isorunSign up
Public beta. No card required.

Sandboxes in milliseconds.

Fastest, cheapest, globally scalable runtime for AI agents. Fully isolated VMs from any Docker image, ready in 10ms.

Sign up Read docs

Billed per second at $0.04/hour for 1 vCPU + 1 GB RAM.

// start a Linux VM, run code, destroy it
import { Sandbox } from "isorun";
 
const sb = await Sandbox.create();
const r = await sb.run("node", "-e", "console.log(2**32)");
await sb.destroy();

Runtime

Six primitives an agent needs.

Run real code safely, at the speed of a function call.

KVM

Hardware isolation

Each sandbox boots its own guest kernel, sharing nothing with its neighbours.

OCI

Any image

Pull from Docker Hub, ghcr, or your own private registry.

fork()

Fork running VMs

Clone an in-flight sandbox and branch its live state.

tty

Persistent shells

Long-lived bash with signals, scrollback, and detach.

preview

Public URLs

Expose a port and get HTTPS, WebSockets, SSE, H2, and H3.

continuation

Hibernate / resume

Pause to disk and restore exactly where you left off.

Workloads

Any Docker image, any port.

Bring any base image. If it runs on Linux, it runs on isorun. If it listens on a port, one call gives it a public URL.

Any OCI image

Pinned tags, digests, and private registries.

Pass any OCI reference to Sandbox(). The first pull builds a cache; every boot after is a fast cold-start.

python:3.12node:22ubuntu:24.04ghcr.io/you/agent:1.0playwright/python:v1.48

Public URLs

Every port, one TLS hop from the internet.

Call sb.url(port) for a signed HTTPS URL to whatever you're running. Full WebSocket, SSE, and every HTTP method.

https://run01ab….isorun.ai/sb/p/5173/

MCP

Give Claude a real computer.

Hand Claude a full Linux box per session, on your own infrastructure.

// start a Linux VM, run code, destroy it
import { Sandbox } from "isorun";
 
const sb = await Sandbox.create();
const r = await sb.run("node", "-e", "console.log(2**32)");
await sb.destroy();

Claude Managed Agents

Self-hosted sandbox runtime for Anthropic's orchestrator. One microVM per session, isolated for its life.

Parallel by default

Spin up 30 siblings from one prompt. Each isolated.

Hibernate / resume

Pause a session and come back later to the same scrollback, FDs, and processes.

Security

Your secrets never enter the sandbox.

API keys are injected at the network boundary, never inside the VM. Dump the guest's memory or read /proc/*/environ and you get nothing back. If an agent breaks out, it has the in-flight request, not your keys.

Guest VM

agent code
OPENAI_API_KEYsk-placeholder
OPENAI_BASE_URL10.0.0.1:443
/proc/*/environ(empty)
request

Host proxy

credential injection
match base_url
inject headersk-live_…
log · hmac chainsigned
tls egress

Upstream

api.openai.com
authenticated200 OK
allow-listdefault-deny
Four layers of isolation: CPU virtualization (KVM), default-deny egress, an out-of-guest credential proxy, and an HMAC-linked audit log. Code in the guest can't read the key, reach a blocked endpoint, or rewrite the log.

Network

Egress policy, before the packet leaves.

Pick a profile or write your own rules. Enforcement lives in the host kernel, so code in the guest can't turn it off.

unrestrictedNo filtering, sandbox can reach any hostallow-all
locked-downAir-gapped, no external network at alldeny-all
claude-codeAnthropic API + PyPI + npm + GitHub + crates.ioallow-list
openaiOpenAI API + PyPI + npm + GitHuballow-list
data-scienceHuggingFace + PyPI + GitHub + S3 + GCS + condaallow-list
allowlist.ts
import { Isorun } from "isorun";

const isorun = new Isorun();
const sandbox = await isorun.create({
  image: "python:3.12-slim",
  network: {
    deny: ["0.0.0.0/0"],  // block everything
    allow: ["api.openai.com", "pypi.org"],  // except these
  },
});

await sandbox.exec("pip install openai");  // works
await sandbox.exec("curl https://api.openai.com/v1/models");  // works
const out = await sandbox.exec("curl -m 2 https://example.com");
console.log(out.exitCode !== 0);  // blocked

Pricing

Per-second billing, no minimums.

The advertised price is the price. Egress, storage, and platform fees are included.

$0.04/ hour
1 vCPU · 1 GB RAM · per-second billing
Sign up Talk to us
most agent sessions: $0.001 to $0.01 each
  • Per-second billing
  • Any OCI image
  • TLS, WS, HTTP/3
  • Hibernate / resume
  • Hardware isolation
  • SOC 2 Type II (soon)

Spin up your first sandbox in 10 ms.

Public beta. No credit card. $50 in credit when you sign up, about 1,250 hours on a 1 vCPU sandbox.

Sign up Read the docs

SDKs: TypeScript  ·  MCP server  ·  Integrations: Claude Managed Agents · OpenAI Agents · LangChain · CrewAI