E2B: run model-written code in a sandbox, not on your box
Execute AI-generated code in an isolated E2B cloud sandbox with the API key read from the environment, so untrusted code never touches your laptop or prod.
Run this workflow
CI-verified, 2/2 fixtures passing.
Build this with your agent
One copy-paste hands Claude Code, Codex, or Cursor the full recipe, steps included, nothing to fetch.
Intended Use
Anyone whose agent runs code it (or a model) wrote. CI compiles the sandbox script (python3 py_compile, no e2b install needed) and asserts it opens a Sandbox, runs code through it, and reads the API key from the environment rather than hardcoding it. No keys, no network, no execution. The sandbox run is fenced.
Not for
- Hardcoding the API key, read it from the environment so it never lands in source or git
- Assuming it is free at scale, it is cloud infra with free-tier limits; self-hosting the sandbox stack is non-trivial
The Stack
Tested Against
github.com/e2b-dev/code-interpreter (2026-06)python@3.12 (py_compile, stdlib)Side effects & data flow
- Network
- none, local only
- Writes
- ./sandbox.py
- Credentials
- none required
Prerequisites
- pip install e2b-code-interpreter + an E2B API key (only to actually run a sandbox)
Steps
- 1
Write the sandbox script and structure-check it
Write sandbox.py: open an E2B Sandbox with the key from os.environ, run code through it, read the logs. CI compiles it and checks the calls + that the key comes from the environment. Actually running it needs the package and a key, so that step is fenced.
cat > sandbox.py <<'PY' import os from e2b_code_interpreter import Sandbox with Sandbox(api_key=os.environ["E2B_API_KEY"]) as sandbox: execution = sandbox.run_code("print(sum(range(10)))") print(execution.logs) PY python3 - <<'CHECK' import py_compile, sys src = open("sandbox.py").read() try: py_compile.compile("sandbox.py", doraise=True) except py_compile.PyCompileError: print("BAD: sandbox.py does not compile"); sys.exit(1) def need(tok, msg): if tok not in src: print("BAD: " + msg); sys.exit(1) need("Sandbox", "no E2B Sandbox") need("run_code", "the script never runs code in the sandbox") if "os.environ" not in src: print("BAD: API key is not read from the environment"); sys.exit(1) print("config OK: E2B script compiles, runs code in a Sandbox, with the API key read from the environment") CHECK - 2
Run a sandbox (the network/execution step, not checked by CI)
pip install e2b-code-interpreter, set E2B_API_KEY, and run sandbox.py. The code executes in an isolated cloud microVM and streams logs back. The execution is fenced.
Eval, 2 fixtures
Last passed: verified todaysandbox-okcontainstimeout 30s · max $0Expected:
config OK: E2B script compiles, runs code in a Sandbox, with the API key read from the environmentclean-exitexit_codetimeout 30s · max $0Expected:
0
Results
The natural partner to a code-agent: the agent decides what to run, E2B runs it somewhere that is not your machine. A clean SDK drops sandboxed execution in a few lines. Containing untrusted code is a job you do not want to hand-roll.
Did this work for you?
Our CI checks the setup runs. You tell us if the whole thing worked. Tell us straight.
Related workflows
- promptfoo: make agent evals fail the build, not the user
- DSPy: program the pipeline, compile the prompts (stop hand-tuning)
- Write an agent loop in code with smolagents (sandboxed)
- Hermes /learn: author a reusable skill from a source, not by hand
- Text your own AI assistant on WhatsApp: Hermes wired to FreeLLMAPI
- FreeLLMAPI: one socket, sixteen free model tiers with auto-fallback
Liked this workflow?
Get new verified workflows in WebAfterAI, three issues a week (Tue, Thu, Sat).