Prerequisites
- A Declaw Cloud account — sign up at declaw.ai to get an API key
DECLAW_API_KEY and DECLAW_DOMAIN environment variables set (see Deployment)
Enterprise on-prem customers receive their own DECLAW_DOMAIN from the Declaw team during provisioning. Everything else in this guide is identical.
Install the SDK
Requires Python 3.10 or later. The package includes both synchronous (Sandbox) and asynchronous (AsyncSandbox) clients. Requires Node.js 18 or later. All SDK methods return Promises. Requires Go 1.22 or later. All operations take a context.Context for cancellation and timeouts.
Set environment variables
export DECLAW_API_KEY="your-api-key"
export DECLAW_DOMAIN="your-declaw-instance.example.com:8080"
DECLAW_DOMAIN is the hostname of the Declaw API server (api.declaw.ai for Declaw Cloud). DECLAW_API_KEY authenticates your requests. Both are picked up automatically by the SDK — you do not need to pass them explicitly to Sandbox.create().Get your API key from your dashboard at declaw.ai. Enterprise on-prem customers will receive their own domain and key. Create a sandbox and run a command
from declaw import Sandbox
sbx = Sandbox.create(template="python", timeout=300)
try:
result = sbx.commands.run('echo "Hello from Declaw!"')
print(result.stdout) # Hello from Declaw!
print(result.exit_code) # 0
finally:
sbx.kill()
Sandbox.create() boots a sandbox and returns once the VM is ready. commands.run() executes the command inside the VM and blocks until it completes. sbx.kill() destroys the VM and releases all resources.import { Sandbox } from "@declaw/sdk";
const sbx = await Sandbox.create({ template: "python", timeout: 300 });
try {
const result = await sbx.commands.run('echo "Hello from Declaw!"');
console.log(result.stdout); // Hello from Declaw!
console.log(result.exitCode); // 0
} finally {
await sbx.kill();
}
Every Sandbox method is async. Always call sbx.kill() in a finally block to ensure cleanup even if an error occurs.package main
import (
"context"
"fmt"
"log"
"github.com/declaw-ai/declaw-go"
)
func main() {
ctx := context.Background()
sbx, err := declaw.Create(ctx,
declaw.WithTemplate("python"),
declaw.WithTimeout(300),
)
if err != nil {
log.Fatal(err)
}
defer sbx.Kill(ctx)
result, err := sbx.Commands.Run(ctx, `echo "Hello from Declaw!"`)
if err != nil {
log.Fatal(err)
}
fmt.Println(result.Stdout) // Hello from Declaw!
fmt.Println(result.ExitCode) // 0
}
All operations take a context.Context. Always defer sbx.Kill(ctx) to ensure cleanup.Write a file and run a script
from declaw import Sandbox
sbx = Sandbox.create(template="python", timeout=300)
try:
# Write a Python script into the sandbox filesystem
sbx.files.write("/tmp/hello.py", "print('Hello from inside the VM!')\n")
# Execute it
result = sbx.commands.run("python3 /tmp/hello.py")
print(result.stdout) # Hello from inside the VM!
finally:
sbx.kill()
import { Sandbox } from "@declaw/sdk";
const sbx = await Sandbox.create({ template: "python", timeout: 300 });
try {
// Write a script into the sandbox filesystem
await sbx.files.write("/tmp/hello.py", "print('Hello from inside the VM!')\n");
// Execute it
const result = await sbx.commands.run("python3 /tmp/hello.py");
console.log(result.stdout); // Hello from inside the VM!
} finally {
await sbx.kill();
}
sbx, err := declaw.Create(ctx,
declaw.WithTemplate("python"),
declaw.WithTimeout(300),
)
if err != nil {
log.Fatal(err)
}
defer sbx.Kill(ctx)
// Write a Python script into the sandbox filesystem
_, err = sbx.Files.Write(ctx, "/tmp/hello.py", "print('Hello from inside the VM!')\n")
if err != nil {
log.Fatal(err)
}
// Execute it
result, err := sbx.Commands.Run(ctx, "python3 /tmp/hello.py")
if err != nil {
log.Fatal(err)
}
fmt.Println(result.Stdout) // Hello from inside the VM!
