Prerequisites
- A Porter project
- An AWS cluster where you want to run sandboxes. We recommend creating a new AWS cluster for sandboxes so sandbox workloads are isolated from your other running workloads.
A dedicated cluster is not required, it’s a defense-in-depth recommendation. Sandboxes often run untrusted code (end-user submissions, LLM agent output), and running them in their own cluster isolates that code from your main workloads as much as possible. Sharing a cluster with your other workloads is reasonable for development and testing; for production workloads that run untrusted code, we recommend the separate cluster.
Enable sandboxes
Enable sandboxes from the Sandbox tab
Sandboxes can only be enabled on AWS clusters.In the Porter Dashboard, navigate to the Sandbox tab for the AWS cluster where you want to run sandboxes and click Enable sandboxes.

Install a Sandbox SDK in your application
Add either the Python or TypeScript Sandbox SDK to the application that will create and manage sandboxes.

Write your first sandbox call
In your application code, create a sandbox, execute a command, read the output, and terminate the sandbox when the work is done. The examples below show the smallest end-to-end flow.
Calling from outside the cluster
The SDK connects to the in-cluster Sandbox API automatically when your application runs as a Porter Application in the same cluster where sandboxes are enabled. To invoke sandboxes from anywhere else, authenticate with a Porter API token and tell the SDK which cluster to target:dashboard.porter.run automatically. Replace <cluster-id> with the cluster where sandboxes are enabled. You can copy the prefilled snippet from the cluster’s Sandbox tab, or look up the ID with the Porter CLI:
PORTER_SANDBOX_BASE_URL or pass base_url (Python) / baseUrl (TypeScript) to the client constructor. These take precedence over everything above.
Python quickstart
Install the SDK in your application image:TypeScript quickstart
Install the SDK in your application image:Keep a sandbox alive for exec
A sandbox lives as long as its main process: the image’s default entrypoint, or the command you pass at create time. When that process exits, the sandbox moves tosucceeded (exit code 0) or failed (nonzero), and it stops accepting exec calls.
An image whose default command exits immediately reaches succeeded within a few seconds of starting. If you want to create a sandbox first and exec into it later, give it a long-running main process, then terminate it when the work is done:
Set environment variables
Pass environment variables at create time. The SDKs take anenv map, and the CLI takes a repeatable --env KEY=VALUE flag:
Use custom images
Sandboxes run any container image, so you can bake in the tools your workload needs (language runtimes, CLIs, agents) instead of installing them at runtime. Private images are supported. Push your image to the ECR registry in the AWS account associated with your sandbox cluster, and sandboxes on that cluster can pull it without extra credential configuration.Run an agent inside a sandbox
A sandbox can host an entire agent, not just execute tools for an agent that runs elsewhere. Two patterns are common:- Sandbox as a tool: your agent’s control loop and model calls run in your application, and the agent uses the sandbox to execute code or commands as a tool. This is the exec flow shown above.
- Agent in the sandbox: the whole agent, its control loop and its model calls, runs inside the sandbox. Bake your harness into a custom image, inject the model API key at create time, and run it as the sandbox’s main process. Sandboxes reach the public internet by default, so an in-sandbox agent calls a hosted model API directly.
Use tags to identify sandboxes
Tags make it easier to find sandboxes created by a workflow:Next steps
- Use Sandbox Networking to serve sandboxes over HTTPS on your own domains.
- Use the sandbox CLI guide to list, inspect logs, exec into, and terminate sandboxes.
- Use the Python Sandbox SDK quickstart for Python services.
- Use the TypeScript Sandbox SDK quickstart for Node.js and TypeScript services.

