Vercel Sandbox
Vercel Sandbox is an ephemeral compute primitive designed to safely run untrusted or user-generated code on Vercel. It supports dynamic, real-time workloads for AI agents, code generation, and developer experimentation.
With Vercel Sandbox, you can:
-
Execute untrusted or third-party code: When you need to run code that has not been reviewed, such as AI agent output or user uploads, without exposing your production systems.
-
Build dynamic, interactive experiences: If you are creating tools that generate or modify code on the fly, such as AI-powered UI builders or developer sandboxes such as language playgrounds.
-
Test backend logic in isolation: Preview how user-submitted or agent-generated code behaves in a self-contained environment with access to logs, file edits, and live previews.
-
Run a development server to test your application.
- Get started with using Vercel Sandbox with the getting started guide and examples
- Learn about authentication methods and the SDK reference
- Use the CLI reference to manage sandboxes from the command line
- Understand how to monitor your sandboxes
- Review pricing, resource limits and system specifications
You can create sandboxes using our TypeScript SDK or Python SDK.
The SDK uses Vercel OIDC tokens to authenticate whenever available. This is the most straightforward and recommended way to authenticate.
When developing locally, you can download a development token to using . After 12 hours the development token expires, meaning you will have to call again.
In production, Vercel manages token expiration for you.
If you want to use the SDK from an environment where is unavailable, you can also authenticate using an access token. You will need
- your Vercel team ID
- your Vercel project ID
- a Vercel access token with access to the above team
Set your team ID, project ID, and token to the environment variables , , and . Then pass these to the method:
Sandbox includes a and image. In both of these images:
- User code is executed as the user.
- The default working directory is .
- access is available.
| Runtime | Package managers | |
|---|---|---|
| , | ||
| , |
The base system is Amazon Linux 2023 with the following additional packages:
Users can install additional packages using the package manager:
You can find the list of available packages on the Amazon Linux documentation.
The sandbox sudo configuration is designed to be easy to use:
- is set to . Commands executed with sudo will source root's configuration files (e.g. , , etc).
- is left unchanged. Local or project-specific binaries will still be available when running with elevated privileges.
- The executed command inherits all other environment variables that were set.
To view sandboxes that were started per project, inspect the command history and view the sandbox URLs, access the Sandboxes insights page by:
- From the Vercel dashboard, go to the project where you created the sandbox
- Click the Observability tab
- Click Sandboxes on the left side of the Observability page
To track compute usage for your sandboxes across projects, go to the Usage tab of your Vercel dashboard.
Was this helpful?