueprint:
+  - DNS conventions
+  - Auth model
+  - Request tracing
+  - Quotas/rate limits
+  - Data policies
+
+**Pros:**
+- Autonomy
+- Easier for teams to maintain accuracy
+
+**Cons:**
+- Inconsistent experience unless the platform team enforces standards
+
+### 5. Ephemeral preview environments (PR-based) for integration testing
+
+**The pattern:**
+- "Sandbox" is created per PR or per branch, lives for hours/days
+
+**Pros:**
+- Very safe
+- Very realistic for change validation
+
+**Cons:**
+- Not stable enough for external consumers
+- Expensive if abused
+
+**When it works well:**
+- Internal dev velocity
+- Less good as a stable partner sandbox
+
+### 6. Synthetic-data sandboxes (data is the product)
+
+**The pattern:**
+- Environment might be stable, but the key is:
+  - Seeded synthetic datasets
+  - Deterministic fixtures per tenant
+  - Resettable state ("factory reset" endpoints)
+
+**Pros:**
+- Test repeatability
+- Easier support
+
+**Cons:**
+- Building good synthetic data is work
+
+## Cross-cutting building blocks
+
+Regardless of which pattern you choose, successful org-level sandboxes almost always include:
+
+**Separate auth + credentials:**
+- Different issuer, audience, scopes for sandbox
+- Distinct base domains (`api.sandbox.company.com`) + strict routing controls
+
+**Central gateway + policy engine:**
+- Rate limits, payload size, PII rules, method restrictions
+- Global quotas per tenant and per service
+- "Fair use" policies
+
+**Contract-first approach:**
+- OpenAPI + linting + compatibility checks to prevent sandbox drift
+- Contract testing + refresh pipelines
+
+**Write controls:**
+- Dry-run, allowlists, TTL'd resources, "side-effect sinks"
+- Traffic shaping and quotas
+
+**Observability as a product:**
+- Request IDs, traces
+- "Why was I blocked" errors
+- Usage analytics and insights
+
+These building blocks are what make org-level patterns work—they're the platform layer that enables teams to build sandboxes consistently.
+
+## Choose the right pattern
+
+The pattern you choose depends on your use case:
+
+**If you need partner onboarding at scale:**
+→ Edge-virtualized sandbox (facade) + contracts
+
+**If you need realistic behavior for internal integration:**
+→ Shared sandbox + tenant isolation + synthetic data
+
+**If you need prod parity:**
+→ Restricted-prod pattern, but invest heavily in guardrails
+
+The key is matching the pattern to your actual needs, not trying to build the perfect sandbox for every scenario.
+
+## Practical guidance
+
+So what should organizations do?
+
+**For platform/developer experience teams:**
+- Don't try to build universal sandboxes for every API
+- Do provide the building blocks (auth, gateway, policy engine, observability)
+- Do establish patterns and conventions (DNS, auth model, tracing, quotas)
+- Do integrate with existing sandboxes into "Try it" where security/auth allow
+- Do support patterns (e.g., proxying, "Try it" wiring) as a secondary layer
+- Do provide documentation and discovery for sandbox environments
+- Do enforce standards across federated sandboxes
+
+**For product/API teams:**
+- Choose the right pattern for your use case (don't default to "build our own")
+- Define whether you truly want a full sandbox or just richer, possibly stateful mocks
+- Design, fund, and implement sandbox behavior and scenarios
+- Own the business logic and test scenarios
+- Provide sandbox environments that follow org-level patterns and conventions
+
+**For organizations:**
+- Recognize that sandboxes are a platform investment, not just a developer portal feature
+- Provide the building blocks and patterns that enable consistent sandboxes
+- Support teams in choosing and implementing the right pattern
+- Don't expect developer experience teams to own business logic, but do expect them to provide platform support
+
+**The decision framework:**
+
+1. **What's your use case?**
+   - External partner onboarding → Edge-virtualized sandbox (facade) + contracts
+   - Internal integration testing → Shared sandbox + tenant isolation + synthetic data
+   - Prod parity required → Restricted-prod pattern with heavy guardrails
+
+2. **What do you actually need?**
+   - Full sandbox, stateful mock, or simple mock server?
+   - Realistic behavior or predictable behavior?
+
+3. **Who owns what?**
+   - Platform teams own building blocks (auth, gateway, policy, observability)
+   - Product teams own business logic and test scenarios
+   - Developer experience teams facilitate integration and discovery
+
+4. **What's the investment?**
+   - Platform building blocks require significant investment
+   - Individual sandboxes require domain expertise and ongoing maintenance
+   - Real sandboxes require significant investment (think Stripe's multi-million dollar capability)
+
+5. **What's the value?**
+   - Is the value worth the investment for your use case?
+   - Can you start with a simpler pattern and evolve?
+
+## The takeaway
+
+Sandbox environments are valuable, but they're not simple.
+
+**The reality:**
+- You can't derive a real sandbox from an OpenAPI spec alone
+- Sandboxes require business logic, domain expertise, and ongoing maintenance
+- There ARE proven org-level patterns that work at scale
+- But they require platform building blocks and architectural thinking, not just automation
+
+**The path forward:**
+- Organizations provide platform building blocks (auth, gateway, policy, observability)
+- Organizations establish patterns and conventions (shared, federated, virtualized, etc.)
+- Product teams choose the right pattern and own business logic
+- Platform/developer experience teams provide the infrastructure and facilitate integration
+- Everyone recognizes that sandboxes are a platform investment, not just a developer portal feature
+
+The request is reasonable, but the solution requires clarity about:
+- What pattern fits your use case
+- What building blocks you need
+- Who owns what (platform vs. product vs. developer experience)
+
+Because when it comes to sandboxes, architecture matters more than automation.
+
+The patterns exist.
+The building blocks are known.
+The question is: Are you building the platform that makes them possible?
+
+And that's the reality check.

From d4804185b82ccef8f66e999633fd2cdcaf03e529 Mon Sep 17 00:00:00 2001
From: Adam Altman <adam@redocly.com>
Date: Wed, 14 Jan 2026 08:38:55 -0600
Subject: [PATCH 2/4] chore: fix front matter

---
 blog/sandbox-environments-reality-check.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/blog/sandbox-environments-reality-check.md b/blog/sandbox-environments-reality-check.md
index 0fd7fdba..8e566d42 100644
--- a/blog/sandbox-environments-reality-check.md
+++ b/blog/sandbox-environments-reality-check.md
@@ -1,8 +1,7 @@
 ---
 template: '../@theme/templates/BlogPost'
 title: The sandbox reality check
-description: Organizations want org-level sandbox environments for thousands of APIs.
-Here are the proven patterns that work at scale—and why they require platform building blocks, not just automation.
+description: Organizations want org-level sandbox environments for thousands of APIs. Here are the proven patterns that work at scale—and why they require platform building blocks, not just automation.
 seo:
   title: Sandbox environments reality check | Redocly
   description: Learn about proven org-level sandbox patterns that work at scale, what makes a real sandbox different from mock servers, and why platform building blocks matter more than automation.

