Skip to main content
Sandboxes give your agents a safe place to run code, work with files, and keep state between steps. You can create them on demand and choose the CPU and memory combination that fits the job, from a tiny sandbox for a quick task to a larger one for demanding work. By default, sandboxes are ephemeral — they have no name and terminate when the work is done. To make a sandbox persistent, give it a name when you create it. Named sandboxes can be suspended and resumed, so an agent can pause between tasks and pick up exactly where it left off. That makes sandboxes useful for more than one-off execution. An agent can install dependencies, inspect outputs, write intermediate results to disk, and continue from where the previous step left off. When you want a stable checkpoint, you can snapshot a sandbox and return to a known-good state later. When you want to fork work that is already in progress, you can clone a running sandbox and start a second copy from the same filesystem and memory state. That is useful when an agent has already installed dependencies, loaded data, or reached an interesting intermediate state and you want to debug it, test an alternative path, or continue in parallel without touching the original sandbox. When you want that prepared environment to become a reusable starting point for future sandboxes, you can package it as a Sandbox Image and launch new sandboxes from that named image on demand. And when a named sandbox goes idle, Tensorlake can suspend it and bring it back on the next request, so you can preserve state without keeping it running.

Key Capabilities

Fastest filesystem: Tensorlake’s block-based filesystem with lazy memory snapshot loading delivers near-SSD speeds inside virtual machines. In SQLite benchmarks, it completes in 2.45s — 1.2x faster than Vercel (3.00s), 1.6x faster than E2B (3.92s), 1.9x faster than Modal (4.66s), and 2.2x faster than Daytona (5.51s). Fast boot: Sandboxes start in a few hundred milliseconds. Resuming from suspension takes under a second. Scale: Spin up hundreds of sandboxes per second, with support for up to 5 million sandboxes per project. Live migration: During cluster updates or security patches, Tensorlake automatically migrates running sandboxes to healthy machines with only a brief interruption — no manual intervention or sandbox restarts required.

Setup

1

Install the Tensorlake package

pip install tensorlake
This installs the Python SDK. It also ships the tl and tensorlake CLIs in your Python toolchain’s bin directory.
2

Authenticate

tl login
After you run tl login, you can manage your sandboxes in the Tensorlake Dashboard. You can also create API keys there for sandbox connections. See Authentication for the full API key setup flow.

Quickstart

Create a tiny sandbox for a quick task, or provision one with more CPU and memory for heavier workloads. 
# Create an ephemeral sandbox (no name — terminates when done, cannot be suspended)
tl sbx new --cpus 3.0 --memory 7000 --timeout 600

# Create a named sandbox (can be suspended and resumed between tasks)
tl sbx new my-agent-env --cpus 3.0 --memory 7000

# List sandboxes and copy the sandbox ID
tl sbx ls

# Run code inside the sandbox
tl sbx exec <sandbox-id> python -c 'print("Hello from sandbox")'

# Copy files in or out as the sandbox accumulates state
tl sbx cp local-file.txt <sandbox-id>:/workspace/local-file.txt

# Save a checkpoint you can return to later
tl sbx snapshot <sandbox-id>

# Branch from the current live state without starting over
tl sbx clone <sandbox-id>

# Suspend a named sandbox when you are done for now, or terminate it when the work is finished
tl sbx suspend <sandbox-id>
tl sbx terminate <sandbox-id>

Features

Command Execution

Run shell commands with full stdout/stderr capture or stream output in real time using SSE.

File Management

Read, write, and delete files. List directories with metadata. Transfer data in and out of sandboxes.

Process Management

Start background processes, send signals, monitor status, and stream stdout/stderr independently.

Network Controls

Allow or deny internet access. Block specific outbound destinations when needed.

Snapshots

Capture sandbox filesystem and memory state, then restore or branch from it later.

Sandbox Images

Prebuild dependencies and setup steps once, then start new sandboxes from a named image.

Use Cases

AI Code Execution

Run LLM-generated code in isolated containers with network restrictions and resource limits. Integrate sandboxes as tools in agentic workflows.

Agentic Swarm Intelligence

Orchestrate a swarm of LLM agents running specialized tasks in parallel sandboxes.

Agentic Dungeons & Dragons

Build a dynamic D&D-style game where parallel AI agents act as scene writers and a Dungeon Master agent orchestrates the story.

RL Training with GSPO

Fine-tune a language model on code generation tasks using Group Sequence Policy Optimization, with sandboxes as the reward oracle.

Reproducible RL Environments

Guarantee isolated, deterministic rollouts for RL training. Run parallel episodes with full seed control and no shared state between workers.

Agentic Autoresearch Loop

Autonomously improve an ML training script overnight using an LLM agent that proposes code modifications and races them in parallel sandboxes.

When to Use Sandboxes vs @function()

Use CaseApproach
Agent tool calls with different dependenciesUse @function() — built-in isolation per function
Executing LLM-generated codeUse Sandboxes — dynamic creation with network restrictions
Batch processing with bounded resourcesUse @function() with max_containers
Interactive code execution (notebooks, REPLs)Use Sandboxes — create on demand, inspect, and tear down
Untrusted user-submitted codeUse Sandboxes — network restrictions and resource limits
If your isolation needs are covered by @function() in Tensorlake Applications, you don’t need standalone sandboxes. Sandboxes are for cases where you need dynamic, on-demand container creation with fine-grained control.

Learn More

Lifecycle

Sandbox states, resources, timeouts, and lifecycle operations.

Commands

Run commands, inspect output, and open interactive shells.

Networking

Control internet access and blocked destinations.

Sandbox Images

Create reusable named starting points for sandboxes from Dockerfiles.