Vercel Sandbox

Vercel Sandbox is an ephemeral compute primitive designed to safely run untrusted or user-generated code on Vercel. It supports dynamic, real-time workloads for AI agents, code generation, and developer experimentation.

Use sandboxes to:

• Execute untrusted code safely: Run AI agent output, user uploads, or third-party scripts without exposing your production systems.
• Build interactive tools: Create code playgrounds, AI-powered UI builders, or developer sandboxes.
• Test in isolation: Preview how user-submitted or agent-generated code behaves in a self-contained environment with access to logs, file edits, and live previews.
• Run development servers: Spin up and test applications with live previews.

The Sandbox SDK is the recommended way to integrate Vercel Sandbox into your applications. It provides a programmatic interface to create sandboxes, run commands, and manage files.

• SDK (recommended): Use @vercel/sandbox for TypeScript to automate sandbox workflows in your code
• CLI: Use the sandbox CLI for manual testing, agentic workflows, debugging, and one-off operations

Vercel Sandbox supports two authentication methods:

• Vercel OIDC tokens (recommended): Vercel generates the OIDC token that it associates with your Vercel project. For local development, run vercel link and vercel env pull to get a development token. In production on Vercel, authentication is automatic.
• Access tokens: Use access tokens when VERCEL_OIDC_TOKEN is unavailable, such as in external CI/CD systems or non-Vercel environments.

To learn more on each method, see Authentication for complete setup instructions.

Sandboxes run on Amazon Linux 2023 with node24, node22, and python3.13 runtimes available. The default runtime is node24. Each sandbox runs as the vercel-sandbox user with sudo access and a default working directory of /vercel/sandbox.

For detailed information about runtimes, available packages, and sudo configuration, see System Specifications.

• Isolation: Each sandbox runs in a secure Firecracker microVM with its own filesystem and network. Run untrusted code without affecting production.
• Node.js and Python runtimes: Choose from node24, node22, or python3.13 with full root access. Install any package or binary you need.
• Fast startup: Sandboxes start in milliseconds, making them ideal for real-time user interactions and latency-sensitive workloads.
• Snapshotting: Save the state of a running sandbox to resume later. Skip dependency installation on subsequent runs.
• CLI and SDK: Manage sandboxes through the CLI or TypeScript/Python SDK. Automate sandbox workflows in your application.