From fe7546c426e8402712288ee260f9582433e6e832 Mon Sep 17 00:00:00 2001
From: Adam Altman <adam@redocly.com>
Date: Wed, 14 Jan 2026 08:42:21 -0600
Subject: [PATCH 3/4] chore: add image

---
 blog/images/sandbox-env.png | Bin 0 -> 18202 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 blog/images/sandbox-env.png

diff --git a/blog/images/sandbox-env.png b/blog/images/sandbox-env.png
new file mode 100644
index 0000000000000000000000000000000000000000..e30dca101865bb66baa547324e14709108dc5b66
GIT binary patch
literal 18202
zcmWh!c{G&Y8@CLG7&EreV2rVbtc57c3}eYIyX<?mB;=cA24kPGQ)J7&WGN}xm$79_
zQe+z;5lVLNuiyRSJ@>xnyyx8K+~<AnXSp}Q*ieUsiI<6rii$-Si#DaAq9*?9w}EN@
zJ!N0zwNO#foERIJWBv`FRi8O|9y)s-ogM?ZJwQ%3klza&9Rcn!KvoxUd;t7=e{uwH
zJp%r<(-Yw6060Gd4)%cGJHXx+u(J;QTmycr0F*Dl#v-sX3w#;7Se(B2J`eOapTDm@
zdsBASRB$%(?)+WFS$D(P!o<bw&;|L;`N#f?hWyjYjFZ}&(~0i$5A7Gf{s6Cv&!&1V
zUZkBoCmerS2cE?qm*LO*U!K>doae?Ir-U4mn=i&YFCx7UN|H_z9voK0pSR?k*OSh_
z%>jf);O{ZuXt>w<^xWgg#o`t~3Om}`2ii-{KMh<oW}at1IW8Xp9@-sr)}2=+p3hK#
z^#6|b4}q@o^MYQWq#r1XI-Q#aVrzlvY2fYi^RzcW$0uO)8_+ukOe_O!^*~26@cA<^
z(t2?}@*=?U&)P2_{T&eNeHiX`@MQ@|xPSCC;?&3Lck(NsupH>AzDN!{dg$~g#^cc2
z?6*%m@WkbBxZ~ftF~Bnh$n6F`egm>YPjX9uk7EGo!Es;RMe`&uH*}F%06cke5n%r(
zCgmck0&p|mx6|9p>;PioE`~k>EC1&65qJ=O(e(yssRABFUbMaeCg*^*k3fb0v76EF
zAl$`=55NQBMgKbh@Beq43}n{<?H_>9JfJT0WTXdp(+SuY0=cmlLmfa;^2Ks5P+SZ6
zQ~*y(fUuMcw<2Jy?ZPklB0ckBeH?h02|UJMe4_wAW`LKkfr@&du>)9J2j2Gsgf~D<
zBM@H!{MZ6&D}ccTp!5|GkqH#L9}%N3zO`R;j{z0Liw6l8j|+jmL7@LNAQunBKe<>N
z0;=Btg@r)tAduG%kjH??e8BNBkWvHqhF&~t1QOFPs``PBPM|RU;^n^&yMfVZV0aLC
zH3DpZ1zaCov_zjYH2~$sKuSJ<F98zq7Z1t-d^S*$d|{afJgNcydkMU#0Bk}4!)zem
z;m|w?kc|Zf)6ebvF3jyNG}3@(Q{!*{vL6y`YG_6U4{2@f^p6Z!d>$1UAoad7mWoQN
zTNkZi9{Q#I={p}^3yuNKh-G>CjGS@PM!gK6s|@TF1JX4fTGeEV<@hqp!ZfJ~_I5G-
zoZF)SDZAti=V_6diK;{dVS4V<vGe3=?tb;DYwmbIeoJ0-uVnGtgAdQ-_ws+<>p0kc
z?-7)<xpVq!!8ZCXE}QB7i!UrHV4KVL>HoX><@4t^#Ws+93n`B9v6hYeXoo}vqm;b-
zl0nVW$dA6+^}o<AfM(re{x(|~rPRm%-|S?g8Q$(&newBWo<Kv<=<96A=8<8SyI%P3
zHVP6nAp5{}j^$h(GqvlVB7B)yush5K>?{j~Um8!6v|j_sbPtX2l#cgLi7QsHBqErv
z1dR~d-!9+#424UqI`Ipp6my9O6q)I18Nw%Tu9!B6xN%%uvQ&s`{X|Qbc1p(}rHRPX
zLI|3=k=$&`mZA-DP%tPhlTXele)RTrfcx!A*WO~H%x|QH_nLkf`TVBiB%#oz!L*m3
z_37;>95xDv-heiO`I;P7NH@{BnVwMa9Zi0hjiM-#4^b4xFogzO$#=P=ly*`--yT*&
zLHqh1d7;u$8zpTsQw2c^Cs~aR^EvYmk=|&bTjB=@P#!ZmF4Sx*HlHi2k<=>drat0%
z{FWAeeN<yCZaTn7L9Vk!GgbA?y6OZAn2*i6FIr}X5f7n;Ji_k4R6uHtgqSWNc%I+}
zyzeG9jT!tx)l}l4LOmCE9}V)v9HlTZ{8p6PwZRoO@RlIRX7t}CluPP>An|~}ZUW!%
zs(-4bP9rDcN4hCW>ddBGcT(_ivQuuGp$)vu<@==j$|ILJ3^Elb>?2-dt#}o-VvLMK
z)mw>th|mSWnYe>o`>P*fGZ<R*=E%SGhcR2JY^p~4J<LBnOAjXO581%xvg5ql(18=V
z1lQk^pK9~q;J1me5>cD7u=|z@J}=!AD8{R4Flf8H$_D*63GqX++N1X!m(6>Y(cf0k
zNrFh#iOz$3#U4RVNt?ZvoT?A`oLN`>C1oF8RsVjx`%2px*}EhY1$@~-Kqz=^I*$6>
z%YRi5_3MY;sh9E&nYzPhqBo#%Sa+C;E3A&=M<%<5JT+tE$L~E^W{XVO#eyt4y&jEm
z#)Qaz{qC+tqiy4wVs%fFZ=*x2LQBG3eq<<$C;bIMAycx>cKI;NtWG7#eDR@?67w}(
zR}Bkgip0Z21!isL9$pKEzD#JbR{E=Av1aTGt)^J4%GiFsVj33=CN{Q|DH6`Ev*TSX
z`Zix^>Onfs+Z&~~s=mv{fC2+P^Cdj{z80!x9XBClcZH3?Wg$>0&G+_5K+y|qQ@&y!
zG9NkBdxUMO!Io`Cgpv{($C4t(@yz%qY7kRF)?ge_1%IP~nsU&GSmO{(FP6WzOq!|H
zgU?i@a#g56R-n%&a(Bjt3%>MSI)GGJoq63r9?0bK+&ZyNIk}94vcX6?uj!1CAUTDZ
z-%^Xqjklh2<GGxkP^gZQ$7?FA#;|F5YoWT}y=j=tK6Y^Lt(eW1m8%Ri{pxYH_$oj3
zee(t;SPKg69>>Nb1WSTGb^$TiYR~@K)=Ol)AFRE@*i)&ST6=3RjD_C69G*lgNb)Vr
zs=&VPBtr$Ee$U^$Vbe85jr<v8N>UI^`g6j37**LmGBLsM;7p~l`#d!w%Oou(r}s+q
zJPL}0A*(Q8yuMatk6?2!L1IyLs5PR_IV=w3A5cniawrb=BAKd}-cF|X`wpopQV*o~
z=$l{VJIU0tAJTj9zI|;=wd7Hd&L_!z0$)>OQe=eJBf%gnCb4o}Fb1?5_UfTPX-pGY
zBzepKuGBZHm=J&LtDrPH4F!yzF!p&;09&jN4Rva;xT!zsZ5BA;r^8<XDFr2)Hrdrg
zkM}z7HTB^vW2C2lH34BiZH*^Dxt-J>)ANN+I~&jJS0mS!E{9x?U;5ns^SJffz5M%c
z?mmu9HD%JdXb4&0NC+JqH~&H8O-csCR8XyCTW#Er1|=x3>-F#grC?l@S$j}IU=o4j
z@Fo*wlIgt8AeUD^?QZp~H91f+tMlM*0;}r1FG*p+XMep@5fxLF^v=9o$kwI=t^{UA
zm`$1e@oIxBB%#wULm6psWcJN<t(vx{*v}M{Ue#(FGPoE)!ZPIqdlj&Js$lO7BjJid
zZ_+kp$6_x!u-}Q2=psSLChO^5PAmgo&vRC78SbDcl?bmkYX+2Mnn)Fm<`>4a55&k?
