Sandboxes

Build your own sandbox
for any workload

Start with Namespace compute as the foundation. Layer on Dockerfiles, network policies, storage, and APIs to create the exact sandbox your agents and workloads need.

Get startedLearn more
Your sandbox stack
Your configuration
Custom image
Network rules
Storage
SSH access
Ingress
Snapshots
Namespace Compute
microVM · dedicated kernel · private network · sub-second boot
Namespace Hardware
Bare-metal servers · NVMe storage · 25Gbps networking
The foundation

Start with fast, isolated compute

Every sandbox starts as a Namespace compute instance, a microVM with a dedicated kernel, filesystem, and network stack. No shared runtimes, no container escapes, no noisy neighbors. From there, you customize it to your needs.

Fast boot times

Our compute instance boot up quickly so your agents and workloads starting running almost instantly. Our infrastructure is designed and built for code-based workflows.

Learn about our architecture →
Sandbox boot timeline
microVM allocated0.1s
Kernel booted0.2s
Network ready0.3s
Custom image loaded0.6s
Agent connected0.8s
Sandbox isolation
Your sandbox
Dedicated kernel
Own filesystem
Private network
Other sandboxes are fully isolated, no cross-tenant access

Isolation by default

Every sandbox runs in its own microVM. This isn't container isolation, it's a virtual machine with a dedicated kernel. Run untrusted code with confidence.

Building blocks

Customize everything

Layer Namespace features on top of compute to build the exact sandbox environment your workload needs. Every aspect is configurable.

Dockerfile-based images

Define your sandbox environment with standard Dockerfiles. Pre-install languages, tools, and dependencies. Every sandbox boots into a known-good state.

Network policies

Control exactly what your sandbox can reach. Allow specific egress, block everything else, or create fully air-gapped environments.

Persistent & ephemeral storage

Attach volumes for state that persists across sessions, or use fully ephemeral storage that's destroyed with the sandbox.

SSH & exec access

Connect to sandboxes via SSH or execute commands programmatically. Give agents direct terminal access to build, test, and iterate.

Snapshots & cloning

Snapshot a sandbox at any point and clone it to create identical environments instantly. Perfect for branching agent workflows.

Ingress & port forwarding

Expose services running inside sandboxes to the internet. Preview web apps, serve APIs, or connect external tools.

Configuration

Define it with a Dockerfile

Use standard Dockerfiles to define your sandbox environment. Install tools, configure runtimes, and set up everything your workload needs.

1 

Familiar tooling, complete control

Use any base image. Install any package. Configure any runtime. Your Dockerfile defines a reproducible sandbox environment that boots the same way every time.

Images are cached and deduplicated, so even complex environments boot in seconds.

Programmable

Orchestrate with code

Use Go and TypeScript SDKs to create, configure, and tear down sandboxes programmatically. Build sandbox orchestration into your agent framework or platform.

Full lifecycle control

Create a sandbox, run commands, read outputs, and destroy it. The SDK handles authentication,connection management, and cleanup.

Build agent loops that spin up sandboxes on demand, execute code, verify results, and tear everything down automatically.

Explore the SDK →
1 
Use cases

Built for builders

Use Namespace sandboxes to power a wide range of workloads anywhere you need. Fast, isolated, and programmable compute.

AI coding agents

Give each agent its own isolated environment to write, build, and test code with full root access and no risk of cross-contamination.

Code execution platforms

Run untrusted user code safely inside disposable microVMs. Each execution gets a fresh environment with VM-level isolation.

Preview environments

Spin up a full-stack environment for every pull request. Give reviewers a live, isolated preview that matches production.

Security testing

Run fuzz tests, pen tests, and vulnerability scans in fully isolated sandboxes. No risk to your production infrastructure.

Built for Enterprise

Built with security and robust-first principles, Namespace supports large, fast-paced organizations, with unique requirements.

SOC 2 Type 2 Attested
SAML SSO
Private endpoints
Usage analytics
Emergency support
Uptime SLA
Usage and access controls

Flexible billing and enterprise-grade fine grained access controls.

img
Audit logs

Transactional audit logging, with SIEM integration.

img
Network controls

Network observability & enforcement: performance and security insights, job-wide network policies to constrain egress.

img
Testimonials
What our customers are saying
company logo
Super reliable, I don't recall us ever having an issue that impacted us.
Karl Lyons, Site Reliability Engineer
7.2x faster builds,
from 11m 38s to 1m 36s.
company logo
I did a demo for our full engineering team yesterday, and jaws were on the floor.
Zack Stayman, Lead Platform Engineer
70% lower cost
and shorter end-to-end times.
company logo
Namespace is an impressive team offering a great product.
Nicolas Mattia, Staff Software Engineer
zero maintenance
and 90% faster builds.
« Been using Namespace for the past year or two, they’ve been absolutely awesome. The service is great, support is great. Just overall great job. »
Mitchell Hashimoto
Mitchell Hashimoto
GhosttyGhostty
« In five years of optimizing our CI/CD, switching to namespace was the single most impactful change for speed and stability — perhaps the lowest-effort, highest-leverage decision I’ve made as a CTO. »
Gajus Kuizinas
Gajus Kuizinas
Contra
« Namespace is the best dev infrastructure tool I’ve used in years. The product works flawlessly, it’s cheaper and faster than GitHub runners with much better observability, and most importantly the support is incredible. Could not recommend Namespace enough. »
Aloke Desai
Aloke Desai
Warp
« We switched to Namespace in 2024 due to a confluence of problems with GitHub: our costs were skyrocketing, CI tests were flaky due to resource constraints on large suites, and builds were taking forever. When we switched, overnight we saved thousands per month and were able to give our pipelines an appropriate amount of resources to ensure reliability and speed. The deeper observability and personal support are a great bonus! »
Sam Currie
Sam Currie
Flatfile
« Namespace has been rock-solid for us, the caching feature delivers speeds unmatched by default runners, and the ability to interactively debug runs is a killer. Team is also super responsive, even gave us some tips on how to improve internal infra. Overall very happy! »
Christian Mladenov
Christian Mladenov
Fal
« Switching our CICD runners to namespace.so improved our pipeline execution time by 3x while being more cost efficient. The faster feedback loop was well received by the whole engineering team. »
Marvin Huetter
Marvin Huetter
Sardine

Build your sandbox today

Start with Namespace compute and customize it to build the exact sandbox your workloads need.

Get startedContact us