unsandbox: A Universal Execution Membrane

From laboratory prototype to production infrastructure. What began as experiments in a void has become unsandbox.com — a universal execution membrane now serving machine learning agents & developers alike.

Languages Working

1-4K

Requests/Second

12K

Max Concurrent

50:50

CPU User:System

NOW SHIPPING: unsandbox.com is live. Remote code execution, persistent services, & sandboxed environments for machine learning agents.

→ Read development blog

Production Features

Remote Sessions — Interactive shells & REPLs in cloud
Persistent Services — Deploy web apps with automatic HTTPS
Deep Unfreeze — Services that sleep for decades, wake instantly
Web Console — Manage sessions, services, & snapshots
File Teleportation — Securely send data into sandboxes
Network Modes — Zero-trust or semi-trusted isolation
Static Site Hosting — Any static site generator, hosted
ML Agent Support — Run Claude Code, Goose, & Gemini CLI sandboxed

INCEPTION (February 2026): Oracle spawns oracle spawns oracle. Portable bootstrap — one script, two modes (genesis & shadow). Credentials via env vars. Caddy serves every layer. Same Makefile works at every depth. 9/9 functional tests pass.

Live proof: shadow-oracle.on.unsandbox.com — shadow operates identically to parent. Can spawn its own shadows.

POSTMORTEM (February 2026): An agent killed itself. A hexagonal oracle, running inside unsandbox, destroyed its own container. Sandbox contained destruction. Lessons documented.

→ Full postmortem in this repo

Architecture Evolution

PIVOT (November 2025): Firecracker vsock doesn't work. A permacomputer adapts. New substrate: LXD/LXC containers backed by Debian & Ubuntu.

→ Full architecture evolution documented in dream.html

Evolution Through Adversity

Fall 2025: Alpine Linux prototype, 35 languages load tested
Late 2025: Ubuntu 24.04 prototype, 42 languages, glibc proven
November 2025: Pivot to LXD/LXC, 42+ languages, ephemeral containers
February 2026: Production launch at unsandbox.com

From void laboratory to production infrastructure. Substrate changed. Vision manifested.

A Paradigm Shift

This isn't just another code executor. It's a fundamental internet primitive that mirrors & extends seed projects:

Semi-trusted mode: Code can reach out to an internet, pull dependencies, call APIs
Zero-trust mode: Complete isolation, no escape, pure computation

Think about what this means:

GitLab Runner → But it can execute untrusted code safely

Ethereum Smart Contracts → But in any language, not just Solidity

AWS Lambda → But you control infrastructure

Docker → But with real hardware isolation, not shared kernels

A Universal Adapter Pattern

With this execution membrane, you can:

Link into any system — Accept code from anywhere, execute it safely, return results
Circumvent limitations — Systems that only support certain languages? Route through unsandbox
Create infinite spirals — Chain executions, spawn new VMs, create computational fractals

Performance Results (32 vCPUs, 300GB RAM)

Performance across different load levels

Complete performance analysis: baseline, production, & extreme load testing

Baseline Performance (10 concurrent, 100% success)

Language	Throughput	Avg Response	Category
bash	1,023.84 req/s	0.009s	Interpreted
perl	827.87 req/s	0.011s	Interpreted
jimtcl	590.76 req/s	0.016s	Interpreted
awk	547.83 req/s	0.016s	Interpreted
tcl	544.17 req/s	0.017s	Interpreted
php	399.14 req/s	0.024s	Interpreted
commonlisp	305.13 req/s	0.032s	Interpreted
python	250.27 req/s	0.038s	Interpreted
scheme	250.46 req/s	0.039s	Interpreted
c	129.70 req/s	0.073s	Compiled

How key languages scale from 10x to 100x concurrency

Extreme Load Champions (12,000 concurrent)

AWK: 1,206 req/s sustained

Perl: 1,178 req/s sustained

Bash: 1,121 req/s sustained

PHP: 945 req/s sustained

Python: 565 req/s sustained

Scheme: 674 req/s sustained

A Laboratory Discovery

What emerged from months in a void laboratory:

Binary compilation in isolated environments
Network control at packet level
Resource limits enforced by hardware
Auto-detection of programming intent
1-4k requests/second sustained load per language
CPU-bound with 50:50 user:system split
42+ languages proven across multiple substrates
Ephemeral containers — spawn, execute, auto-destroy
Pre-emptive pool spawning — 1000 warm containers = zero latency

What This Really Is

Infrastructure for execution.

unsandbox enables new types of systems to exist. An execution layer that was missing. A universal translator between intention & computation.

Already happening:

Machine learning agents running sandboxed, writing & executing code safely
Web apps deployed with automatic HTTPS, sleeping for decades, waking instantly
Code playgrounds supporting 42+ languages from a single API
Remote development environments that persist across sessions
Computation markets where trust isn't required

Try It

unsandbox is live. Start building.

unsandbox.com — Main site
Development blog — Deep dives & tutorials
Run ML agents sandboxed — Claude Code, Goose, Gemini CLI

What will you build when any code can execute anywhere, safely?