Add a security policy
Attach a SecurityPolicy at creation time to enable PII redaction, prompt injection defense, network restrictions, and audit logging.from declaw import Sandbox, SecurityPolicy, PIIConfig, ALL_TRAFFIC
policy = SecurityPolicy(
pii=PIIConfig(
enabled=True,
types=["ssn", "credit_card", "email", "phone"],
action="redact",
),
injection_defense=True,
network={"allow_out": ["api.openai.com", "pypi.org"], "deny_out": [ALL_TRAFFIC]},
audit=True,
)
sbx = Sandbox.create(template="python", timeout=300, security=policy)
try:
result = sbx.commands.run("python3 -c 'print(2 + 2)'")
print(result.stdout) # 4
finally:
sbx.kill()
With this policy:
- Any HTTP request leaving the sandbox that contains a credit card number, SSN, email address, or phone number will have those values replaced with
[REDACTED_*] tokens before reaching the external server.
- The injection defense model scores every outbound LLM API call and blocks requests above the detection threshold.
- Only
api.openai.com and pypi.org can be reached. All other outbound connections are dropped.
- Every security event is written to the audit log.
import { Sandbox, createSecurityPolicy, createPIIConfig, PIIType, RedactionAction, ALL_TRAFFIC } from "@declaw/sdk";
const policy = createSecurityPolicy({
pii: createPIIConfig({
enabled: true,
types: [PIIType.SSN, PIIType.CreditCard, PIIType.Email, PIIType.Phone],
action: RedactionAction.Redact,
}),
injectionDefense: { enabled: true, action: "block" },
network: {
allowOut: ["api.openai.com", "pypi.org"],
denyOut: [ALL_TRAFFIC],
},
audit: { enabled: true },
});
const sbx = await Sandbox.create({
template: "python",
timeout: 300,
security: policy,
});
try {
const result = await sbx.commands.run("python3 -c 'print(2 + 2)'");
console.log(result.stdout); // 4
} finally {
await sbx.kill();
}
policy := declaw.SecurityPolicy{
PII: &declaw.PIIConfig{
Enabled: true,
Types: []declaw.PIIType{declaw.PIISSN, declaw.PIICreditCard, declaw.PIIEmail, declaw.PIIPhone},
Action: declaw.RedactionActionRedact,
},
InjectionDefense: &declaw.InjectionDefenseConfig{
Enabled: true,
Action: declaw.InjectionActionBlock,
},
Network: &declaw.NetworkPolicy{
AllowOut: []string{"api.openai.com", "pypi.org"},
DenyOut: []string{"0.0.0.0/0"},
},
Audit: &declaw.AuditConfig{Enabled: true},
}
sbx, err := declaw.Create(ctx,
declaw.WithTemplate("python"),
declaw.WithTimeout(300),
declaw.WithSecurity(policy),
)
if err != nil {
log.Fatal(err)
}
defer sbx.Kill(ctx)
result, err := sbx.Commands.Run(ctx, "python3 -c 'print(2 + 2)'")
if err != nil {
log.Fatal(err)
}
fmt.Println(result.Stdout) // 4
Next steps
You have created a sandbox, run commands and filesystem operations, and applied a security policy. Where to go next:
- Concepts — understand the architecture: sandbox VMs, envd, the security proxy, and how they fit together.
- Installation — detailed SDK setup,
ConnectionConfig, and all configuration options.
- Security overview — the full
SecurityPolicy object and all available security controls.
- Cookbook — 49 working examples covering LLM integrations, framework adapters, PII rehydration, agent-in-sandbox patterns, and security demos.