Sandbox

Run untrusted or expensive code in an isolated provider runtime without changing your application API.

@vitehub/sandbox gives Vite and Nitro apps one way to define isolated work, call it from your server code, and run it through Cloudflare or Vercel.

Use Sandbox when the code should not run inside the request handler that received the user request. The application keeps a small, typed call site. The provider handles the isolated runtime.

import { readRequestPayload, runSandbox } from '@vitehub/sandbox'

export default defineEventHandler(async (event) => {
  const payload = await readRequestPayload(event, { notes: '' })
  const result = await runSandbox('release-notes', payload)

  if (result.isErr()) {
    throw createError({ statusCode: 500, statusMessage: result.error.message })
  }

  return { result: result.value }
})

import { defineSandbox } from '@vitehub/sandbox'

export default defineSandbox(async (payload: { notes?: string } = {}) => {
  const items = (payload.notes || '')
    .split('\n')
    .map(note => note.replace(/^[-*]\s*/, '').trim())
    .filter(Boolean)

  return {
    summary: items[0] || '',
    items,
  }
})

{
  "result": {
    "summary": "Added weekly digest",
    "items": [
      "Added weekly digest",
      "Tightened signup copy"
    ]
  }
}

What Sandbox solves

Inline request code is the simplest option until the work needs isolation, provider-managed runtime resources, or a stable execution boundary.

Sandbox moves that work behind a named definition:

Isolated execution

Run the definition through a provider sandbox instead of directly in the route handler.

Portable call sites

Keep runSandbox() calls the same while provider setup stays in framework config.

Result objects

Handle provider and runtime failures with isOk() and isErr() instead of broad try blocks.

Discovered definitions

Let ViteHub find sandbox files and generate the runtime registry for the active framework.

One portable flow

The same shape works across providers:

Register the Vite plugin or Nitro module.
Choose cloudflare or vercel in sandbox.provider.
Define a named sandbox with defineSandbox().
Call it from server code with runSandbox(name, payload).
Check result.isOk() or result.isErr().

Provider-specific setup belongs in app config and deployment config. Sandbox definitions and runSandbox() calls should stay provider-neutral whenever possible.

Discovery model

Nitro discovers sandbox definitions from server/sandboxes/**.

The sandbox name comes from the path under server/sandboxes, without the file extension. server/sandboxes/release-notes.ts becomes release-notes.

Supported providers

Cloudflare

Use Cloudflare Sandbox with a Durable Object binding and generated sandbox entrypoint.

Vercel

Use Vercel Sandbox with project credentials and Vercel's sandbox runtime.

Start here

Start with Quickstart for the smallest complete setup. Use the primitive comparison when you are deciding between Sandbox, Queue, inline request code, and other ViteHub primitives.

Next steps

Quickstart

Define a release-notes sandbox and call it from a route.

Usage

Use typed payloads, context, result handling, and stable sandbox IDs.

Runtime API

Review exports, signatures, options, and result types.

Troubleshooting

Fix provider inference, missing bindings, credentials, and failed executions.