zMAHXb(`OSJ35Pbb(CAu=Pm*F!M02omh^*g|$l}{U-6)ev(NzU2xY?R|xcr^rX!1-C
zp_qRgs*<tQS-g1cI7|3B$?~1}DR%LT-vT348dBq8Z=pEmJXUR&(0;IC%wn2!W`AK{
zAj(b?ee&!R8+eC>R@3!BJv=E!2u>E7_2Uxqe}%3Y&AKYYouiH5L`!_L5ukQ;9s4l|
zqNj!1Gsw$Af8TalAZ$2Cs~3&<DB*3Y8E6(b;G^HYS!%rt{+y+9JAZBXI<x9<jY<|d
zuv)P%+A_sb_h;1_gp>#kxF3oueY0mX@!e(_Z>TcnZF!khD;+ZK*E}HjzC%oQVM&{Z
zyc6?d!2RY4#+d(Ig8!F-512^k;-+_s&3feLn3Ic>kQeL|KKZoKE9bRvtUbYeR<gnB
zie24S+HI_8$E|g@+VKZQH6YiQGE;)Vy*;Ma@_{eI{#7x@<-qi7%bBFnw|>plGaK$Y
zLZym>y#1Hx$x4{Wk4h-v{prfEPuupvqAOg2&`*+DrhVU@e<)3QpRo`P!Wy`~;(lew
zza?qS{MQD7{{ACbgAqC$+4_q6As7hhoq4~s?F{M9KkI&dyWq-YosTA!4C(RYx*A)&
z`UYuarFAp_uQRc>)e~b7-tX+)8=qFSqi(mYg7|m`vN8%qq<AL2%jI=_slm@!sZ87R
zdE>bG2}=SmB5YDmi^9c6gJ^xkT6){ysItU;?nyQx?A&Bpg|BCvHgNW^D^g?qG}iJN
zeYEk7t!N6`&s{y4Vf_v5T)oYj_d8PcuQHqRUe*29!K(_<kRgq<@XH<w|Ix3hSBrME
zI>*DgATa*0u@bGjXYW)UY(h{PRa%LAp5x=cjzg6pG{x7qqKy9&34wr=islLzZcc5B
zJ#r4~eCFn59~K&9-06Yx{V1qBr-jj81)1vN)%~dBl_}RB8G$J{HYi&g>4O_!^|ioW
zp&w%X_j!|Sr;^x!hz(DO1lQt$dQ+c6t+aL0mcxC8E{1k<?)m)tIyZ%qNmdVJneT5{
zazq7#$Tn<Sx6e<u8Wt0t82@+BYgs-11mAISGT3|63~?s~vpSG=p9*IuEkp^`+Y~rw
zx=r6mdI*Vl+@(A1iEtr>qoK4se+<HPb$pc$=$&#SN*?1cjqPk}>_3fJ7G<_s9#%J(
zB|iTaadTs=XdKsp?}+Yz{&%)F`24@WbN=y-m|I7GX&IVUlX|!3=5Rk^XZBM1g!_rX
zT{!(dLr7Wkl{?8gR6P2@L#H4)=ckFd9e+oqbThzaAOtRiD_|s171wV;$x%_{uOc+!
zgfnPV1RWxpY)!Rq(&eN+Wqywy;`ur8P>#EgP#a!`({Xvyr5G*7b2K9Mxq*q|9ur!X
z${_!Kb*E_FX!RqeMPty8yIi+$QXY|j!4Ezj&`KaM6Lybi)IkaCy3tfasmgfyMZ3Wk
zY^Rv}+wHGImzgHJ4p(125|y2nLFmg82Lcc}JWvf|R@ZHl+2sJpMu>Csi0(})>^jRH
zSZe?8V<H=j4!%Mvb5GFWAV8y4XCGx3Z@VoA$~|uCVSBn!Le(^?{9Qj~Kvh4qlZmW(
z%|^iC3OMfFYgZWA?(Ly0GuhCt$?&RmQUBC(!<4;$rsRIjzT?=i8KoxX|3Q;zVJKeY
z&DRdM84V2oUPQF$G0>N7+lGiN;%sWErjp(L&TFUxN47TuW?^9?^53kJec}V2s-wD$
z7>1tp^W@Sg{o%=-qT`KfZ=@GN?QcFtev))!qdk5@wXYa;G@8Rj&GwMoWJ3X631z6s
ziTt5t_8+Zj2y|vBN`?*nUIoFTu#@ytL_PIOxzH1j$PvkrhBs1Vs`a4xCQUZHjTvGl
zKmS?&{&Z&HPaYJ6n#4`GTYEUgAxQM^6U^W0Jm(sGOEY%^fn<SEm)P7p5h`T328K%W
ziw~Sc(4)e(JQav>@U}qZE%k`8<<pJPy}OT=PR#~z-tQhKE`2{7=dOx_#qo(Em-y_&
zu2BiXXnRU9@f7)c2pB>S?Yt24pN9tny@q@|clvbf^t4$7oFLvQu1*k}4c~!+rzzox
zv(k?1Ih<|?lw9S!_VcU1^tS&*sNE|5GQ@oA=%smbIa(<#`$&X#|NCPhNoVxZzr0hY
zCRC6=um~cVAanDo)X)hiszJlh)eWXu#%j5k2#F?e(Pyc<3n9+1%k&jrX4G8|)<3=-
z@*^{>RvqcVzR>~>$CAz_&w~55T-CXMjuJm3Z;d-As*|DAG}MIgh{J9nD5JDBgi$SY
z0Uq=B%cj@it2q$%u@YoJCAu<XL>)vGjTVr6_M*VBI=UtOzxn&t=X(X^t^%$p%^^uU
zmh+cSBlc3nErjDYt2Q^i)K(EW%0x0M7%bJ(Uu=yoOL}NS`O4A=jv@rN@w5F3ec+^#
zSL9yo**`6L(PUXIe@*KSqI_f$vMd0u&Cq#AqV_uev<!<@-<E?V`0oa6dj>7;U%7q9
zu<7WV2%aNuA}WAwPj8bO`rL!185|v<fxIWc&;NwN1?xt<B&fLFq?+uz@-sne0+C(&
zGP0>h*$5?27=1x49L@0~hmYn31O_Jo;i5cH95u~XNsQn?>2}q(#NDWnUHeHy`ur(v
zXY}&7H0QFPjPM~RJXKjnA2@+hWtdc{f#8xN+2A48hxdseG#qK_1Rnh6<UK+*D9ZO5
zz5knGA_RS|a(qI33<m{$guTj0`0F4<i$oXsd35E~E3F(*qz)EYStIXF`zO%n;ZIOd
z)xfX!fQ-VIZ!<R;gT2Iw%B|pp_5#>(5?TS%C%_QD<xRRnU4s3)48_nSmFbt?PD=xl
zcWR>tqh~XC*7i)dUQmRL{;OSJN3i%jwNTgIDA7Q?Son7I&Nr<_>CD0=k3&%1;MA<-
zHn&h8R13^Ok(4Ye6^6(n_kQeF+#6bHD7w}e2@{Kn*rE(-kzV|xaKE^^Q9gbY4==yq
zcS(LZYk7Nt2x^W%#vGc3KEZ4j*SidOYE49Gi;KFUj@#F(!>d9c7A55!mLeZ!+tS=g
z%@l0(VCusl)R8M+%>@>jPR>95(rCRCK&B>IC3A31LQRs2oLOe|TED(u*3P9S1_pv{
z;7tV_gqwJI3!196=yq;K{4Z&z|4asP)N&I)Km~h;+jI;XH<{V*HKk*a16rioGgtHz
ztM|e*q}F8e@-}TCfp$*Pc|i*#vUfk$AjjUbe-ng|0q1koKO6}E0j>Uem0Fp{dqAzY
znA8|9%ufywF|Jm${mIwt*r@Wpn;S;|rOM;a5%Y<BP=Yj)h{U9q(2)pKfk?*^v?ifa
z3++y1Rd@9$-6j7$nIxuxLvX6UFH@myedv`C9Vs@9_>rw}#5sHaBwO95-?_$P7CrCp
zkElY<jhaei4tRv%?xj@pdNh2jWIq)NsyuzQn7nJDMV#onmJ>8kuDY+^VPbvZ-Mz#K
zB;jCtdpk{n2=@o4*>^g??<pX-w(B4+Y79L}l?+o1Cb1^8Wsw^Kx-#4F^?{3t*Xj;y
ztn3wi?CWP=nqxpG0WTV;3D9C4hikSVgS(x!DU!}g6A*=2z65vhmsFpdh%mLe$Y1xQ
zpNC+cJbpAuc<CFc?^eo;e_KgC<@4(yrw$+SVxB=$(=&kKzjbG5<fKhwN3MGW>j%2H
zobpAl@;Yy*z_8Htsv|9;#58dNd9??po^E9sU;F$8*PJMHPCfeN(}ypECU4!k)$z0a
zRRr%x7K7`qi<jc1qmsuBxM8orAwA~yeRPILI=d~XdDe!{=Naj|)ptv#?_a)H4_%7z
z?jX`edxk8AuW_HOrhGLNYO%zuudiQ&#xWh<QU*XOi+T+IwshHz{s*ctKRp?!_q9FC
zoy2Jn>Y7M**d&h>+e~fD&}+700xc^OB+qfI2_DURumY+^bxi88oEj8Q7EQgkfm;|{
