Architecture
The Sandbox SDK provides isolated code execution environments on Cloudflare's edge network. It combines three Cloudflare technologies:
- Workers - JavaScript runtime at the edge
- Durable Objects - Stateful compute with persistent storage
- Containers - Isolated execution environments with full Linux capabilities
┌─────────────────────────────────────────────────────────┐│                     Your Application                    ││                    (Cloudflare Worker)                  │└───────────────────────────┬─────────────────────────────┘                            ├─ getSandbox()                            ├─ exec()                            ├─ writeFile()                            │           ┌────────────────▼──────────────────┐           │ Container-enabled Durable Object  │           │ (SDK methods via RPC from Worker) │           └───────────────────────────────────┘                            │ HTTP/JSON                            │                    ┌───────▼───────┐                    │ Durable Object │ Layer 2: State Management                    │  (Persistent)  │                    └───────┬───────┘                            │ Container Protocol                            │                    ┌───────▼───────┐                    │   Container   │ Layer 3: Isolated Execution                    │  (Linux + Bun) │                    └───────────────┘The developer-facing API you use in your Workers:
import { getSandbox } from "@cloudflare/sandbox";
const sandbox = getSandbox(env.Sandbox, "my-sandbox");const result = await sandbox.exec("python script.py");Purpose: Provide a clean, type-safe TypeScript interface for all sandbox operations.
Manages sandbox lifecycle and routing:
export class Sandbox extends DurableObject<Env> {  // Extends Cloudflare Container for isolation  // Routes requests between client and container  // Manages preview URLs and state}Purpose: Provide persistent, stateful sandbox instances with unique identities.
Why Durable Objects:
- Persistent identity - Same sandbox ID always routes to same instance
- State management - Filesystem and processes persist between requests
- Geographic distribution - Sandboxes run close to users
- Automatic scaling - Cloudflare manages provisioning
Executes code in isolation with full Linux capabilities.
Purpose: Safely execute untrusted code.
Why containers:
- True isolation - Process-level isolation with namespaces
- Full environment - Real Linux with Python, Node.js, Git, etc.
- Resource limits - CPU, memory, disk constraints
When you execute a command:
await sandbox.exec("python script.py");- Client SDK validates parameters and sends HTTP request to Durable Object
- Durable Object authenticates and routes to container runtime
- Container Runtime validates inputs, executes command, captures output
- Response flows back through all layers with proper error transformation
Sandboxes maintain state across requests:
Filesystem:
// Request 1await sandbox.writeFile("/workspace/data.txt", "hello");
// Request 2 (minutes later)const file = await sandbox.readFile("/workspace/data.txt");// Returns 'hello' - file persistedProcesses:
// Request 1await sandbox.startProcess("node server.js");
// Request 2 (minutes later)const processes = await sandbox.listProcesses();// Server still runningCold start: 100-300ms (container initialization)
Warm start: <10ms (reuse existing container)
Network latency: 10-50ms (edge-to-edge)
- Sandbox lifecycle - How sandboxes are created and managed
- Container runtime - Inside the execution environment
- Security model - How isolation and validation work
- Session management - Advanced state management
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Directory
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- © 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark