Introduction - Tensorlake

Tensorlake Sandboxes provide isolated container environments for running untrusted or LLM-generated code safely. Each sandbox runs in its own container with configurable CPU, memory, disk, timeout, and network access controls.

Key Features

Isolation — each sandbox runs in its own container, fully isolated from other sandboxes and your infrastructure
Resource control — configure CPU, memory, and ephemeral disk per sandbox
Network restrictions — allow or deny internet access, control outbound destinations
Timeouts — set execution time limits to prevent runaway processes
Warm pools — pre-warm containers for low-latency sandbox creation
Secrets — inject secrets as environment variables without exposing them in code

SandboxClient

The SandboxClient is the Python SDK for managing sandboxes:

from tensorlake.sandbox import SandboxClient

client = SandboxClient()

# Create a sandbox
sandbox = client.create(
    image="python:3.11-slim",
    cpus=1.0,
    memory_mb=512,
    timeout_secs=300
)

print(f"Sandbox ID: {sandbox.sandbox_id}")
print(f"Status: {sandbox.status}")

# Check sandbox status
info = client.get(sandbox.sandbox_id)
print(f"Status: {info.status}")

# Clean up
client.delete(sandbox.sandbox_id)

The client supports context managers for automatic cleanup:

with SandboxClient() as client:
    sandbox = client.create(image="python:3.11-slim")
    # Use sandbox...
    client.delete(sandbox.sandbox_id)

When to Use Sandboxes

Use Case	Approach
Agent tool calls with different dependencies	Use `@function()` — built-in isolation per function
Executing LLM-generated code	Use Sandboxes — dynamic creation with network restrictions
Batch processing with bounded resources	Use `@function()` with `max_containers`
Interactive code execution (notebooks, REPLs)	Use Sandboxes — create on demand, inspect, and tear down
Untrusted user-submitted code	Use Sandboxes — network restrictions and resource limits

If your isolation needs are covered by @function() in Tensorlake Applications, you don’t need standalone sandboxes. Sandboxes are for cases where you need dynamic, on-demand container creation with fine-grained control.