Isolated runtime, persistent workspace state, and network control in one layer for AI agents.
from sandbox0 import Client
import os
client = Client(
token=os.environ["SANDBOX0_TOKEN"],
base_url=os.environ.get("SANDBOX0_BASE_URL", "http://localhost:30080"),
)
sandbox = client.claim_sandbox(template="default")
sandbox.run("sqlite", ".open /workspace/demo.db")
sandbox.run("sqlite", "create table if not exists runs (n integer);")
sandbox.run("sqlite", "insert into runs values (42);")
result = sandbox.run("sqlite", "select n from runs;")
print(result.output_raw, end="")Warm, isolated execution.
State that persists.
Policy built in.
Templates define the execution environment for each sandbox: image, resources, warm pool, and default network policy.
Volumes are the persistent layer for sandbox state, with snapshot, restore, fork, and reuse flows.
Warm pools keep sandbox runtimes ready so bash, Python, and app-serving environments can start quickly.
Built-in network policy support gives you egress control, DNS protections, and runtime policy enforcement.
Sandbox0 provides isolated runtimes for agents that need to execute code, serve apps, manage files, and enforce network policy without giving up deployment control.
Templates describe the runtime environment. Volumes add durable storage for outputs, caches, and working state so sandbox sessions can survive restarts and handoffs.
In the common single-cluster deployment, `internal-gateway` and `manager` are the core services. `procd` runs inside each sandbox pod and handles process execution, file operations, and volume mount workflows.
Sandbox0 gives agents an isolated runtime with durable state, so each session can keep its workspace, processes, and environment boundaries intact across real work.
Deploy Sandbox0 by installing infra-operator and applying a Sandbox0Infra resource. Single-cluster is the fastest path; multi-cluster is available when regional scale-out matters.
Use the s0 CLI or SDKs to claim sandboxes, run bash and Python sessions, execute commands, expose app ports, and manage volumes from your application code.
Your agent selects a template, claims a sandbox, runs bash or Python sessions, and attaches volumes when the work needs to persist.
Volumes are first-class. They hold persistent workspace data, caches, and artifacts instead of forcing every sandbox session to be ephemeral.
Sandbox0 is designed for enterprise self-hosting in your own regional Kubernetes environment, with clear control plane and data plane separation.
The docs cover architecture, quickstart, sandbox runtime behavior, volume workflows, templates, and self-hosted configuration.