Summary

Sandstorm provides a secure, zero-infrastructure platform for running AI agents. It addresses the complexity and security concerns of deploying AI agents by offering isolated, ephemeral cloud sandboxes accessible via a single API call. This enables parallel execution of long-running tasks, tool use, and file manipulation, simplifying AI agent adoption for developers and businesses.

How It Works

Sandstorm integrates the Claude Agent SDK within isolated E2B cloud virtual machines. Each agent request provisions a fresh sandbox where it can install packages, access live data, generate files, and execute tools like Bash, WebSearch, and file operations. All agent activity streams back in real-time via Server-Sent Events (SSE). Upon completion, the sandbox is automatically destroyed, ensuring no state leakage or persistence.

Quick Start & Requirements

• Installation: pip install duvo-sandstorm
• Prerequisites: Python 3.11+, E2B API key, Anthropic API key or OpenRouter API key.
• Usage: Execute agents via the ds "your prompt" command.
• Configuration: API keys can be set via environment variables (ANTHROPIC_API_KEY, E2B_API_KEY) or passed per-request.

Highlighted Details

• Ephemeral Sandboxes: Each agent runs in a dedicated, isolated VM that is destroyed post-execution, guaranteeing security and zero state leakage.
• Full Agent Capabilities: Supports tool use including Bash, Read, Write, Edit, Glob, Grep, WebSearch, and WebFetch by default.
• Structured Output: Enables validated JSON output by defining schemas in sandstorm.json.
• Subagents & Skills: Allows delegation to specialized subagents and integration of reusable domain knowledge via Claude Code Skills.
• File Handling: Supports uploading local files (text-only via CLI) into the sandbox for agent processing.
• Model Agnosticism: Integrates with Anthropic (default) and supports over 300 models via OpenRouter, as well as other providers like Vertex AI, Bedrock, and Azure.
• Real-time Streaming: Provides step-by-step progress via SSE.

Maintenance & Community

The project is described as an open-source version of a runtime built and battle-tested in production at duvo.ai. No specific community links (Discord/Slack) or roadmap details are provided in the README.

Licensing & Compatibility

• License: MIT.
• Compatibility: The MIT license generally permits commercial use and integration into closed-source projects. However, the Anthropic API key is passed into the sandbox, and the agent runs with full sandbox access, necessitating careful management of API keys for untrusted callers.

Limitations & Caveats

• Vercel Deployment: Serverless function duration limits on Vercel (300s Pro, 10s Hobby) make it unsuitable for long-running agent tasks; Docker or dedicated servers are recommended.
• File Uploads: Only text files can be uploaded via the CLI; binary files require API-based transfer.
• Security Context: Agents run with full sandbox permissions, requiring careful handling of API keys for external or untrusted users.