Vercel Sandbox: Running PHP, Node and Go Code Safely?
5 min read

Vercel Sandbox: Running PHP, Node and Go Code Safely?

952 words
Categories:
DevOps
Tags:
#vercel #sandbox #ai #agents #security #node #php #go

Vercel has announced the general availability of Vercel Sandbox, an execution layer designed specifically for AI agents. But beyond the AI agent hype, there’s an interesting question: can it be useful for running code safely in different languages like PHP, Node, or Go?

What is Vercel Sandbox?

Vercel Sandbox provides on-demand Linux microVMs. Each sandbox is isolated, with its own filesystem, network, and process space. You get sudo access, package managers, and the ability to run the same commands you’d run on a Linux machine.

The key here is complete isolation. Each sandbox is a Firecracker microVM (the same technology AWS Lambda uses) that spins up in fractions of a second, executes code, and disappears when the task is done.

import { Sandbox } from '@vercel/sandbox';

const sandbox = await Sandbox.create();

await sandbox.runCommand({
  cmd: 'node',
  args: ["-e", 'console.log("Hello from Vercel Sandbox!")'],
  stdout: process.stdout,
});

await sandbox.stop();

The Problem It Solves

AI agents work differently than humans. They need:

  • Environments that start in seconds
  • Complete isolation for untrusted code
  • Ephemeral environments that exist only as long as needed
  • Snapshots to instantly restore complex environments
  • Active CPU pricing for cost and performance efficiency

Vercel processes over 2.7 million deployments per day. Each spins up an isolated microVM, runs user code, and disappears, often in seconds. Sandbox brings that same infrastructure to agents.

Can It Be Used for PHP?

The short answer is yes. Since Sandbox is a complete Linux microVM with sudo, you can install PHP:

# Install PHP in the sandbox
apt-get update && apt-get install -y php php-cli

# Run PHP code
php -r "echo 'Hello from PHP!';"

However, there’s an important limitation: Sandbox is not persistent. Every time you create a new sandbox, you start from scratch. You’d have to install PHP each time.

The solution is snapshots: once you have an environment configured with PHP, you can save it as a snapshot and restore it instantly in future runs.

What About Node.js?

Node.js is the most natural use case, as it’s the runtime Vercel uses by default. Node is likely already preinstalled in Sandbox’s base images:

await sandbox.runCommand({
  cmd: 'node',
  args: ['--version'],
  stdout: process.stdout,
});

await sandbox.runCommand({
  cmd: 'npm',
  args: ['install'],
  stdout: process.stdout,
});

For Node, Sandbox is especially useful because you can:

  • Clone a repository
  • Install dependencies with npm/yarn/pnpm
  • Run tests
  • Execute scripts
  • Cleanup and disappear

And Go Binaries?

This is where it gets interesting. Go compiles to static binaries, making it perfect for this environment:

# Install Go
apt-get install -y golang-go

# Or copy a previously compiled binary
./my-go-program

The advantage of Go is that you don’t need to install runtime dependencies. The binary is self-contained. You can compile on your machine and copy the binary to the sandbox, or compile inside the sandbox if needed.

Practical Use Cases

Beyond AI agents, I see several interesting use cases:

1. Untrusted Code Execution

If you need to execute user-submitted code (like in an online code editor), Sandbox offers perfect isolation. The user can run whatever they want, but they’re confined to their microVM.

2. Clean Environment Testing

For integration tests that need a clean environment every time, Sandbox is ideal. There’s no “leakage” between runs.

3. Parallel Processing

You can create multiple sandboxes in parallel to process independent tasks. Each is isolated, no resource contention.

4. Maintenance Scripts

Need to run a maintenance script that requires sudo? Sandbox gives you root access without compromising your main infrastructure.

Limitations to Consider

Ephemeral by Design

Sandboxes are designed to be ephemeral. If you need persistence, you’ll have to:

  • Use mounted volumes (if available)
  • Save state to external storage (S3, database, etc.)
  • Use snapshots to save/restore state

Cold Start

While cold start is fast (sub-second), it’s not instant. For latency-critical tasks, it might not be enough.

Cost

Pricing is by active CPU. If you have tasks that run for a long time, it might not be economical compared to traditional VMs.

Network

Sandboxes have their own isolated network. If you need access to specific resources, you’ll need to configure networking accordingly.

