Comparison
| Dimension | Secure Exec | Container Sandbox |
|---|---|---|
| Isolation | V8 isolate | VM / container |
| Performance | Native V8 | Native container |
| Cold start | ~17 ms (p95) | ~950 ms (best provider) |
| Memory baseline | ~3.4 MB | ~256 MB minimum |
| Permissions | Granular, deny-by-default | Coarse-grained |
| Infrastructure | npm install | Vendor account + API keys |
| Hardware | Your choice | Vendor-locked |
| Egress | None (in-process) | Per-GB fees |
| Cost | Compute only (your infra) | Per-second + egress + storage |
| Language support | Node.js | Any (full OS) |
| Filesystem | Virtual, scoped | Full OS filesystem |
| Network access | Configurable per-execution | Full (or firewall rules) |
When to Use Each
Use Secure Exec when:
- You need fast, lightweight code execution (AI tool calls, user scripts, plugins)
- You want no vendor dependency and full control over infrastructure
- You need granular permissions (file, network, module-level)
- Cost matters at scale, especially for high-concurrency lightweight workloads
Use a container sandbox when:
- You need a full OS environment (install system packages, run arbitrary binaries)
- You need languages beyond Node.js/Python with full OS-level access
- You need persistent, long-lived environments (multi-hour dev sessions)
- Workloads are heavyweight enough that the 256 MB minimum doesn’t matter
Need a full sandboxed operating system?If your workload needs full sandbox environments (for example, running coding agents like Claude Code, Codex, or Amp), the Sandbox Agent SDK provides a unified interface for controlling agents inside sandboxes.It supports Claude Code, Codex, OpenCode, Amp, and Pi through one standardized API.