Skip to content

Isolate Sandbox

Isolate sandboxes run a JavaScript/TypeScript fetch handler inside a V8 isolate (Cloudflare's workerd engine). Push a bundle, get an HTTP entrypoint with capability-scoped egress — no Dockerfile, no container image, no shell or filesystem. This is the Workers-model tier that complements Firecracker microVMs.

Requires SB_ENABLE_ISOLATE=true and a pinned workerd binary on the host (install.sh --with-isolate).

Pass runtime: "isolate" and a module_ref pointing at a JS/TS bundle — an uploaded catalogue name/digest, or a file:// path for operators. Isolates default to durability: "ephemeral"; passivatable is rejected and durable is not yet enabled.

import { MicroVM } from '@aerol-ai/aerolvm-sdk'
const client = new MicroVM({
apiUrl: process.env.SB_API_URL,
patToken: process.env.SB_PAT_TOKEN,
})
const sandbox = await client.create({
moduleRef: 'sha256:…', // or an uploaded bundle name
runtime: 'isolate',
memoryMB: 128,
networkAllowOut: ['api.example.com'],
})
console.log(sandbox.id)

Isolates have no shell, no filesystem, and no arbitrary binary. Toolbox exec invokes the fetch handler; other toolbox verbs return 501. Upload bundles via POST /v1/js-bundles (experimental until the demand checkpoint lands). Public HTTP is opt-in with expose_port (HTTP only — the TCP host-port pool is never walked).