Running Code in Sandboxes
Run code in isolated, secure containers with configurable resources
Execute code in isolated Linux containers with configurable resource limits, network controls, and execution timeouts.
Three Ways to Use Sandboxes
| Method | Best For |
|---|---|
| Web App | Visual management, browsing runtimes and snapshots |
| SDK | Programmatic use in agents and routes (ctx.sandbox) |
| CLI | Local development, scripting, CI/CD |
Multi-language Execution
Your agents are written in TypeScript, but the sandbox can run any language safely. Use ctx.sandbox.run() to execute Python, Node.js, shell scripts, or anything available via apt install in isolated containers.
Key Concepts
| Concept | Description |
|---|---|
| Runtime | A pre-configured base environment (OS + language tools) provided by Agentuity |
| Sandbox | A running container created from a runtime where you execute commands |
| Snapshot | A saved sandbox state that can be used to create new sandboxes |
These build on each other: Runtime → Sandbox → Snapshot. Here's an example of how to use all three:
- Pick a runtime (e.g.,
bun:1ornode:latest) - Create a sandbox from that runtime
- Optionally save a snapshot to reuse your configured environment
Runtimes
Runtimes are pre-configured base environments that Agentuity provides. Each includes an operating system, language toolchain, and common utilities.
Language Runtimes
Use these for general code execution:
| Runtime | Description |
|---|---|
bun:1 | Bun 1.x with JavaScript/TypeScript support (default) |
node:latest | Node.js latest version |
node:lts | Node.js LTS version |
base:latest | Minimal runtime with essential tools |
Agent Runtimes
Pre-configured AI coding assistants:
| Runtime | Description |
|---|---|
claude-code:latest | Claude Code AI assistant |
amp:latest | Amp AI coding assistant |
codex:latest | OpenAI Codex CLI agent |
gemini-cli:latest | Google Gemini CLI agent |
opencode:latest | OpenCode AI coding assistant |
List Available Runtimes
Run agentuity cloud sandbox runtime list to see all available runtimes, or view them in the Agentuity App under Services > Sandbox > Runtimes.
Snapshots
A snapshot captures the filesystem state of a sandbox. You create new sandboxes from a snapshot rather than running it directly.
Snapshots build on top of runtimes. When you create a snapshot, it includes everything from the base runtime plus your installed dependencies and files.
Workflow:
- Create a sandbox from a runtime
- Install dependencies and configure the environment
- Save a snapshot
- Create new sandboxes from that snapshot (fast, no reinstallation needed)
See Creating and Using Snapshots for details.
Two Execution Modes
Choose based on your use case:
One-shot (sandbox.run())
Creates a sandbox, runs a single command, then destroys the sandbox. Best for stateless code execution.
import { createAgent } from '@agentuity/runtime';
const agent = createAgent('CodeRunner', {
handler: async (ctx, input) => {
const result = await ctx.sandbox.run({
command: { exec: ['python3', '-c', 'print("Hello!")'] },
resources: { memory: '256Mi', cpu: '500m' },
});
ctx.logger.info('Output', { stdout: result.stdout, exitCode: result.exitCode });
return { output: result.stdout, exitCode: result.exitCode };
},
});Interactive (sandbox.create())
Creates a persistent sandbox for multiple commands. Best for stateful workflows like dependency installation.
import { createAgent } from '@agentuity/runtime';
const agent = createAgent('ProjectBuilder', {
handler: async (ctx, input) => {
const sandbox = await ctx.sandbox.create({
resources: { memory: '1Gi' },
network: { enabled: true }, // Required for package installation
});
try {
await sandbox.execute({ command: ['npm', 'install'] });
await sandbox.execute({ command: ['npm', 'run', 'build'] });
return { success: true };
} finally {
await sandbox.destroy();
}
},
});SDK Access
| Context | Access |
|---|---|
| Agents | ctx.sandbox |
| Routes | c.var.sandbox |
The API is identical in both contexts.
Configuration Options
| Option | Description | Example |
|---|---|---|
runtime | Runtime environment | 'bun:1', 'python:3.14' |
resources.memory | Memory limit (Kubernetes-style) | '512Mi', '1Gi' |
resources.cpu | CPU limit in millicores | '500m', '1000m' |
resources.disk | Disk space limit | '1Gi' |
network.enabled | Allow outbound network | true (default: false) |
timeout.idle | Idle timeout before cleanup | '10m', '1h' |
timeout.execution | Max execution time per command | '5m', '30s' |
dependencies | Apt packages to install | ['python3', 'git'] |
env | Environment variables | { NODE_ENV: 'test' } |
snapshot | Create from existing snapshot | 'my-env' or snp_abc123 |
When to Use Sandbox
| Use Case | Example |
|---|---|
| Code execution agents | Run user-provided Python/JavaScript safely |
| Code validation | Verify generated code compiles and runs |
| AI coding assistants | Execute code suggested by LLMs |
| Automated testing | Run tests in clean environments |
| Build systems | Compile projects in isolated containers |
Security
Sandboxes provide isolation through:
- Network disabled by default: Enable explicitly when needed
- Resource limits: Prevent resource exhaustion
- Execution timeouts: Prevent runaway processes
- Filesystem isolation: Each sandbox has its own workspace
Next Steps
- SDK Usage: Detailed API for file I/O, streaming, and advanced configuration
- Snapshots: Skip dependency installation with pre-configured environments
- CLI Commands: Debug sandboxes and create snapshots manually
Need Help?
Join our Community for assistance or just to hang with other humans building agents.
Send us an email at hi@agentuity.com if you'd like to get in touch.
Please Follow us on
If you haven't already, please Signup for your free account now and start building your first agent!