Sandboxes
Isolated execution environments for AI agents powered by E2B Firecracker microVMs with sub-200ms cold starts.
What are Sandboxes?
Sandboxes are isolated execution environments — lightweight virtual machines — where AI agents can safely run code, install packages, manipulate files, and execute long-running processes without affecting your host infrastructure.
Each sandbox is a Firecracker microVM powered by E2B, providing full Linux environments with hardware-level isolation.
Key Features
- Sub-200ms cold start — Sandboxes boot faster than a container
- Full Linux environment — Install packages, run processes, use the filesystem
- Hardware-level isolation — Firecracker microVMs, not containers
- Multiple runtimes — Python 3.12, Node.js 20, Deno out of the box
- Network isolation — Configurable network access per sandbox
- Resource limits — CPU, memory, and disk quotas per sandbox
- Auto-cleanup — Sandboxes are destroyed after timeout or explicit teardown
- Snapshot/restore — Save sandbox state and resume later
When to Use Sandboxes
Sandboxes are ideal when your agent needs a full environment:
| Use Case | Example |
|---|---|
| Package installation | pip install pandas numpy then run analysis |
| Multi-step scripts | Write files, process them, read results |
| Long-running processes | Start a server, run tests, scrape data |
| Untrusted code | Execute user-submitted or LLM-generated code safely |
| Data processing | Load CSVs, transform data, generate reports |
For quick, stateless script execution, consider Code Execution instead.
How It Works
Your Agent
|
v
tx.sandboxes.create({ runtime: 'python-3.12' })
|
v
+---------------------------+
| Firecracker microVM |
| - Isolated filesystem |
| - Dedicated CPU/memory |
| - Network namespace |
| - Auto-cleanup on expiry |
+---------------------------+
|
v
tx.sandboxes.run(id, { command: '...' })
|
v
tx.sandboxes.destroy(id)
- Create — A microVM boots with your chosen runtime in under 200ms
- Execute — Run commands, install packages, read/write files
- Destroy — Sandbox is torn down and all resources are released
Resource Limits
Each sandbox has configurable resource limits:
| Resource | Default | Maximum |
|---|---|---|
| CPU | 1 vCPU | 4 vCPUs |
| Memory | 256 MB | 4 GB |
| Disk | 1 GB | 10 GB |
| Timeout | 300s (5 min) | 3600s (1 hour) |
| Network | Enabled | Configurable |
Security Model
Sandboxes provide strong isolation:
- Firecracker microVMs — Each sandbox runs in its own microVM with a dedicated kernel, not a shared container runtime
- No host access — Sandboxes cannot reach the host machine or other sandboxes
- Network policies — Outbound network access can be restricted or disabled entirely
- Resource caps — CPU, memory, and disk are hard-limited to prevent resource exhaustion
- Ephemeral by default — All state is destroyed when the sandbox is torn down
Pricing
Sandboxes are billed per second of uptime:
| Tier | Rate | Includes |
|---|---|---|
| Free | $0 | 100 sandbox-minutes/month |
| Pro | $0.005/min | 1,000 sandbox-minutes/month included |
| Enterprise | Custom | Volume discounts available |
Next Steps
- Quickstart — Create your first sandbox
- Runtimes — Available runtimes and custom templates
- Architecture — How sandboxes fit into the agent platform