main.py (and main.ts where noted) you can run against your own Declaw deployment.
Getting Started
Hello World
Create a sandbox, run a command, print output. Python + TypeScript.
Sandbox Lifecycle
Create, inspect, extend timeout, kill. Both SDKs.
Multi-Sandbox Isolation
Prove two sandboxes have fully isolated filesystems and processes.
Commands
Run Command
Run commands with env vars, working directories, and error handling.
Stream Command
Stream command output in real-time via SSE callbacks.
Background Process
Start, list, and kill background processes by PID.
Multi-Language Execution
Run shell, Python scripts, and pipelines in a single sandbox.
Filesystem
File Operations
Write, read, list, rename, batch-write, and remove files. Both SDKs.
Upload Dataset & Analyze
Upload a CSV, run an analysis script, read back JSON results.
Download Results
Generate files in a sandbox and iterate over them on the host.
Network Policies
Network Deny All
Block all outbound traffic. Compare against an open sandbox.
Domain Allowlist
Allow only specific domains; block everything else.
Exfiltration Prevention
Deny-all networking prevents data from leaving the sandbox.
Metadata Blocking
Block cloud metadata service (169.254.169.254) to prevent SSRF.
PII Protection
PII Redaction
Configure PII scanning and redaction on outbound HTTP traffic.
PII Actions
Compare redact, block, and log-only PII action modes.
PII Rehydration
Transparent PII deanonymization in API responses.
Streaming Rehydration
PII rehydration with SSE streaming responses and chunk buffering.
Security Features
Injection Defense
Configure prompt injection detection and blocking.
Transformation Rules
Regex-based request and response body transformations.
Audit Logging
Enable and retrieve security audit logs from a sandbox.
LLM Providers
OpenAI Code Interpreter
GPT-4o-mini generates code; Declaw executes it safely.
Anthropic Code Interpreter
Claude generates code; Declaw executes it in an isolated sandbox.
Groq Code Interpreter
Llama via Groq generates code; Declaw executes it.
Gemini Code Interpreter
Google Gemini generates code; Declaw executes it.
Local LLM Code Interpreter
Ollama or vLLM local LLM with Declaw code execution.
Framework Integrations
LangGraph
LangGraph ReAct agent with a Declaw
@tool.CrewAI
CrewAI agent with a Declaw code execution tool.
AutoGen
AutoGen
CodeExecutor backed by Declaw sandboxes.OpenAI Agents SDK
OpenAI Agents SDK with a Declaw function tool.
Phidata / Agno
Agno (Phidata) toolkit wrapping Declaw sandboxes.
Haystack
Haystack pipeline component for Declaw code execution.
Mastra (TypeScript)
Mastra agent with a Declaw tool — TypeScript only.
Agent-in-Sandbox
Basic Agent
Upload and run an autonomous agent script inside a sandbox.
OpenAI Agent
OpenAI-powered agent running inside a locked-down sandbox.
Anthropic Agent
Anthropic Claude agent executing inside a sandbox.
CrewAI Agent
CrewAI multi-agent workflow running sandboxed.
With Network Policy
Agent in sandbox with network access restrictions.
Fully Secured
Agent with PII + injection defense + audit + network policy.
Real-World Patterns
CI/CD Sandbox
Run tests in a sandbox to simulate a CI pipeline.
Data Analysis
Upload dataset, run analysis, download results. Both SDKs.
Web Scraping
Web scraping with a domain-restricted network policy.
MCP Server in Sandbox
Run an HTTP API server inside a sandbox.
Multi-Agent Sandboxed
Multi-agent pipeline where each agent runs in its own sandbox.
Git Clone & Fix
Clone a repo, find a bug, apply a fix, run tests.
Security Demos
Prompt Injection Attack
Prompt injection attack scenarios and how Declaw defends.
Supply Chain Attack
Malicious package containment inside an isolated sandbox.
Credential Leak Prevention
PII scanning + deny-all prevents credential exfiltration.
With vs. Without Declaw
Side-by-side: unsecured execution vs. fully secured Declaw sandbox.