Vercel Sandbox 现已正式发布,为 AI 智能体运行不可信代码提供了一个专门的执行层。它基于 Vercel 的 “Hive” 平台并采用 Firecracker microVM 技术构建,解决了智能体工作流的独特需求:亚秒级冷启动、完全隔离和临时运行。核心功能包括用于即时状态恢复的环境快照,以及确保成本效益的 “活动 CPU” 计费模型。在发布的同时,Vercel 还开源了 Sandbox CLI 和 SDK,使开发者能够将这种高性能基础设施集成到自己的 AI 应用和编排平台中。
3 min read
AI agents are changing how software gets built. They clone repos, install dependencies, run tests, and iterate in seconds.
Despite the change in software, most infrastructure was built for humans, not agents.
Traditional compute assumes someone is in the loop, with minutes to provision and configure environments. Agents need secure, isolated environments that start fast, run untrusted code, and disappear when the task is done.
Today, Vercel Sandbox is generally available, the execution layer for agents, and we're open-sourcing the Vercel Sandbox CLI and SDK for the community to build on this infrastructure.
Link to heading
Built on our compute platform
Vercel processes over 2.7 million deployments per day. Each one spins up an isolated microVM, runs user code, and disappears, often in seconds.
To do that at scale, we built our own compute platform.
Internally code-named Hive, it’s powered by Firecracker and orchestrates microVM clusters across multiple regions. When you click Deploy in v0, import a repo, clone a template, or run vercel in the CLI, Hive is what makes it feel quick.
Sandbox brings that same infrastructure to agents.
Link to heading
Why agents need different infrastructure
Agents don’t work like humans. They spin up environments, execute code, tear them down, and repeat the cycle continuously.
That shifts the constraints toward isolation, security, and ephemeral operation, not persistent, long-running compute.
Agents need:
-
Sub-second starts for thousands of sandboxes per task
-
Full isolation when running untrusted code from repositories and user input
-
Ephemeral environments that exist only as long as needed
-
Snapshots to restore complex environments instantly instead of rebuilding
-
Fluid compute with Active CPU pricing for cost and performance efficiency
We’ve spent years solving these problems for deployments. Sandbox applies the same approach to agent compute.
Link to heading
What is Vercel Sandbox?
Vercel Sandbox provides on-demand Linux microVMs. Each sandbox is isolated, with its own filesystem, network, and process space.
You get sudo access, package managers, and the ability to run the same commands you’d run on a Linux machine.
import { Sandbox } from '@vercel/sandbox';
const sandbox = await Sandbox.create();
await sandbox.runCommand({ cmd: 'node', args: ["-e", 'console.log("Hello from Vercel Sandbox!")'], stdout: process.stdout,});
await sandbox.stop();
Sandboxes are ephemeral by design. They run for as long as you need, then shut down automatically, and you only pay for active CPU time, not idle time.
This matches how agents work. A single task can involve dozens of start, run, and teardown cycles, and the infrastructure needs to keep up.
Link to heading
How teams are using Sandbox
Link to heading
Roo Code
Roo Code builds AI coding agents that work across Slack, Linear, GitHub, and their web interface. When you trigger an agent, you get a running application to interact with, not just a patch.
The agent operates inside a complete environment where services can run together, so it can test changes end-to-end before handing you something to review. Instead of ‘review a patch and hope,’ you get a preview you can engage with as the agent iterates.
Snapshots changed their architecture. They snapshot the environment so later runs can restore a known state instead of starting from scratch, skipping repo cloning, dependency installs, and service boot time.
Snapshots turn agents from stateless workers into persistent collaborators. Start a task on Monday, snapshot it, resume Thursday when stakeholders can review. Branch from a working state and try two approaches in parallel.
Link to heading
Blackbox AI
Blackbox AI built Agents HQ, a unified orchestration platform that integrates multiple AI coding agents through a single API. It runs tasks inside Vercel Sandboxes.
The decision to standardize on Vercel’s sandbox infrastructure was driven by two critical performance metrics: infrastructure stability and cold start performance. Sub-second sandbox initialization times enabled rapid task distribution and reduced end-to-end execution latency, which proved essential for production-grade agent orchestration.
This supports horizontal scaling for high-volume concurrent execution. Blackbox can dispatch tasks to multiple agents in parallel, each in an isolated sandbox, without resource contention.
By using Vercel sandboxes to let users run AI agents at scale, we enable organizations to treat AI agents as reliable, scalable compute primitives within their development and production systems.
Link to heading
Create your first sandbox with one command in the CLI
npx sandbox create --connect
Explore the documentation to get started, and check out the open-source SDK.