`POST /sandboxes/{id}/files`

Extracts a tar stream (the request body, application/octet-stream) beneath ?path in the guest filesystem; the `crucible cp` push path. Rejects entries that escape the destination.

### Authorizations

- `bearerAuth` — HTTP bearer. Daemon API key. Omit on a keyless loopback daemon.

### Path parameters

- `id` string · required — Sandbox ID, e.g. sbx_ab12cd34.

### Query parameters

- `path` string · required — Guest destination directory the tar is extracted beneath.

### Responses

**200** — OK

`application/json`:

- `bytes` integer (int64) · optional
- `files` integer · optional

**400** — Bad Request

`application/json`:

- `error` string · optional

**404** — Not Found

`application/json`:

- `error` string · optional