z%C54iRi^~-<!M>H@`Tau^LZA%)AGxbq>0bfS%R*?`qG8fUtfZYe!eY>Q4paa1qP>u
z+)0nqoYZ1rRZYzHezxxP{IN(9o*@<8Jtn5=TWqfhTP>oMI6ysD&7&>W@zviF)#!mH
zz*p2aVBg=))WR99h=edSq&#7#508L7mC@xbe&>9Xc_vi4!x*EPJ}*-wnrQrno0~)Y
zv-qFPD1~QhRdyQ7Og*u~eCZrg_2^`R3dlZe0;wsaaDZj*OZ@bjN|1e-WDCM_iF&e~
zKSkbQpF+TTisRT5y^<AO<`!jFs1^IT>trpo0*C`|7W}&rDVonTWOL6?6Ep%QFq-&8
zziGkPk_0Z&gkT=Vd{{`MhnqTiVi^5)pCCyi62&HkHLtbtRnV=QqM3>CtsFr0U+EVn
z^!;*dN&NaU9uQ*xK+Ss4=eqaBRc^{6+=kVtbC;5Ftw@8ZFE8N7X^kyNM)Kn(lued5
z-lH2?Ywfi2&cE9*DRis^Ll&YCVB#n)-F}t_T+QLgS(>T+t-vor^f5GwI}>Hsh4+DO
z`MrtGsCb1xEBw-d#v;RX3^YUTHiqaTBKG=kPLcB8|FUvu!|_r41QKc$g@tb$uYqTq
zxo5R`Eos=$h%sHmYG(v7a!ldDsjjlY<%X7ddhTEzf7Q5=T`Ka`DxFV#sLn)P^ToO|
zypg@jDgJkDt!KA@2X*|1mJf%^BuBR2gptr9o^+*8Jlp1ml#@d2?c`g$WR7U{G4YOv
z%k`eI6P|C9xW80qmoiz(eb_jlxi)D}A?<ht{<u^}g>7dOgxMxy$EusbQN}NRC~|fY
zS@ILq>)CnSi4iYk*~lL=mGIsHrWnMyy4eQ<N14*+dw{uB<x$Js0IV-;W1sxd@SE9t
z-+TEgvAeQ^txQSJ3Ze(cyI?`++@CdisuSH#`hR-<{=IZ<X}9>tpM>eniE_KQ97SgJ
zzZjcjW~ig7@VpF{EST`RvV5M#hThddZ=OqSZB95m;XSuj6NNBhr8x#0^}Ou<{Z0ax
ziEMdKx2T@wdg`jJU|YPcUtVI>XtH4XTUS?5SGRq6V&XPh9<@a6WNi3C3xqVtWLhTb
zqy!<x8Vy(&H1FIZQN#3QKBeF>T~^eGx<XMRY97U{4%+N<$Mu%!`4|MXu5I+$Bt3*2
z0EP-`B0P|L1kSqu*aIenx&;Mj$Q@xI8uph;)Q~?*Y|y;BaQow*pN~4(fK;Oo%0yY|
z^9g%q|JCdEl4quf7V>JM7Pac?C#F)qn=5M@RR<LT6h38YGMqq6$dU}lqdj3-m!r;(
zR<{KrgHZxrbDEP(K`2{lCK43^dnZO3OG6SxSoPh8(=rloYRYjCIQzvDo5j5iJpaL>
zZyDZ@tSjq79(Rm3Jy(-cMZ!O&UE7imzAt9&OtOr~f4EGq5s$$$NPH6TgOO;dA;E_P
zD+*jhW5^U`YuaqE%K(pgO2X{EETO|W>X%GZAvDI`c90$0+aGVKmuC`siQm;Lv$yqO
zgiz=FO+Mj}<|E|Ea@7{2Izr_1N=~E*mmrJ;4NPk9U_vx%eRvXwAtKjX2uMM8{LxTN
zgWvnNZl)+|hURldXKHA&msiV{mvLV)l8By`peYtnr_C3uyB6{N6r^s2ReIqS^yU_^
zErxt8n%w_fkHVcIj#Ljy0z(7AQZ&ePq0{07;?nRcU5zzWOu5qQC?O81Yqm1FOC~aT
zA5jR7TjS{46ouVNdQDzC|4e5Toiop^%`R?Ey3xks)$?a9k2HIESnc*{SgBwreq<y!
zbh(=&5Y<4yBomZD=cAG|X+_?7e-l9HQ6Vv-2F(^iE=b+L2w%>YbW|kABZss&(1my=
z(xkz$f4jv$lsl);C8_ezlComQXP*sbe5j0}QNg=d|3X>PpmU4p>@Rp=vPm-NZ}D2p
z{Ly_7jj@wsj|3PuI&kBecf7EEbe9kWL<0>+6R~T0(MJ!ERoC&oV!+&#`I?GrPtFyP
z+(3gbLJ>|@3MGiNyK`DEOFkdye@7p)^4ks+WDS*l#Rn#e!BqMr)2a5VAAXk&GUOC5
z(NB|FqGIbNg@a0THrQyYE_-pa9>h%(IYfy+X6U0^M39cMM5J8d-shaIE~nZfwwIMh
zYwHE;=e*;Si_1O%<lC7GV?KNq+=F{(jQ3|=-#GkMSy!%Y&{!j#Um!j2x~iv(yK?XE
z+aQyE=^sc0n8~kXUW_sGQ^{29Yc%dnB@vwEeI@aQV6cUR*qgtn?W4a(NApl8H$A?K
zc+JnVc0O<yDUSuQRuO&)wk72f!YI-!;RJI;Xl;p8oBkW#*9=#sOZbfg)aC98tLBEv
zO!xKFf3uD%kOeo?IckK^iT}EBBqm_MvV~}Lv3g1D6B_*1h-_|dHXGzN+wW;fc0aZf
ziIikmq$V)14$-QrNVnLzMq6A(Q?>c<*GxiHDNZ@1GFoV%E2r-`$@6FP&q$$mE}BN{
zkf6$AACk%=+lnThg4>5*d0cza5%1628V}<bt`dhNj&u9eo%N04#q-*?>Z$(81gR$i
z$psEd1&zX2F+cd<ra<=sNWX4}ZmzA6A|kx4>>jO+*PgB4{hc%iGb-p)&1I)IE!Ps7
zj^N7XFi15dYL%Eo{Sn=NdU$Y&*zM}Og?rF`oUw<4Zh`#eGH$e^9SfIKr38i;Q0i8V
zxor)!F$~RCE$zrlmm=O-QVQOgz@%Fw1ME17R}3_@s_PaSUU?F5qq5({ho041i}xs|
zz-eL#)E{Ag9`KEFr)wP!M>$%)4hhB?yuohmU*{5pv!VZ9Qd=2ry+&h_+g)3p(Dg2I
zrH^A3-)`{S(a<Q6ynZqX=Jx^P-hdGWK3wpywW}t?96k_f+|r(+U5dQj+%P^KDF^7P
zN(&|>5#KOIgEAzdti%|9u_N*$0LBVA4P%i8|3@^NLt?*fcwc$E^O@w}dqUIHa8kC`
zg$N3Xuiv$p=Fw+eVQEYUfi?P&oVui(9k$EXZnhrj)mMY44R#%EFbYw`=HDLTU{oPu
z6B9h+{Sy%uKP#=%+Shv6F#}Ki$S?iftbflz<eLAGOe^WH8vV$}ws_|;m5^G2*>>^e
zUmd|qo$kKH--u(=6>etNuC?$hk%g^a9T}nMn}US?KE!Iqfa4d^2!uy?%!md;*)|Iw
zv(z0-@?}IkuK21Y$wb;?LSMv_u%3=Ygx1ueWsGCs&a-dM0;#s7xhfqAFZ)bm$DQvo
zLb%yAHcD_EN`dkm!3Z-@`Im1JENx8j7U+Rr7Rs*BZ9;S<Bl1Hr!kX>(#sd(TCr4*@
zjB;!IIZU~N1}AT(R=x3`h%VIY-X+{z`y%2!EghJ<P(#(=8E>EBuLNiN{K?kBjP=UV
zwY<`4W`M?oU%dq>zAwzbmVdBR!@#d<)j~u0VS)B!<VUMCkyxTZEUJ<sn(YWvnEChb
z3t9ul1`6X|T2wF?SPzPftd#ca-gRi9!BEp^uSLgte5M*o`U<LAwC{U;EBTyaH4<~9
z;P-J}>4=U;L?zfm_sN(m2(8d02q<7wB-nt2sQG?M9I<wI;G#K^IPCJzn?pgG`1nW#
zc*-pr#y~DXWeOv;h3DGKP%9hmocoywW7o_WS{x{^MRkf%u7+ozz~$8(Jef{c{=TA8
z_?Z|f1N&_KVIJ<y$nnyo8amY%n^-n@`E^n)?S51o3XHtk<c`tVb-c@I!dhSH>S09M
z-tM1V@kHzFPE=~A|6u`<ZXq5s5NU)|r5}LE=qqIcJl<b!MA<Fw_~SMdr5M60&;8Gy
z(c<8jK|$sNfNrC!I95ZGYA;a|%R#xJo{3May^FeX1-T-Ul!RnsSvDq4UgtMQ-|Wei
zPhXyY@GQ;*Cf7Ztb+z9T!hp3@Rw&o-HhP@I@ScvWF0VR4HT0O-PeLT7XaD72P4N&?
