Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.tensorlake.ai/llms.txt

Use this file to discover all available pages before exploring further.

What is a MicroVM sandbox?

A MicroVM sandbox is a lightweight virtual machine — typically backed by Firecracker or CloudHypervisor — designed to start in milliseconds and run a single workload in hardware-isolated form. Unlike containers, each MicroVM has its own kernel, which makes them safer for running untrusted or AI-generated code. They’re commonly used for AI agents, code execution, serverless functions, and CI/build workloads. Tensorlake Sandboxes are MicroVMs built on Firecracker and CloudHypervisor.

What are Tensorlake Sandboxes?

Tensorlake Sandboxes are isolated MicroVMs that boot in hundreds of milliseconds, with memory and filesystem preserved across suspend and resume. You can use them to run agent harnesses, execute tool calls, or as VMs for coding agents, builds, and IDEs.

How are Tensorlake Sandboxes isolated?

Each sandbox is a MicroVM backed by Firecracker and CloudHypervisor. Sandboxes provide hardware-level isolation rather than container-level isolation, so untrusted or AI-generated code can run safely without sharing a kernel with other workloads.

How fast does a Tensorlake Sandbox start?

Tensorlake creates a fresh sandbox in single-digit milliseconds; OS boot then completes in a few hundred milliseconds for the default ubuntu-minimal image. ubuntu-systemd, which includes a full init system and additional tooling (like Docker and Kubernetes support), takes around one second to boot. At peak load, the scheduler creates hundreds of sandboxes per second — see Architecture for how this differs from Kubernetes pod creation.

How do I create a Tensorlake Sandbox?

Create one on demand from the CLI or the SDK. Pass image, cpus, and memory to control the runtime. 
  tl sbx create
See the Quickstart for a full walkthrough.

What can I run inside a Tensorlake Sandbox?

Anything the OS supports. Common workloads include:

Is Tensorlake compliant with HIPAA and SOC 2?

Yes. Tensorlake is HIPAA and SOC 2 Type II compliant, supports EU data residency, and offers zero data retention.

How are Tensorlake Sandboxes different from Docker containers?

Tensorlake Sandboxes are MicroVMs backed by Firecracker and CloudHypervisor, which means each sandbox has its own kernel and hardware-level isolation. Docker containers share the host kernel — faster to start, but weaker isolation for running untrusted or AI-generated code. Tensorlake also provides built-in suspend/resume and snapshots, which aren’t part of the standard Docker runtime. If you have an existing Dockerfile, Tensorlake can build a sandbox image from it — see Sandbox Images.