We rolled out our own that does pretty much the same thing but perhaps more because our solution can also mount persistent storage that can be carried between multiple runners. It does take 1-5 seconds to boot the environment (firecracker vms). If this sandbox is faster I will instruct the team to consider for fast starup.
This is also very similar to Vercel's sandbox thing. The same technology?
What I don't like about this approach is the github repo bootstrap setup. Is it more convenient compared to docker images pushed to some registry? Perhaps. But docker benefits from having all the artefacts prebuilt in advance, which in our case is quite a bit.
These CF website relaunches are just that right? Workers last week (https://workers.cloudflare.com) and now this one yesterday. I mean, if CF has something newsworthy here they should do a blog post announcing it because otherwise it's just a refreshed website. It's hard to tell if there's anything new here.
Looks like there's one feature missing from this that I care about: I'd like more finely grained control over what outbound internet connections code running on the box can make.
As far as I can tell it's all or nothing right now:
I want to run untrusted code (from users or LLMs) in these containers, and I'd like to avoid someone malicious using my container to launch attacks against other sites from them.
As such, I'd like to be able to allow-list just specific network points. Maybe I'm OK with the container talking to an API I provide but not to the world at wide. Or perhaps I'm OK with it fetching data from npm and PyPI but I don't want it to be able to access anything else (a common pattern these days, e.g. Claude's Code Interpreter does this.)
Cloudflare Containers (and therefore Sandbox) pricing is way too expensive. The pricing is a bit cumbersome to understand by being inconsistent with pricing of other Cloudflare products in terms of units and split between memory, cpu and disk instead of combined per instance. The worst is that it is given in these tiny fractions per second.
Memory: $0.0000025 per additional GiB-second
vCPU: $0.000020 per additional vCPU-second
Disk: $0.00000007 per additional GB-second
The smaller instance types have super low processing power by getting a fraction of a vCPU. But if you calculate the monthly cost then it comes to:
Memory: $6.48 per GB
vCPU: $51.84 per vCPU (!!!)
Disk: $0.18 per GB
These prices are more expensive than the already expensive prices of the big cloud providers. For example a t2d-standard-2 on GCP with 2 vCPUs and 8GB with 16GB storage would cost $63.28 per month while the standard-3 instance on CF would cost a whopping $51.84 + $103.68 + $2.90 = $158.42, about 2.5x the price.
Cloudflare Containers also don't have peristent storage and are by design intended to shut down if not used but I could then also go for a spot vm on GCP which would bring the price down to $9.27 which is less than 6% of the CF container cost and I get persistent storage plus a ton of other features on top.
Cloudflares docs are written so hard for web dev. Can you host a monolith app that isn't serving http traffic on cloudflare tech like containers? Like can you spawn a container and have it handle tcp or udp connections until you manually shut it down? The container docs say they auto shutdown after not receiving requests...
The pricing with such offerings is the biggest throwoff. This one comes out to be more than $58/month for just 1vCpu and 1GiB RAM when used continuously.
Compare this with instances from Hetzner or Contabo or the likes. They are 35+ times cheaper.
This means my total usage across entire month on cloudflare sandbox cannot cross even one single day of non-stop usage, just to break-even with hetzner/contabo/others.
My one annoyance with cloudflare. Everything is JavaScript. Every example, all the things. But I guess that's catering to their audience. Over the past year you could definitely seem them shift their services more inline with other cloud providers because that's the inevitable requirement to penetrate enterprise and a broader audience. But part of that should require opening up to a bigger audience from a language perspective too e.g backend languages. One time I'd like to see a Go example first or even a tabbed example. Just my opinion.
I’ll never use metered Cloudflare services. Just reckless to expose myself to the hazard of mega bills for small mistakes or DoS attacks. I wish more companies allowed prepayment for plans like Bunny.net does.
Looking at pricing for this and especially for E2B.
I've decided to work on a lightweight alternative to Cloudflare’s Sandbox because I ran into the same pain points with current solutions:
- limited parallelization
- expensive
My focus is:
- simple SDK primitives for code execution, file ops, and git checkout—no boilerplate stacks
- transparent pricing (per-second compute with monthly caps, no surprise egress)
- price sandboxes for 50-60% less then competitors
Neat feature to make use of Containers. I'm thinking of wrapping my video renderer in Containers and use sandbox to spawn the rendering job, but I'm not sure about the limitation of CF containers, such as how much vCPUs I have, how many capability I can get from containers (like SYS_NICE), how many RAM I have and how many jobs I can run at the same time, is there any built-in queue like Runpod (which I am using) to ratelimit the job, etc. I will give this a try.
24 comments
[ 5.1 ms ] story [ 36.4 ms ] threadWe rolled out our own that does pretty much the same thing but perhaps more because our solution can also mount persistent storage that can be carried between multiple runners. It does take 1-5 seconds to boot the environment (firecracker vms). If this sandbox is faster I will instruct the team to consider for fast starup.
This is also very similar to Vercel's sandbox thing. The same technology?
What I don't like about this approach is the github repo bootstrap setup. Is it more convenient compared to docker images pushed to some registry? Perhaps. But docker benefits from having all the artefacts prebuilt in advance, which in our case is quite a bit.
It's the same SDK stuff from earlier this year right? https://developers.cloudflare.com/changelog/2025-06-24-annou...
As far as I can tell it's all or nothing right now:
I want to run untrusted code (from users or LLMs) in these containers, and I'd like to avoid someone malicious using my container to launch attacks against other sites from them.As such, I'd like to be able to allow-list just specific network points. Maybe I'm OK with the container talking to an API I provide but not to the world at wide. Or perhaps I'm OK with it fetching data from npm and PyPI but I don't want it to be able to access anything else (a common pattern these days, e.g. Claude's Code Interpreter does this.)
Memory: $0.0000025 per additional GiB-second vCPU: $0.000020 per additional vCPU-second Disk: $0.00000007 per additional GB-second
The smaller instance types have super low processing power by getting a fraction of a vCPU. But if you calculate the monthly cost then it comes to:
Memory: $6.48 per GB vCPU: $51.84 per vCPU (!!!) Disk: $0.18 per GB
These prices are more expensive than the already expensive prices of the big cloud providers. For example a t2d-standard-2 on GCP with 2 vCPUs and 8GB with 16GB storage would cost $63.28 per month while the standard-3 instance on CF would cost a whopping $51.84 + $103.68 + $2.90 = $158.42, about 2.5x the price.
Cloudflare Containers also don't have peristent storage and are by design intended to shut down if not used but I could then also go for a spot vm on GCP which would bring the price down to $9.27 which is less than 6% of the CF container cost and I get persistent storage plus a ton of other features on top.
What am I missing?
The docs claim they persist the filesystem even when they move the container to an idle state but its unclear exactly what that means - https://github.com/cloudflare/sandbox-sdk/issues/102
Instead of having to code this up using typescript, is there an MCP server or API endpoint I can use?
Basically, I want to connect an MCP server to an agent, tell it it can run typescript code in order to solve a problem or verify something.
Compare this with instances from Hetzner or Contabo or the likes. They are 35+ times cheaper.
This means my total usage across entire month on cloudflare sandbox cannot cross even one single day of non-stop usage, just to break-even with hetzner/contabo/others.
It was a core differentiator to never* have to worry about egress with them.
*: unless it's so large that it borders on abuse or require a larger plan
My focus is: - simple SDK primitives for code execution, file ops, and git checkout—no boilerplate stacks - transparent pricing (per-second compute with monthly caps, no surprise egress) - price sandboxes for 50-60% less then competitors
Would love to get your feedback in https://usesandbox.dev/ Just finalized main pieces today