Skip to main content
Declaw is available as a managed cloud service and, for enterprise customers, as an on-prem deployment operated by the Declaw team.

Declaw Cloud

The fastest way to start. Sign up at declaw.ai, grab an API key, and point the SDK at the production endpoint: 
export DECLAW_API_KEY=<your-key>
export DECLAW_DOMAIN=api.declaw.ai

from declaw import Sandbox

sbx = Sandbox.create()
print(sbx.commands.run("echo hello").stdout)
sbx.kill()
No infrastructure to manage. Firecracker microVMs, the security proxy, guardrails, and all control-plane services run inside Declaw’s environment. Billing is per-sandbox-hour with a per-API-key wallet — see Quickstart for details.

Enterprise on-prem

For teams with data-residency, compliance, or network-isolation requirements, Declaw can be deployed inside your own cloud account or data center. The Declaw team handles the install, upgrades, and ongoing operations — you get a dedicated control plane and orchestrator nodes that never leave your perimeter. On-prem is a white-glove engagement and is not self-service. If you need it, contact sales to start the conversation.

Talk to sales

Discuss on-prem deployment, compliance (SOC 2, HIPAA), and custom SLAs.

What you get either way

Regardless of whether you run on cloud or on-prem, every Declaw deployment includes:
ComponentRole
Sandbox ManagerREST API for sandbox + template lifecycle
OrchestratorFirecracker VM lifecycle, network isolation, per-sandbox security proxy
GuardrailsML scanner service — PII, prompt injection, toxicity, code security
envdIn-VM daemon for filesystem, process, and PTY access
PostgreSQL + RedisSandbox state, routing, sessions
The full request flow, security pipeline, and isolation model are documented under Architecture.