Compared to Alternatives

vs Docker

Docker also gives you isolation, but Sandbox is lighter (Firecracker vs containers) and optimized for fast startup. For ephemeral work, Sandbox wins.

vs AWS Lambda

Lambda is serverless, but it’s limited to specific runtimes and has more restrictions. Sandbox gives you full root access to Linux.

vs Traditional VMs

Traditional VMs are more persistent but take minutes to boot. Sandbox boots in seconds.

Is It Worth It?

It depends on your use case:

Yes, if:

  • You need to run untrusted code safely
  • Your tasks are ephemeral and last seconds/minutes
  • You need complete isolation
  • You benefit from parallelism
  • You don’t want to manage infrastructure

No, if:

  • You need state persistence
  • Your tasks run for long periods
  • Cold start is a problem
  • Active CPU pricing is prohibitive

My Personal Opinion

Vercel Sandbox is interesting, but I think the current hype comes from the AI agent world. For the average developer, it’s probably not the solution unless you have a very specific use case.

That said, the technology behind it (Firecracker microVMs) is solid, and Vercel has proven they can scale it to millions of daily deployments. If it fits your use case, it can be a very powerful tool.

For running PHP, Node, or Go specifically, I would first look at simpler alternatives:

  • PHP: Docker containers or Lambdas with PHP runtime
  • Node: Serverless functions (Vercel/AWS Lambda) or Docker
  • Go: Compiled binaries deployed as containers or Lambda custom runtimes

Sandbox shines when you need the combination of isolation + ephemeral + complete Linux. If you don’t need all three, there’s probably a simpler solution.

Original article: Vercel Sandbox is Now Generally Available Documentation: Vercel Sandbox Docs SDK: @vercel/sandbox

Comments

Latest Posts

9 min

1747 words

If you’re using tools like Claude Code, GitHub Copilot Workspace, or similar, you’ve probably noticed there’s technical jargon that goes beyond simply “chatting with AI”. I’m talking about terms like rules, commands, skills, MCP, and hooks.

These concepts are the architecture that makes AI agents truly useful for software development. They’re not just fancy marketing words — each one serves a specific function in how the agent works.

Let’s break them down one by one in a clear way.

3 min

609 words

Recently, Addy Osmani published an article that gave me much to think about: “Self-Improving Coding Agents”. The idea is simple but powerful: agents that not only execute tasks, but improve their own performance over time.

This isn’t science fiction. It’s happening now, in 2026. And it has profound implications for the future of software development and, by extension, for all professions.

What is a Self-Improving Agent?

A self-improving agent is an AI system with the capacity to:

2 min

349 words

A few days ago I came across an article that literally left me with my mouth open. It’s about TinyEMU-Go: a RISC-V emulator written entirely in Go, ported from C using Claude. And the best part: you can run a complete Linux with a single command.

The Command Line That Gave Me Envy

go run github.com/jtolio/tinyemu-go/temubox/example@2c8151233c2d

And boom, you have a complete Linux running. No special permissions, no containers, no weird dependencies. A pure static Go binary.

4 min

810 words

A few days ago I came across a very interesting stream where someone showed their setup for agentic programming using Claude Code. After years developing “the old-fashioned way,” I have to admit that I’ve found this revealing.

What is Agentic Programming?

For those not familiar with the term, agentic programming is basically letting an AI agent (in this case Claude) write code for you. But I’m not talking about asking it to generate a snippet, but giving it full access to your system so it can read, write, execute, and debug code autonomously.

5 min

949 words

Lately, there’s been talk of AI agents everywhere. Every company has their roadmap full of “agents that will revolutionize this and that,” but when you scratch a little, you realize few have actually managed to build something useful that works in production.

Recently I read a very interesting article by LangChain about how to build agents in a practical way, and it seems to me a very sensible approach I wanted to share with you. I’ve adapted it with my own reflections after having banged my head more than once trying to implement “intelligent” systems that weren’t really that intelligent.

6 min

1097 words

Two protocols, two philosophies

In recent months, two protocols have emerged that will change how we build AI systems: Agent2Agent Protocol (A2A) from Google and Model Context Protocol (MCP) from Anthropic. But here’s the thing: they don’t compete with each other.

In fact, after analyzing both for weeks, I’ve realized that understanding the difference between A2A and MCP is crucial for anyone building AI systems beyond simple chatbots.

The key lies in one question: Are you connecting an AI with tools, or are you coordinating multiple intelligences?