wess.devdocs

Sandbox

The sandbox runs untrusted code in a throwaway microVM — the same hardware-isolated primitive your apps run on — then destroys it. It's built for AI agents that need to execute generated code safely.

Run code

terminal
wess sandbox python script.py
wess sandbox bash setup.sh

Runtimes: python, node, bun, bash. Each call boots a fresh VM, runs your code, captures stdout/stderr and the exit code, and tears the VM down.

From the API

terminal
POST /api/sandbox     (Authorization: Bearer <token with 'sandbox' scope>)
{ "runtime": "python", "code": "print(40 + 2)", "timeoutMs": 30000 }
→ { "ok": true, "exitCode": 0, "stdout": "42\n", "stderr": "", "ms": 380 }

Why it's safe

Each execution is a separate VM with its own kernel — not a shared-kernel container. Code can't see the host, other sandboxes, or other apps. Wrap it behind a scoped token with only the sandbox scope to hand an agent execution power and nothing else.

Timeoutdefault 30s, max 120s
Networktenant-isolated (can't reach other apps or the platform)
Lifetimedestroyed the moment your code exits
← AI & gateway Tokens & scopes →