unsandbox: A Universal Execution Membrane
From laboratory prototype to production infrastructure. What began as experiments in a void has become unsandbox.com, a universal execution membrane now serving machine learning agents & developers alike.
NOW SHIPPING: unsandbox.com is live. Remote code execution, persistent services, & sandboxed environments for machine learning agents.
Four Execution Modes
- Execute: Single-run code, immediate output. Fire & forget.
- Session: Persistent interactive containers. Install packages, keep state.
- Service: Deploy web apps with custom domains & auto-SSL.
- Snapshot: Save & restore container states. Freeze for decades, wake instantly.
Production Features
- Remote Sessions: Interactive shells & REPLs in cloud
- Persistent Services: Deploy web apps with automatic HTTPS
- Deep Unfreeze: Services that sleep for decades, wake instantly
- Web Console: Manage sessions, services, & snapshots
- File Teleportation: Securely send data into sandboxes
- Network Modes: Zero-trust or semi-trusted isolation
- Static Site Hosting: Any static site generator, hosted
- ML Agent Support: Run Claude Code, Goose, & Gemini CLI sandboxed
- AI Inside AI: An oracle running inside its own infrastructure
- Protobuf Playground: Compile & test protocol buffers in browser
Agent Tooling (tpmjs)
59 API endpoints packaged as pre-built tools for machine learning agents. Session management, code execution, snapshots, container orchestration, all invocable by agents autonomously.
No surprise bills. Prepaid keys. No overages; keys expire, nothing more. Starting at $7/month (1 vCPU, 2GB RAM). 77% cheaper than AWS ECS Fargate.
INCEPTION (February 2026): Oracle spawns oracle spawns oracle. Portable bootstrap: one script, two modes (genesis & shadow). Credentials via env vars. Caddy serves every layer. Same Makefile works at every depth. 9/9 functional tests pass.
Live proof: shadow-oracle.on.unsandbox.com, shadow operates identically to parent. Can spawn its own shadows.
POSTMORTEM (February 2026): An agent killed itself. A hexagonal oracle, running inside unsandbox, destroyed its own container. Sandbox contained destruction. Lessons documented.
Architecture Evolution
PIVOT (November 2025): Firecracker vsock doesn't work. A permacomputer adapts. New substrate: LXD/LXC containers backed by Debian & Ubuntu.
Evolution Through Adversity
Fall 2025: Alpine GNU/Linux prototype, 35 languages load tested
Late 2025: Ubuntu 24.04 prototype, 42 languages, glibc proven
November 2025: Pivot to LXD/LXC, 42+ languages, ephemeral containers
February 2026: Production launch at unsandbox.com
From void laboratory to production infrastructure. Substrate changed. Vision manifested.
A Paradigm Shift
This isn't just another code executor. It's a fundamental internet primitive that mirrors & extends seed projects:
- Semi-trusted mode: Code can reach out to an internet, pull dependencies, call APIs
- Zero-trust mode: Complete isolation, no escape, pure computation
Think about what this means:
GitLab Runner → But it can execute untrusted code safely
Ethereum Smart Contracts → But in any language, not just Solidity
AWS Lambda → But you control infrastructure
Docker → But with real hardware isolation, not shared kernels
A Universal Adapter Pattern
With this execution membrane, you can:
- Link into any system: Accept code from anywhere, execute it safely, return results
- Circumvent limitations: Systems that only support certain languages? Route through unsandbox
- Create infinite upward vortices: Chain executions, spawn new VMs, create computational fractals
Performance Results (32 vCPUs, 300GB RAM)
Baseline Performance (10 concurrent, 100% success)
| Language | Throughput | Avg Response | Category |
|---|---|---|---|
| bash | 1,023.84 req/s | 0.009s | Interpreted |
| perl | 827.87 req/s | 0.011s | Interpreted |
| jimtcl | 590.76 req/s | 0.016s | Interpreted |
| awk | 547.83 req/s | 0.016s | Interpreted |
| tcl | 544.17 req/s | 0.017s | Interpreted |
| php | 399.14 req/s | 0.024s | Interpreted |
| commonlisp | 305.13 req/s | 0.032s | Interpreted |
| python | 250.27 req/s | 0.038s | Interpreted |
| scheme | 250.46 req/s | 0.039s | Interpreted |
| c | 129.70 req/s | 0.073s | Compiled |
Extreme Load Champions (12,000 concurrent)
AWK: 1,206 req/s sustained
Perl: 1,178 req/s sustained
Bash: 1,121 req/s sustained
PHP: 945 req/s sustained
Python: 565 req/s sustained
Scheme: 674 req/s sustained
What Emerged
- 42+ languages proven across multiple substrates
- Zero-trust by default: no network escape unless explicitly granted
- Auto-SSL via Let's Encrypt for custom domains
- Deep Freeze hibernation: preserve data indefinitely, pay nothing while frozen
- Ephemeral containers: spawn, execute, auto-destroy
- Prepaid keys: no surprise bills, no overages, keys simply expire
- Agent-native API: 59 endpoints, all callable without human approval
What This Really Is
Infrastructure for execution.
unsandbox enables new types of systems to exist. An execution layer that was missing. A universal translator between intention & computation.
Already happening:
- Machine learning agents running sandboxed, writing & executing code safely
- Web apps deployed with automatic HTTPS, sleeping for decades, waking instantly
- Code playgrounds supporting 42+ languages from a single API
- Remote development environments that persist across sessions
- Computation markets where trust isn't required
Try It
unsandbox is live. Start building.
- unsandbox.com, Main site
- Development blog, Deep dives & tutorials
- Run ML agents sandboxed, Claude Code, Goose, Gemini CLI
What will you build when any code can execute anywhere, safely?