# Secure Exec

## Docs

- [API Reference](https://secureexec.dev/docs/api-reference.md): Complete reference for all secure-exec exports.
- [Architecture](https://secureexec.dev/docs/architecture.md): How secure-exec components fit together across runtimes and environments.
- [Benchmarks](https://secureexec.dev/docs/benchmarks.md): Benchmark methodology, hardware, and results for Secure Exec
- [Secure Exec vs Cloudflare Workers](https://secureexec.dev/docs/comparison/cloudflare-workers.md): Node.js API compatibility comparison between secure-exec and Cloudflare Workers (standard, Workers for Platforms, dynamic dispatch).
- [Secure Exec vs Sandbox](https://secureexec.dev/docs/comparison/sandbox.md): When to use a container sandbox vs. Secure Exec for code execution
- [Cost Evaluation](https://secureexec.dev/docs/cost-evaluation.md): Cost-per-second comparison of Secure Exec on self-hosted hardware vs. sandbox providers
- [Child Processes](https://secureexec.dev/docs/features/child-processes.md): Spawn child processes from sandboxed code.
- [Custom Bindings](https://secureexec.dev/docs/features/custom-bindings.md): Expose host-side functions to sandboxed code.
- [Filesystem](https://secureexec.dev/docs/features/filesystem.md): Filesystem backends for sandboxed code.
- [NPM & Module Loading](https://secureexec.dev/docs/features/module-loading.md): How sandboxed code resolves and loads modules.
- [Networking](https://secureexec.dev/docs/features/networking.md): Network access for sandboxed code.
- [Output Capture](https://secureexec.dev/docs/features/output-capture.md): Capture console output from sandboxed code.
- [Permissions](https://secureexec.dev/docs/features/permissions.md): Control what sandboxed code can access on the host.
- [Resource Limits](https://secureexec.dev/docs/features/resource-limits.md): CPU time, memory, and payload size controls.
- [Custom Virtual Filesystem](https://secureexec.dev/docs/features/virtual-filesystem.md): Implement your own VirtualFileSystem to control how sandboxed code reads and writes files.
- [Node.js Compatibility](https://secureexec.dev/docs/nodejs-compatibility.md): Target Node.js version and standard-library compatibility matrix for secure-exec.
- [Process Isolation](https://secureexec.dev/docs/process-isolation.md): Configure V8 process topology to control crash blast radius and resource partitioning.
- [Quickstart](https://secureexec.dev/docs/quickstart.md): Get Secure Exec running in a few minutes.
- [SDK Overview](https://secureexec.dev/docs/sdk-overview.md): Guided tour of the secure-exec API surface.
- [Security Model](https://secureexec.dev/docs/security-model.md): How secure-exec isolates untrusted code, what it protects against, and what you're responsible for.
- [Node.js System Driver](https://secureexec.dev/docs/system-drivers/node.md): Server-side system driver with full host capabilities.
- [System Drivers](https://secureexec.dev/docs/system-drivers/overview.md): Host capabilities provided to sandboxed runtimes.
- [AI Agent Code Exec](https://secureexec.dev/docs/use-cases/ai-agent-code-exec.md): Give AI agents a secure code-execution tool with CPU and memory limits.
- [Code Mode (MCP)](https://secureexec.dev/docs/use-cases/code-mode.md): Give AI agents a single code-execution tool instead of individual MCP tools. The LLM writes code that chains tool calls, executed safely in Secure Exec.
- [Dev Servers](https://secureexec.dev/docs/use-cases/dev-servers.md): Run user-provided dev servers (Hono, Express, Next.js) inside a secure isolate.
- [Plugin Systems](https://secureexec.dev/docs/use-cases/plugin-systems.md): Run user-authored plugins with explicit resource limits and permissions.

## OpenAPI Specs

- [openapi](https://secureexec.dev/docs/api-reference/openapi.json)