z=y2SBb}^xP|J=FP4;#Q-_v(CfxSS_x(4T5K(a&%e`sy~wC{JDJWE}M0D)KS}W(pRI
z(oe09d3(!j&q%4L8ZT9f)>nj_b{gg*aM(`974G~h+G-e&1Rb|9^>VxZpLcM4VkQE`
zTO#%eik49K2P0o6g<`<SE7B#=y{iZU6ph^J&UAu7(;mwt6#6_*ZLOJ1eemZmmD8e<
z)tP~oUynS4mWxdgckHOvi$1_W0gd_ehV^*R8P5Ou4_5V$Fq5X%P9oufF-#~SZi0lF
z(;3y04&Khs`S=%76>I;ugqXK+auu35Zx-JrHf@%wroQAE4galbPOHlzC+`_G|21R9
z#9j8S`X}y+S*YOCiW@g>JYUR|eBXw4INm?~T6Xj`Lg;G#jD)036evN2S59D@U0y(Y
zfKk-Fj7q#SXdJGT#Xl=d-R^&xs7pI^nljn}GP$&lNc*T!9_XoGseaR_zlJ{?LIflA
zVi+>o+uB@Fk(T_eEGR6q+u9En6*i;^jCL}6^c~@#N7vy7OWZRBb`<8Vb$Ci4`T2r=
zB0hjwtzUS?0fEyBR9r(erw`Fmn@%ekid;=TXZR~1sTAYf5P>IOYfrVWwgjarDlbhe
zQOCzfE_9qfjd9hvkYN>##*vV>TUF%7M+I<rY}w&_{Cief3^o|Oa^r-m>eiZ@9Y%zS
z`Qh&6l^c=o)zs;6AYI7Zz~B{xJSRgd<g{^D*7{zKA*cUIMqp}#lD4~VH+l-hrin3d
zO*kH&TGTJ#)Ih0iU~7=e%cwcF>nyZG>pK_EW;MufM%{J)Ak-ZG(>q}-p$QyTFP`HB
zrHX*r0;9L?-44Ju_;`SNr*1AGPX$6!Of}=aQ*;es9o}J50iI-GQR`{;Vua6Ae%=^D
zj7(M;hc25+I%lz9VB`j8LTdXCO3+!tD~1UvVphI*^aFic-JsYnFgk2GymL6T{M@s#
zA&n*ezmX_+5JTSn*K}(oRO2HfpLj}eJ5lMFGNiMbaxFuqVN+uOkE_zT?#j-=0;e|(
zMC(ZY+XQQnMBfo<XYojgrl!_iDW&Rrb6gzyv%lV+T>Bx5((1<&@)_W$CyzwrH}?dT
z66mX>YeSQKc-wq(wS&yXB|UpH05!*e0Qx@N9eGe+lemxpm0*@`a9J(c`z~7f`fKHk
zT`L6$4{sIO?maT>y{&$K5#mEn@}Evj3G<jE2&_wL!6v&D%i4NV>X&s>?s+p`G?_WL
z%GBgsKF5vzgBmcC3{)V=6Wfej;2TO@g7M91mz5%=V{{0A#2JOO%uF$<eN}Fsx3aj$
zCQ_eZ1bJzkxrR)<h-{@}djnVM10`g+ec2A&kDgw9&VXP0L7XN0cTy5z?~tH~HtBNQ
znS(mRUnNH5a8Aa}4_WA|&|on^*~;TDQ@e`A^yKiRX$fV1>BzZkch}=bbZXpXhC$n!
zvwCX??{0;ZB{7ANdli`_oc}fO6^+)w6?t`FL@`E|Vq{?)IVQY}kY|2e|5<wn&tO6_
zF-P6(LD`T(cfZX#PWu#fIm=0Z^a-U3Dkfqf?nBEOLhl+MC^zvIa65Mo@hMPG*6sDV
z7zNW%o08@a-F&t$Z2B<S7dBIUB`^35){2m42dkVz1)M%)F61N$MPf+2OKNs>9W4_O
zp-va!;gAsQTz-epO>KD-a);HnEY2iVQ|Jan0qb0(!OLA?C>(cLNY<)g*g=(4S}^zr
z0ZB*dY3ep1C!y+ZB~00e;v850RbB&CD#0WIcS0iZ$f-EQ^$1SO!bvK<EJk-{uUGhy
zr<Y7F+e0zssnQL4UW~F{ib_0ZDd*#6_LacYw6)N)JyBQa>2OW>6JOtRQyeG_nvkf3
zO|)ZXD?u&JX*=^@eT3Lc^gX`bBz0Q^F54nh*!I`uk!|aV2|HHlCuMUzK~OZP%~pt=
zyHD}Q0wPO0NTEKU^oo~8dP&_feRo%-Lmn5f;gY&bjl%94rz^%icr*Cr-cx<9nF+<M
z#Jd!RwU>#zmOYQPB!m0Vh`qjQx5qbO>FBBz{;b5W8$K`l><Q6jXj51EArl9);^NJ3
z17@YoJi-_WnS=91`AzxP9nvUqO%1NZ#M=LKF-=0bcIG63N<w-im@(aAprCF>N-6iN
zh}@TQWU?=TStySK@=40NO@R(8#<3hXF6m3Os$na0U{O-?P#mtQUKJj^RuM8GCRxJ1
z5S9%OJ0nDNb&Jyy!WC?gjj5E_PZc+ER4?Z&b<x7uP=C|ROwzN&5;Bek{CL(rIAGN1
z+k7{j-s$E|^{hXv8AuIG)|gBwc)j;#(R1PKRZdlpGXn!vgt{ZrVDDwaKHqI7Rz!X+
zm~PVQb}k3ysl3MzB<B#P>JwuKCw1A$<#{UEbSV`Y9h@urLn@-G1Wv2hV<1+BqV4f-
ze0|kP^cwqMS-^(x`o~v3>xoyoK8hXg4Q$_Q3=H<;wdWllURDn3Q_PJhhr_u}n@*Ff
z;*tr0G6iV05AFAn{*9jYf9@BgJ0ky;`Z?{)KFsS{A=?1oym*2PRF|ksk63AZU%Tu^
z$!p3{Ziu0g`I$k;2##~erK@sjQAz~Vx@GctMMvyQM>K_NsVoEwZ)p~7=v^=(VADjw
zA-AoI8y<dn<i~nQWO9-MJ{pV)MqN0;u$9=5J{sL%v_U?Kma%}U1j*xONEmjkWK0-&
zcu53j|J9`aUV}@3M9nfcS}|QnhFn^a_%4M;%dC_@KCLMQD;cDk3TM~O&(osSzI6hB
z>uj&J2gIFK@ppI%maw!1VKhGCzG`8iPV+;lzLQXF_KoaP)Q@g5v(+2=ulx6HM=Z1r
