Home/Security/sandbox-sdk
S

sandbox-sdk

by @cloudflarev
4.5(48)

Builds sandbox applications for secure code execution, suitable for AI code executors, CI/CD systems, etc.

cloudflaresandbox-environmentssdk-developmentapi-integrationsecurity-testingGitHub
Installation
npx skills add cloudflare/skills --skill sandbox-sdk
compare_arrows

Before / After Comparison

1
Before

Running untrusted code in AI code executors or CI/CD systems poses security risks. A lack of isolation mechanisms can lead to system vulnerabilities or data breaches.

After

Utilize a sandbox SDK to build an isolated environment, ensuring secure code execution. This effectively prevents malicious code attacks, guarantees system stability and data security, and enhances trustworthiness.

SKILL.md

Cloudflare Sandbox SDK

Build secure, isolated code execution environments on Cloudflare Workers.

FIRST: Verify Installation

npm install @cloudflare/sandbox
docker info  # Must succeed - Docker required for local dev

Retrieval Sources

Your knowledge of the Sandbox SDK may be outdated. Prefer retrieval over pre-training for any Sandbox SDK task.

ResourceURL
Docshttps://developers.cloudflare.com/sandbox/
API Referencehttps://developers.cloudflare.com/sandbox/api/
Exampleshttps://github.com/cloudflare/sandbox-sdk/tree/main/examples
Get Startedhttps://developers.cloudflare.com/sandbox/get-started/

When implementing features, fetch the relevant doc page or example first.

Required Configuration

wrangler.jsonc (exact - do not modify structure):

{
  "containers": [{
    "class_name": "Sandbox",
    "image": "./Dockerfile",
    "instance_type": "lite",
    "max_instances": 1
  }],
  "durable_objects": {
    "bindings": [{ "class_name": "Sandbox", "name": "Sandbox" }]
  },
  "migrations": [{ "new_sqlite_classes": ["Sandbox"], "tag": "v1" }]
}

Worker entry - must re-export Sandbox class:

import { getSandbox } from '@cloudflare/sandbox';
export { Sandbox } from '@cloudflare/sandbox';  // Required export

Quick Reference

TaskMethod
Get sandboxgetSandbox(env.Sandbox, 'user-123')
Run commandawait sandbox.exec('python script.py')
Run code (interpreter)await sandbox.runCode(code, { language: 'python' })
Write fileawait sandbox.writeFile('/workspace/app.py', content)
Read fileawait sandbox.readFile('/workspace/app.py')
Create directoryawait sandbox.mkdir('/workspace/src', { recursive: true })
List filesawait sandbox.listFiles('/workspace')
Expose portawait sandbox.exposePort(8080)
Destroyawait sandbox.destroy()

Core Patterns

Execute Commands

const sandbox = getSandbox(env.Sandbox, 'user-123');
const result = await sandbox.exec('python --version');
// result: { stdout, stderr, exitCode, success }

Code Interpreter (Recommended for AI)

Use runCode() for executing LLM-generated code with rich outputs:

const ctx = await sandbox.createCodeContext({ language: 'python' });

await sandbox.runCode('import pandas as pd; data = [1,2,3]', { context: ctx });
const result = await sandbox.runCode('sum(data)', { context: ctx });
// result.results[0].text = "6"

Languages: python, javascript, typescript

State persists within context. Create explicit contexts for production.

File Operations

await sandbox.mkdir('/workspace/project', { recursive: true });
await sandbox.writeFile('/workspace/project/main.py', code);
const file = await sandbox.readFile('/workspace/project/main.py');
const files = await sandbox.listFiles('/workspace/project');

When to Use What

NeedUseWhy
Shell commands, scriptsexec()Direct control, streaming
LLM-generated coderunCode()Rich outputs, state persistence
Build/test pipelinesexec()Exit codes, stderr capture
Data analysisrunCode()Charts, tables, pandas

Extending the Dockerfile

Base image (docker.io/cloudflare/sandbox:0.7.0) includes Python 3.11, Node.js 20, and common tools.

Add dependencies by extending the Dockerfile:

FROM docker.io/cloudflare/sandbox:0.7.0

# Python packages
RUN pip install requests beautifulsoup4

# Node packages (global)
RUN npm install -g typescript

# System packages
RUN apt-get update && apt-get install -y ffmpeg && rm -rf /var/lib/apt/lists/*

EXPOSE 8080  # Required for local dev port exposure

Keep images lean - affects cold start time.

Preview URLs (Port Exposure)

Expose HTTP services running in sandboxes:

const { url } = await sandbox.exposePort(8080);
// Returns preview URL for the service

Production requirement: Preview URLs need a custom domain with wildcard DNS (*.yourdomain.com). The .workers.dev domain does not support preview URL subdomains.

See: https://developers.cloudflare.com/sandbox/guides/expose-services/

OpenAI Agents SDK Integration

The SDK provides helpers for OpenAI Agents at @cloudflare/sandbox/openai:

import { Shell, Editor } from '@cloudflare/sandbox/openai';

See examples/openai-agents for complete integration pattern.

Sandbox Lifecycle

  • getSandbox() returns immediately - container starts lazily on first operation
  • Containers sleep after 10 minutes of inactivity (configurable via sleepAfter)
  • Use destroy() to immediately free resources
  • Same sandboxId always returns same sandbox instance

Anti-Patterns

  • Don't use internal clients (CommandClient, FileClient) - use sandbox.* methods
  • Don't skip the Sandbox export - Worker won't deploy without export { Sandbox }
  • Don't hardcode sandbox IDs for multi-user - use user/session identifiers
  • Don't forget cleanup - call destroy() for temporary sandboxes

Detailed References

User Reviews (0)

Write a Review

Effect
Usability
Docs
Compatibility

No reviews yet

Statistics

Installs7.6K
Rating4.5 / 5.0
Version
Updated2026年5月23日
Comparisons1

User Rating

4.5(48)
5
23%
4
52%
3
23%
2
2%
1
0%

Rate this Skill

0.0

Compatible Platforms

🔧Claude Code
🔧OpenClaw
🔧OpenCode
🔧Codex
🔧Gemini CLI
🔧GitHub Copilot
🔧Amp
🔧Kimi CLI

Timeline

Created2026年3月16日
Last Updated2026年5月23日