Vercel Sandbox
Vercel Sandbox is an ephemeral compute primitive designed to safely run untrusted or user-generated code on Vercel. It supports dynamic, real-time workloads for AI agents, code generation, and developer experimentation.
With Vercel Sandbox, you can:
-
Execute untrusted or third-party code: When you need to run code that has not been reviewed, such as AI agent output or user uploads, without exposing your production systems.
-
Build dynamic, interactive experiences: If you are creating tools that generate or modify code on the fly, such as AI-powered UI builders or developer sandboxes such as language playgrounds.
-
Test backend logic in isolation: Preview how user-submitted or agent-generated code behaves in a self-contained environment with access to logs, file edits, and live previews.
-
Run a development server to test your application.
The Sandbox SDK is the recommended way to integrate Vercel Sandbox into your applications. It provides a programmatic interface to create sandboxes, run commands, and manage files.
- SDK (recommended): Use
@vercel/sandboxfor TypeScript to automate sandbox workflows in your code - CLI: Use the
sandboxCLI for manual testing, debugging, and one-off operations
The SDK uses Vercel OIDC tokens to authenticate whenever available. This is the most straightforward and recommended way to authenticate.
When developing locally, you can download a development token to .env.local using vercel env pull. After 12 hours the development token expires, meaning you will have to call vercel env pull again.
In production, Vercel manages token expiration for you.
Sandbox includes a node24, node22 and python3.13 image. In all these images:
- User code is executed as the
vercel-sandboxuser. - The default working directory is
/vercel/sandbox. sudoaccess is available.
| Runtime | Package managers | |
|---|---|---|
node24 | /vercel/runtimes/node24 | npm, pnpm |
node22 | /vercel/runtimes/node22 | npm, pnpm |
python3.13 | /vercel/runtimes/python | pip, uv |
node24 is the default runtime if the runtime property is not specified.
The base system is Amazon Linux 2023 with the following additional packages:
bind-utils
bzip2
findutils
git
gzip
iputils
libicu
libjpeg
libpng
ncurses-libs
openssl
openssl-libs
procps
tar
unzip
which
whois
zstd
Users can install additional packages using the dnf package manager:
import { Sandbox } from '@vercel/sandbox';
const sandbox = await Sandbox.create();
await sandbox.runCommand({
cmd: 'dnf',
args: ['install', '-y', 'golang'],
sudo: true,
});You can find the list of available packages on the Amazon Linux documentation.
The sandbox sudo configuration is designed to be easy to use:
HOMEis set to/root. Commands executed with sudo will source root's configuration files (e.g..gitconfig,.bashrc, etc).PATHis left unchanged. Local or project-specific binaries will still be available when running with elevated privileges.- The executed command inherits all other environment variables that were set.
To view sandboxes that were started per project, inspect the command history and view the sandbox URLs, access the Sandboxes insights page by:
- From the Vercel dashboard, go to the project where you created the sandbox
- Click the Observability tab
- Click Sandboxes on the left side of the Observability page
To track compute usage for your sandboxes across projects, go to the Usage tab of your Vercel dashboard.
Was this helpful?