from deno_sandbox import DenoDeploy
sdk = DenoDeploy()
with sdk.sandbox.create() as sb:
# Run a shell command
process = sb.spawn("echo", args=["Hello from the sandbox!"])
process.wait()
# Write and read files
sb.fs.write_text_file("/tmp/example.txt", "Hello, World!")
content = sb.fs.read_text_file("/tmp/example.txt")
print(content)
> In Deno Sandbox, secrets never enter the environment. Code sees only a placeholder
> The real key materializes only when the sandbox makes an outbound request to an approved host. If prompt-injected code tries to exfiltrate that placeholder to evil.com? Useless.
That seems clever.
johnspurlocktoday at 5:33 PM
"Over the past year, we’ve seen a shift in what Deno Deploy customers are building: platforms where users generate code with LLMs, and that code runs immediately without review. That code frequently calls LLMs itself, which means it needs API keys and network access.
This isn’t the traditional “run untrusted plugins” problem. It’s deeper: LLM-generated code, calling external APIs with real credentials, without human review. Sandboxing the compute isn’t enough. You need to control network egress and protect secrets from exfiltration.
Deno Sandbox provides both. And when the code is ready, you can deploy it directly to Deno Deploy without rebuilding."
koolalatoday at 7:52 PM
The free plan makes me want to use it like Glitch. But every free service like this ever has been burned...
zenmactoday at 7:31 PM
>Deno Sandbox gives you lightweight Linux microVMs (running in the Deno Deploy cloud)
The real question is can the microVMs run in just plain old linux, self-hosted.
MillionOClocktoday at 7:52 PM
Can this be used on iOS somehow? I am building a Swift app where this would be very useful but last time I checked I don't think it was possible.
How to know what domains to allow? The agent behavior is not predefined.
ttoinoutoday at 5:52 PM
What happens if we use Claude Pro or Max plans on them ? It’ll always be a different IP connecting and we might get banned from Anthropic as they think we’re different users
Why limit the lifetime on 30 mins ?
mrpandastoday at 7:06 PM
Where's the real value for devs in something like this? Hasn't everyone already built this for themselves in the past 2 years? I'm not trying to sound cheeky or poo poo the product, just surprised if this is a thing. I can never read what's useful by gut anymore, I guess.
nihakuetoday at 6:29 PM
See also Sprites (https://news.ycombinator.com/item?id=46557825) which I've been using and really enjoying. There are some key architecture differences between the two, but very similar surface area. It'll be interesting to see if ephemeral + snapshots can be as convenient as stateful with cloning/forking (which hasn't actually dropped yet, although the fly team say it's coming).
Will give these a try. These are exciting times, it's never been a better time to build side projects :)
Tepixtoday at 6:28 PM
If you can create a deno sandbox from a deno sandbox, you could create an almost unkillable service that jumps from one sandbox to the next. Very handy for malicious purposes. ;-)
Just an idea…
sneheshttoday at 6:43 PM
50/200 Gb free plus $0.5 / Gb out egress data seems expensive when scaling out.
e12etoday at 6:19 PM
Looks promising. Any plans for a version that runs locally/self-host able?
Looks like the main innovation here is linking outbound traffic to a host with dynamic variables - could that be added to deno itself?