architecture
Architecture
Three-Layer Architecture
-
@cloudflare/sandbox(packages/sandbox/) — Public SDK published to npmSandboxclass: Durable Object that manages the container lifecycle- Modular HTTP clients per capability (
CommandClient,FileClient,ProcessClient, …) CodeInterpreter: high-level API for Python/JS with structured outputsproxyToSandbox(): request handler for preview URL routing
-
@repo/shared(packages/shared/) — Internal shared utilities- Type definitions used by both SDK and container runtime
- Centralized error classes (
packages/shared/src/errors/) and logging - Not published to npm
-
@repo/sandbox-container(packages/sandbox-container/) — Container runtime- Bun-based HTTP server running inside the Docker container
- Dependency-injection container in
core/container.ts - Route handlers for command execution, file operations, process management
More from cloudflare/sandbox-sdk
git-commit
Use when creating git commits to ensure commit messages follow project standards. Applies the 7 rules for great commit messages with focus on conciseness and imperative mood.
41testing
Use when writing or running tests for this project. Covers unit vs E2E test decisions, test file locations, mock patterns, and project-specific testing conventions. (project)
36session-execution
Use when working on or reviewing session execution, command handling, shell state, FIFO-based streaming, or stdout/stderr separation. Relevant for session.ts, command handlers, exec/execStream, or anything involving shell process management. (project)
33logging
Use when adding logs, debugging, or working with the Logger across the SDK and container runtime. Covers the constructor-injection pattern, child loggers, env-var configuration, and test mocking. (project)
1examples
Use when working in the examples/ directory, running an example with wrangler dev, adding a new example, or answering questions about EXPOSE directives and the local Docker dev loop. (project)
1sandbox-bridge
Use when you need to exercise a real, running Sandbox deployment via HTTP — for example to validate SDK changes against a live container, reproduce a user-reported issue, or experiment with the API (including FUSE bucket mounts) without spinning up `wrangler dev`. Documents the Sandbox bridge worker reachable via `SANDBOX_WORKER_URL` + `SANDBOX_API_KEY` when the host injects them.
1