zE*59SwYADLmT`G)hQ^Lig?;*$bs7?>1I;kH&9~(ePf20dOW7E^i0m0=H+BB(`omA1
z)v)9{O3wFY+4(_G&M+fgv{u^H%cVjAxd}<N5gf?7YzBBC4BHwvE`7;~5i-;=>h+z#
zub}6|1W#ek#cf?)34CiEFluv?mv@biL0sX>LKjj=FFCufUi|*RCkvFN6t+n)YmjG)
z{56t^q0RGH{30*sD953aAdFpd^wxTvU4T+mY7#A#8VX~C)@v+5IoX%r_#*3=^V9tE
zxUOj@Eb}hhh$<$*O;YW%#UFkCx{?>_6&v?a*RTHGTV2c)WmM`Cl8B&T)Kc=h$;fxS
zY^g5U=o#4Y8^-VL%t*Y8Ig&D0eSKTV_POGn5Ap@{q)N<?pc!IbsDyiMK-S(fqQG`g
zdg1dc9=w@1<sHDh+~Pv9r9tWX{V1Uu>daiY<75Bt$lcx(_B(f8YB1lOw0bHL$VPgt
zSq6d!XBOc!>4a9)jhVT2{&^}fncDp-{{$OmPG5#B^+ae}2D7Ok2O2xgyi?Y1Dta+H
zV!ie3oe}SUpKggJT+2B9J$G7I^QuTp=T`;;YvwBZ+$(4pD=dbPyHPI8Kie!s4BdH&
zfU)xIUltO1_L<msDu(S_{cyHYfEmkjKe~1}<MH#<|Aa3y+M<Hs9bpoT<5<}BE{p4|
z(=1h0`aAWx=CTyiIOWlO8HNrml<w}t0}#9F^*zKVs7eXaQ$|2c=l7#aE*M<{{G_D2
z4p^k9@9CF{w#Iu-6-cihDT9I9Ym4NXUu@S0oRA5!5t_2kgd~$oLoaOUdkdBJ?RPqE
za$d1$yEBt<t-Zkm^|!y%M>Zku<&q5Pj>6LC2rXqQk`mz|3R54C4ND$v_S&3)9uoIl
zF*4m+%}T!zK?m{W%%>k*-)~fq8E%(iA(Bn-^9m)nv&IeH=c$?S<64uurI`WvB5cwb
z?pVkLk-vDKgDzd5-}U$3-gws7GU%~^N>5Pw$xw%jFeB-bC!$GgRV2GJney`X@t6*D
z2y5i6;A_9AfI9mSijQ$-zDZ|k#UZeIH!bo@Dm}e!N>B|`(%s~bj;`C!DKuy$s}LM5
z%UWgFQ8_2l6R%_5R|>zmcWO!6`f2;aBmqCv?2x|vYu$rL2)-<?r?4i@)mipp_~oVD
zei2EE2xP5sG9*ALUM)yLVP&y1F0Q;*JAuSj7v`Xoy*Mm}4Z+_@dX>P)pU)AE-v9Ra
z^5f^-8c&Y8Ffp#{IZvlZ<EZGMg4x{P(dH-^+SQ~y?~;7<)T=^Q2w!?Off+}TQ4q6g
zyEDm}n)H$oM2L-daj`Z^Rl1QF*$d;&eyyd7vXbK6M1a#0ZVF@bsiFy#)p$l4T{Bmo
z)?-^Ew&uq9+v|}7x*@@*i5$Pmca}8Xh!3;dg%t%`^qIdoItFpTB6mg{IQo^6`<e~H
z)uYMpK4=W<q?TMM+t3bl=D07`bWQ&{`r0Hhi)AQvX&I^ZUt{M%BC79>6r*fiN(u`*
zb+5kZw(UjHavE=>L$13!@^`J@qr#eZpV#~}R*iGoGzF2OEAP$2jniaN=6HuLS-Amo
zSn@|iAR%Y%^XWeXb0YIa!C_|0BKtp=Ma2h8yigw4UWDbg^#N`{jX<m<|0jY8$)t27
zL^vXEWC<;5itD8Bk{_-2{Q1+OfMS1~<Aqpm3+nL>jJXTK9K#C-<4n-X1SePJ{Dsds
zrK(+5xMFEs!Y=6i+>TaHEE}ngcX+3hlWHxHh1*|STmAhz_u@h$MlhI&ni$H-f7I3%
zZ0K5v*;mphem>uja9<0<^yg`khPLkI&B7p9T-gwk>0^u=IOJF4CvF~P$+4wj7usaE
zNHaI?F{2q#sZ*a&o5QL&oF;zYl4N;DL|;`&iC~mWba4h!mnQyh*{Y6CA<UFb)#`>N
z4@dP&*k)Kkd=H=Cau5lTXPFAs<(w*5wloa3ch7ZKpo!6|jCC{6cD`xBzY<{1JxmfE
zoHy=nY@inxW5caM=6%2HS1($f%uW%Zx*0#Qel}>PsiDR5LW?|X86uYe7U^6Hd=UP{
zF#acah*r&FU_kn(!7nR)UJ0YmDLD{sJfx!crQPsktFB;Edor3+j6>++Kp<nr6R=v4
z)YSU@Tn1e{nE<dGdxEPnYBfxM+5q4|-1hc;RZS4v>O}UxvJ0;Xu)2M>4*5h$K{a3G
ztT|#W#s)uxTIG@BwQ?VbbBUKr>=5dGB+j)E0Ab|*F31&cS9;#uOR1cyCJou3GmE|U
zN>b*7t&d(`YjVpYl-3T}_=HddMBCoK2Mr3uf>8nLP2M6m{hHo3Yw3X8;>7RNyJ`>A
zPe8N119WxYOyp9&i&@4sbGVZl4_^z7rxN-nReQ~P$9F%9vF-=ec(01d{NSP{v7LGd
z`%>*8dSY;Mb{UK?EI--z+V)Q2*M3m?zgW<B8{`Ab5yXv~Vs+r@!-Omy{yvzsl~t}o
zuAggqxxsLXrQi1|5e<HBp?DpuFn7u6ODU>;R$UXNrILd`9o9nuolW7mivAvNV+uHF
za&4L!!Bay>|2Ph70C#I)Bn{b+yi7=wOMXw9<o7;%Y@P@y)%+lXktp+tF0GJj9@f6<
zXXU)hq^BJGItyA)yJLDvxOYt8t7U7{FMp}cY<)2C%&f!Gxi=69-xkV0LBF<7MB%X*
zQ;L8d8-HgHO!PD^$?C3PF|y{_7QNh9`lwjKqrPvWUwUucFtnrQu?7iYr|_5WxVoQI
zN8_IGBH20eO~jD#C08D%wtb0w?ht}&xgD5`X)}9eyQ>o4S13~9pc+eeqnVas8mYVM
zC`hC0-yBa!ul;qmG3IDhDJ^nT4a@ABh0xUHrb)O9f~7r$N-=ih@B6rxy_-PrxDw7!
