Cloudflare Sandboxes and Containers are now generally available, providing AI agents with persistent, isolated compute environments. Key new features include secure credential injection via a programmable egress proxy, PTY support for real terminal sessions over WebSocket, persistent code interpreter contexts (Python/JS/TS) that maintain state across calls like a Jupyter notebook, background processes with live preview URLs, filesystem watching via inotify, and snapshots for fast session restoration stored in R2. Pricing has shifted to active CPU usage only, eliminating charges for idle time. Capacity has also increased significantly, supporting up to 15,000 concurrent lite instances. Figma uses the platform for Figma Make to run untrusted agent code at scale.
Table of contents
Sandboxes 101Secure credential injectionA real terminal, not a simulationA code interpreter that remembersStart a server. Get a URL. Ship it.Watch the file system and reach immediatelyWaking up quickly with snapshotsHigher limits and Active CPU PricingThis is what a computer looks likeSort: