Free during public preview

Secure sandboxes for AI agents

Secure infrastructure for running AI-generated code. Each sandbox boots in 200ms in its own microVM. Run code, manage files, clone repos, and stream processes.

Start Building - It's Free Read the Docs
create-sandbox.py 
import requests

api_key = "<your-api-key>"

sandbox = requests.post(
  "https://api.leap0.dev/v1/sandbox",
  headers={"Authorization": api_key},
  json={
    "template_name": "system/code-interpreter",
    "vcpu": 2,
    "memory_mib": 2048,
  }
).json()

# Sandbox is live in ~200ms
print(sandbox["id"])

200ms

Cold Start

8h

Max Execution

8

Max vCPU

8 GB

Max Memory

What is Leap0

Secure infrastructure for running AI-generated code.

Create a template from any container image. Spawn sandboxes from that template in 200ms. Each sandbox runs in its own Firecracker microVM with dedicated CPU, memory, and network boundaries. Invoke it over HTTP, SSE, or WebSocket. Delete it when you're done.

Why use sandboxes

Let agents run code without risking your system.

Sandboxes exist for security. They let agents execute arbitrary code, access files, and use the network without compromising your credentials, local files, or host system. This isolation is essential when agents run autonomously.

Built-in Tools

Everything your agent needs, accessible via API.

>_

Code Interpreter

Stateful REPL sessions for Python and TypeScript. Variables persist across calls. Matplotlib charts auto-captured as PNG and SVG. 50+ pre-installed data-science packages.

Filesystem

Full filesystem access inside every sandbox. List, upload, download, move, delete, and search files. Batch operations for multi-file uploads and tar-archive downloads.

Git

Clone repos, create branches, stage files, commit, push, and pull. Your agent can work with any Git repository inside its sandbox without installing anything.

Process

Execute one-shot commands inside a running sandbox.

PTY

Interactive terminal sessions over WebSocket with persistent session state, live input/output, and runtime terminal resizing.

LSP

Start language servers for Python and TypeScript to power completions, symbols, and document lifecycle events directly in the sandbox.

SSH Access

Generate and manage time-bound SSH credentials for direct sandbox access, with validate, rotate, and revoke endpoints.

Telemetry

OpenTelemetry-native observability. Stream logs, metrics, traces, and spans from running sandboxes in real-time.

Network Controls

Fine-grained egress control per sandbox. Allow-list specific IP ranges or block all outbound traffic entirely. Each sandbox gets its own network boundary.

HTTP / SSE / WebSocket

Invoke any sandbox directly over HTTP, Server-Sent Events, or WebSocket. Whatever your app serves inside the sandbox is reachable at its unique subdomain.

How It Works

Spin up and start using the sanbox in two api calls.

1 Spawn

Spawn a sandbox

Choose CPU, memory, timeout, and optional network restrictions. Live in ~200ms. 

POST /v1/sandbox
{
  "template_name": "system/code-interpreter",
  "vcpu": 2,
  "memory_mib": 2048
}
2 Use

Use it

Execute code, manage files, clone repos, or just hit your app's HTTP endpoint directly. 

POST /execute
{
  "code": "print('hello')",
  "language": "python"
}
Security

Every sandbox is a Firecracker microVM.

Firecracker with the Jailer for process and filesystem isolation. Dedicated network boundaries with egress policy enforcement. No shared state between sandboxes. Ever.

Start building.

Free while Leap0 is in public preview. No credit card required.

Sign Up Free Documentation