z67polK{<ypVswvKnRRl)wl6V9^0tn`wzPxb0&pdVTdA#l@M|85iT_nwCk=kDQz4|x
zAMH``*ZL0e3h_Gz2&u6%rah2D={0FolHXUO6hIIzga{j7m4NWfx?mQ;-Q8)qEfK_Q
z{D+f02L{btlDS-ZRdPb<?b*MBf@v%oJSog$V`Co-n`m&{176d);FR~QsS#hU%AVBh
zW-}{4q;MoPR9NZ!`HlnW8-plQidWJI<}5HaUL-Q~Psrl{P$EV(8AN<M+>QK1jO7!-
z_Ta(T2npvv(hQU9`Tz@7M(|RoQuGW`xX97#AN&dJ>xQjy$IztCO(4FdOdA9SDKXT1
zSQdX&MUU4bUv1z%NwEbb#C2*XB1;jTU4mE9+#@2>?66xwzg}SP_9-dpK-<#5B5nRs
z^Q&&LF2xa)RZ@>qzR0t#cB8B`Wz-G7-2+*T=%id7V+9#goS$Pcuj{aECN0z5*Q<`6
z#95aH?-{~JNx6Zpp8`ayD1_!;#3r?-bVxYTlxU?RGx-3eq#8xs0P}|{GuFhdAbG<&
zne+~c?|%x(^>yrhlu6d`pEsk8{fKyLHs&0yV@}I*Q#rkKGWE4fyQ*T0X51QgZ0{}j
zM>^>A#M1|O9in6)M#~hR>ieu0ht>W3suslwmP*JJND4m2dzT}0GyNVZ$Dm80(XxsM
z8<QMDdAw@*Ue1oo3%U6ch7d{9(y-J{hg;__FjY?7(VStw@3alQbhf%r-B*J0YYw?z
zCAYaLM^yKMZ+Cc+9$#4z)aX-(HsbnNae5g3PMsGb3-xw9ihIHD40|p5o))v^nf5A4
zK7{zkM}f2h@bqDG%HRC9w4GghG&zwK4q?BueylLGb@s4ce@J{T?Y6-%n;t63$)cg9
z_IlT9&R)4S=mW+TjLb@~4v>eHh*+};@k|-9w7pFY;vjN_tuWH=mFaJ97+%@}bLlQ$
z$r{ZFFo1c*t+%-M$ltp4ZD}`i4V$t*Dg$~%-tZY;)6jCVvMcYo%y7KP=E55|=;|e9
zpfX3S`^LqOzJq|J?oJ%q@XOHPCk^EH62Sa_fs7)Nyd9JM9l`9V<e(9bU*6W|h-MR(
ztMnXJ0p7XvvPn8=JGb6`O%MEyO=-<2Rl1(&uHMbTF>h9?R^NNCnq_%-g0+pDpYcb<
zC+ZEko>(grDx>L~!6|r%!LK0;LD6`zL9t7T%&6g>+gl;n=KasF8!;!ZYun=J;T<M>
z<r2zFi6e5^??hJ-hwml$0lgGedAQJTrRdq8chQfLED7o8-8TbZtj?9DZ(HV^f>Y_7
z#+mq;fAkR1lMB9zroWu2mHnTem{hSuY5Q%9R1^;%(-m#ivx@NV?iFC^pyxF!+<0$K
z<!3HYAwOR%qpBw(GEPl1OF!;TmlWQ`&;A|0D#uSPj>+b}Phb(7B0}JeUX6$<iKZTf
zRG8>o0BL<Vdv`N)$5!P*jGTfVyk8DPzQuDOL`zeFg@irw;pUa0U+Qx4Pi`P2W~RY^
zwfI@M?|GRdp9`i7*)!u2ruoLO8^x$CzU$KTtVutuzrf5t;zlx%QS&#!45;G-La?i`
zu6m;*5@37Cks;9|r#y72qciSGS*)F}=_@~q_zwS2w;qH&%vy22bZyD=8SnP1&rg?q
zI<urD>uF!m!(j_88{}{Xh)q*0Arr(VW{#6(zx$jl|KzPe=KT>gy+pdk>1e=|@po=)
zoD!`Zjhr_MA}_j_EH`5v9fvb;T4rP#bQB*{56@hq>W#q`!mU&Pam1L_2eY0zhz8jX
ztgSuOkkUxFudQDRiw0g_nINz&(bFTOWZKsOW>7R?Ge+>3v!Pv^M6^cX0vB|{85t)f
zzxQXKX=?6py-@nLv;_5-Ao~&5MGSB1RFU{wJKjEpyQbkv6DIWnKfwuJf7U+xD3fTb
z1f#V+rO!~<c+*p(YI%n4x(e&X(C-PHdy?+>3aeyTKV*+P0`fiO<Sa)rjH>a_O-uW;
zF4rCnf3y;P6$6ATvD-8)A#l)f`$gc^r@E0>K}#fFVV$v+Ue++RHp#t{=WE_+wj0iD
zeHbg<rc_-E=%@bFMD?bbs-&NB-6x_Hm!bZot#skmKjx9+%BtK3h+>i4vf)|}LwPV3
z)ml*&z*4G|f`7Dn!~y9pUT!AsB_!a|66=N)({T};>!D8y3wgI^x`bptJo)dhuT!A5
z{^S(&t|CGOTV0!>4`SnW-jt+v=8uvQH+3sr1-w+-Dv#%aF508*w(VwoUk2teB4}|o
z>^zL|jj3pL`h$n8(PvfC%dd=KksSU%%}?gQ#eAy_3oCyAXes@^={6z~Ad?PlA*rg0
zpco6MN{qy_<&f{m#_*d1FK!HU5X%YIDXVYEZ}W)4A=0cY-8jr>DaTy65PDQgH~T{~
zmgu|iIF*?S=|jaK@06E-v7l%0ICya**81VgEch!b1b7s0S0TDVCx5G0%g}*8Exga2
zlh*)5oFE4gMdDqc&0?}vgGdi^JcwoQ`PC~v*bLWm(GW@c%y6xU!_EI&BbZ%8C}=3h
zA^pQRpC~m2!GFowxfmtM@-C&=V9bV|-d&zic2-h5rV`9F$kX_en>@6avD$F&7Nd@>
z@(<of`M1{Zwd8+nAN`r`3SdbQ;3=k#5#e)vB^*#Iq8+s4qC`Un;b|ZwuOs2L61JAD
zuiw;95fRHdhCZfcG^Dryd$mPbq6M~HB%HL0OEtyZVg|V~JwwuIpN~Sh#?h|xOhIhK
zTKbw5&v0%qcQ@>&MU~(`Ve=pUfv5=Zoi@m_sbAFn+_4s_DOE~Mdpexs^fFPrNBSl@
zNl}-?g0w~vh&|yniOnhXi3r~eEUMp;=|=1rSFZwB^ncXXqZ@U_aYX46O~hCX^it>g
za-sYoU?j5h>)GR9M;}K$A`cClv|%uodNa-hh1Oax79RQKVAUYvZ9oD8u|VBHC@W<@
zhsUA3X@&+l=-7;*q>`8EFN6*Ec4!67%3C~rMt>I^%*4)wb!5HMrHU>QV_@fXBro%y
z>lCITqe+M2>HSA6$uZr)lKz#FYkpvaw&3MhFE4WYQGuFiwlU9gv6e1x`r;}>xB`>r
zC@pLZOgz3VbL`^9&ng?pWzvnO%^&|r;Zv{v$lQKCxtjO44GX$5-Zk*S9gTMQ!B`^c
z%qD_-U#9T2BG%FBpQycb{6YL>0E=4d6iu|osz_+2m}?PyvpW@!JKIK<9wihOVwBSR
zeltOZj@=xTxc@$oKhFKn@|)AGwxANh8$r7_>@1UoW#nQsZcJD~Qx*4{o&=!cV{hIK
zI#a6CAVO1X>ACpDu%)|vBS|YM*BrK%zeZs-TxsZ%lkeg;b?-pRb-5WioiZucf>L!7
z;j$9xs57N+s$&0~gk_%_mxt~h>FWngD$?JEuby1t+~VbJhznH0hRe{!UoI1mzdiW;
zq;B|kR_vhmb*+_GRIB<un<=F%dzHx)qr4Ji6!iGbA9npEM=3~?Ao9xkm5dZ!|EVpO
z&tgN;La0(YB(GD<uokuT$~L8-KqT)upk(&3BnlkY_tMYv)Ac*J#SDAxvT!1<TU+B~
zZC#?%B5V{X)7K3#w8HxJ9oY;x90d{E^LVh;QPJApH_jv;T&z$*uwBOKoxOOqrspqL
z>J<f%K?>Y(UM9r5pk%IlQqt|tWg<h)sASCT4iRiLl#6E@<L#=PPMdU?osfvqzNIqN
zs~EHD6+rfoI8g7!#jL%1D%Am;yp8aR7spVE2Z0zlm7U2mozrdmS6C&5@;-9&r#ZAg
zxsM76P>*3mW!sN6o*k-UKT(Pa0b!N=2{FTGs-kmE9I*oj+>+c$$$c`EN3N|7pVCsN
zgp@;rQ92JRrfeMdQq(sJBs4mJ{l_U@0q&PlBl2c8GvVRmY)L|DRa)**u?7(@a+EI;
zo^N*Jx{9Tuaf)pB$w~U^Q?3thS!eUdX#Uyq8R>}`!MdB(Cem&3&atp^|LQJoJKa}C
zbx+n0Hn=JO5Y_os9b9+$i5ycpN2}<Trpn?)R|}RqJC4Xk+3o7Rzg5&P3s3n|QH!8<
zTjB9cM*%KZC7ji)71`0*^Ax8jZlnKj)dIZ#uJ?6O<A2g#+%L?^;sj2NGg!0kMRKsL
z@Rm&wyh9y}cs?clVk;?L>K7fIg>yOl-0Z$PSrTlHWB<C!$-p~GT6pzg#P-vr|C(xs
z=pNN2p?L07t>me%<Z&r4-OJ$Xw0SIyFw``lW6P`Z_4_iDm01kw7gJ6~`dd88;lyP)
zl7EqIZ-lJf-1?gRq!ZZ47ahD04@KW@=dx2LM>sEg&t*79$9HBXSZO(1xpent|DkLj
z96oXsxM%%a=}nP{UXUCwi_ZI+tD?Fjjl`e){0{9pT!Tr47Vb_O9ez(e6mqinLL&}$
za`jOGe%=E;?jrA;_^mvZ(Jn8(z8~~k^sqXP%L;T=2E&V&Ws~}LDQZlY%p8R{oEx%^
zv;>Dr=>u8SQ<ZMUzsCP!H{5@U@cpNaat~oct4Bl|Yi5Oqx|$y=@un?aNxRImhIo3Z
zws<1Fzj@3;_u@xd^5Da3a>8+u)y|}eD8Wmy$(FP!_q}ukn5A^)Yxm7|Bq1yP0V(*U
zjz5gO!;QUe?#8k?sgKEVSgx{TLluOMU<uz|QL%{VC^dfrY$zSY2>;20*y;9SVaIZ<
zUGfsP=BwA{|6*<F_G#cl*XH$Pw>0NaW$qpG%+e(MN1QvN1Rg4;b4#T#n-`^sd=*#l
z`+RY7Isa+cyqrl^s%d~8_pSO9GkjqBkkfTM3&h=3<R9_MyRIzo%mV`%EX0JcFyG3c
zi2*CLH|F@%$OjFWthp!Gxz!9LjwX70a^U_K!v;M0ST|TN2Rr*oUTEYaocSJuh(YW$
z7iLE;kM|z$FjLvHX{FO>__fEm_ic}72a^?<$T!mu!(^I-Q4%V0UURTAmfdlPaI6tT
ztRtJNoX$4oh0JvsuO$OpSfqxY?uLh#gWO{pjXvSo!GJ+bLlYV;kI<+&3XGkILxA9?
