Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.podflare.ai/llms.txt

Use this file to discover all available pages before exploring further.

Podflare is in private alpha. The core engine is production-grade (hardware-isolated microVMs, live in multiple regions), but we’re still iterating on APIs, tier policy, and operational polish. Production workloads are welcome — expect occasional rough edges, and reach out at sales@podflare.ai if you’re depending on us.
One Podflare sandbox is a real Linux box. Not a container. Not a function. Root filesystem, up to 16 GB RAM, full internet access, can pip install anything, has a persistent Python REPL, forks in ~80 ms. See What is a sandbox? for the full feature list.

What you get

CapabilityDetail
Full Linux microVMDedicated kernel, hardware isolation, Ubuntu 24.04 minimal.
Persistent Python REPLVariables, imports, open files carry across run_code calls.
Full network egress (default-on)DHCP-leased IP, NAT to the internet. pip install / npm install / git clone all work without configuration. Opt out per-sandbox with egress=False for untrusted code.
Writable rootfsUp to 64 GB. Build images, clone repos, write artifacts.
fork(n) in ~80 msSnapshot a running sandbox, spawn N CoW children. The primitive agent tree-search was built for.
Persistent SpacesFreeze-to-disk on idle, resume into a fresh sandbox later. Python process survives.
Sub-50 ms hot execEach run_code after the first is a vsock round-trip (p50 ~46 ms), not a reboot.
Multi-region5 regions (us-west, us-central, us-east, eu, sg). SDK 0.0.20+ goes through api.podflare.ai — Cloudflare-edge-routed to the nearest origin with automatic 5xx failover.

The minimum program

pip install podflare

import os
from podflare import Sandbox
os.environ["PODFLARE_API_KEY"] = "pf_live_..."  # get one at dashboard.podflare.ai/keys

with Sandbox() as sb:
    # Install whatever you want
    sb.run_code("pip install scikit-learn pandas requests", language="bash")

    # Keep using it — Python state persists
    sb.run_code("""
        import pandas as pd
        df = pd.read_csv('https://example.com/data.csv')
        print(df.shape)
    """)

    # Fork 5 ways — each child inherits `df` without re-loading
    children = sb.fork(n=5)
    for c in children:
        c.run_code("print(df.head())")
        c.close()
That’s real compute. Real network. Real state. In one with block.

The loop that made us build this

Agents keep solving tiny tasks in short bursts. Spinning up a fresh Docker container per tool call costs 500–2000 ms and loses all context. Running agent code on your own infra means one rogue curl can exfiltrate your production database. Podflare gives each agent session its own disposable Linux box that it cannot escape from, that it doesn’t lose state in, and that it can fork to explore N branches of a problem from a shared ancestor: 
from podflare import Sandbox

with Sandbox() as parent:
    # Expensive setup once
    parent.run_code("import pandas as pd; df = pd.read_csv('/data/big.csv')")

    # Fork 5 ways — each child inherits df + pandas already loaded
    children = parent.fork(n=5)
    try:
        plans = ["df.head()", "df.describe()", "df.corr()", "df.dtypes", "df.memory_usage()"]
        results = [c.run_code(p) for c, p in zip(children, plans)]
        winner = pick_best(results)
        parent.merge_into(winner)  # parent's state is now winner's state
    finally:
        for c in children:
            c.close()

Why now

Every serious AI agent framework has converged on a small code-execution tool surface. Podflare ships the backend they all plug into:

OpenAI Agents SDK

podflare_code_interpreter() returns a FunctionTool

Vercel AI SDK

podflareRunCode() wraps into tool({...})

Anthropic Messages API

handle_code_execution_tool_use for tool_use blocks

MCP

Drop-in server for Claude Desktop, Cursor, Cline, Zed

Architecture at a glance

  • Podflare microVM per sandbox. KVM-backed hardware isolation, dedicated guest kernel, ~100 MB RSS each.
  • Concurrent snapshot restore — N children boot from one seed snapshot in parallel.
  • Copy-on-write rootfs — per-sandbox disk clones are metadata-only, ~1 ms each.
  • Diff snapshots for fork — only dirty pages written, so a running sandbox can fan out into 5 siblings in ~100 ms.
  • Warm pool — pre-booted VMs hand off instantly; pool refills in ~12 ms.
  • Bridge + NAT for outbound network — every guest gets its own DHCP lease.
See real numbers on the Performance page. Next → What is a sandbox? or skip to the Quickstart.