zJyCEB)~_v=4hoh)!Gp9(Ci!hbk{l{RAYpq~5jSxT7df~bCyCCQM@$UFOgJRU;{cn>
zW3D<RG3sit7K#A|QH<^Gw&i|bM6gf}zgwvVkMddNsM`TSt>LA3>=?HP5<dgd=Aa>r
zbcCeH;p7Mo);*?47|Y3M_n+`kkx=oR@bM{4=m^U<m=+tA;pVJtZK)OO6zyshw<;to
zSjfO}PcVdnH4I`LUXJ36!2hEWCf*FYXdmi4nL)zH0+Q*;0gC5aM6w}z&vFvJ=su7k
za6sab=Y(gs$-(LA0V99;?2<r|B6={EAt;;d^%-x8!m2uK>bS+UhNpRMtoV~-8x2jL
zagIlU0f(m4NDeZy8;OC1Ol_gF|M<!NV;jFT+27mWD?waE=O{|zAQmHm!!%BrtcX5H
zE>6g>$=UEsa~T=ShKFvD0HX0<{?P*w(1v&^<P;h;2HkKC3GJX45-$DwSm<UqA~QIk
zn9Y%C0G@DE*%uExHz?_{x1J!$p(2{(IJAbqAxl3P(x6<NHYRZJY#)wJh9ia?b2KKY
zk|fJAEJ=_$%R;cSqOZb%&E#Xl;~d<nBGL_SM<h8ygUr;ByHr}VG@=Xzf=zS6pxIVk
z@YpwyjTl~QLrN4tq9axjMtgEf<c1U?1dr^<@!9Ya4z?k=D<qgi%%lLx3dq?&mTml!
z7Ny2L;jjlsJjmZ~G#;e}^<ax~-150<W;NOr?qCwLVollO0K`T7(&L~d$sse~V=oPf
z_`^XK4Mtd|J0d2jauy|FGmvaGV<j2-hgMUFE0I&T+q}xu97@5V7;HW{JPk&aW9GA?
z(3sVYCuQ0Q&-S0Oa-EsZ+f6%&U!)$H0V2|nK~zLQ?51@}Log8z1`ZWbj_inVu+t<D
zIJR`a*y510f#jQ>FNlJa6iiVKu^?@a_Z@?7z)^Y3`2OJxj_EwvsqRuw<gG6vBr4)t
zhn95aD27ltiv)#@tcapa@HjG(-KmZsvKtj~62?f_G%=EULh|4elod!!MKB!YWLfWB
zb!w2UECy3>Y|BI(gKi`T9<K59*00GOqu}6h3@i|tN{fJ5_wzdY?AiMI`ZJc<*FVEd
zWv+7v1l@L872%fUA84Iqm-U>=kOT23NSO3sl!OS$gB4J;BbgHpe${L0HUQ$UJRw1{
z8HGj!hq@g%a}<w`DU5=nz%YhDS#QQ1h#**uqpfnM^Hz9-NzW!DUuqvtlOzXgBf%tY
zTGyG}7Y!9T>t059I|D=m32Se?9(LK@<{B34H5#&s(c)l3Bin(-jCLSVb3~LPV+wi>
zj?mz&05hU0Z*@9z8yo!ZLC`2G!m0)X2pmjQBuR9f<Mf0x5MGhC$bC1t*N}8CX^Ac)
zE+-~aXIb9=?zTY$MWw-zHz~(gGjCSO!J!<5M%9g!NQK*zB6FRNR;0vWCL6s86Aj^H
z9g!nF62)^O6M=)xKoPk_ghOupD?~v^OTq<Sa#^7v{N))KtW&54N6o>8MtZdFRqb}D
zg>x`92NVTHa9o$4WpB(|9dc)*&V+>p5k^5g;xW*MR28X79;pfA8a9@$jBw})6858&
z%ofXJ0I4iEl7quE7`EnMq8w~!;DJVPR3243ie?lX*D`>>$>J}rfw=>Ri~MC992^q~
z9+N?U9O~}Mus2nN{S=Z<g@iGYzRostHrzhjRudZ!Z|+B++?;-Y3gbEd#7!C`IQo?a
zsW|F(ILEc^U_yf_x>1yYnKEFC=--kaDN;9t5e`5mfMj-A3gRTEzS)qEv>}{5kUWCK
zBPP^DOuDWS*AK+yhIAE#zZ`s^Y<Hg*PmNNe=D^}98o^O%)Ep>q)VHd@NDd61`TNds
zdz_0&5AxQWl!RfSu(9+Q0huHRN70ZE5#f-0(2!tq@+lhq6ItnpRfLF!k;nuJARaf6
zVcnqLpQ4a>HB#fbI{fM!EstymlOD?PMZv+wy{ak)YZ~E^%`gq0H_e<rKa%8*ngAg|
zBUNa~goYT2tN6GE5snYprX`Gsc=|(7hIkCaB+~_kB>_?=LC`>gYH-eKupF&!^ec?`
yn426V>yaGkVdcnr1V`cV^BXjy?#bMphT}iW^|JJG>9;cg0000<MNUMnLSTaC<h-5$

literal 0
HcmV?d00001


From 25fca429399e5bc784f17971e304a93e785b0ac0 Mon Sep 17 00:00:00 2001
From: Adam Altman <adam@redocly.com>
Date: Wed, 14 Jan 2026 09:15:38 -0600
Subject: [PATCH 4/4] chore: clarify point 2 about limited side effects

---
 blog/sandbox-environments-reality-check.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/blog/sandbox-environments-reality-check.md b/blog/sandbox-environments-reality-check.md
index 8e566d42..d32017cf 100644
--- a/blog/sandbox-environments-reality-check.md
+++ b/blog/sandbox-environments-reality-check.md
@@ -212,7 +212,7 @@ Here are the patterns that actually work at scale:
 - Good observability
 - Clear "no PII" policy
 
-### 2. "Sandbox is just prod, but restricted"
+### 2. "Sandbox is just prod, but limited side effects"
 
 **The pattern:**
 - Prod codepaths, but no side effects (or side effects go to a sink)