Public beta · free to start

EU-native managed sandboxes for AI agents.

Give your AI agent its own machine to run code, work with files, and save its progress. Spin one up with a single API call. Each runs on isolated hardware, entirely in the EU.

Start free How it works

Free to start, no credit card. Spin up your first sandbox in seconds.

agent.py

sbx = Sandbox.create(template="python-3.12")

sandbox ready in 148 ms

$ python model_output.py

> mean: 18.0 median: 15.5

exit 0 · 121 ms

sandbox terminated · rootfs dropped

POST api.orkestr.eu/v1/sandboxes

beta

Public beta. Python and JS SDKs available now: pip install orkestr.

What's actually different.

E2B, Daytona, Modal, Cloudflare Sandboxes already exist. Three things make this one worth your time.

EU compute, EU operator

Your code runs on our own hardware in Germany and Finland, operated from inside the EU. No US company sits in the data path, and you get the same GDPR agreement as the rest of orkestr.

Dedicated VM per sandbox

Every sandbox is a separate virtual machine with its own operating system. If code breaks out of one, it still cannot reach the host or any other customer. Starts in about 150 ms, or under 30 ms from a warm pool.

Per-second pricing, no minimums

Pay for the CPU and memory you use, by the second. No charge per request, no monthly platform fee. Snapshot storage is on the same bill.

What people run inside.

Run code you do not fully trust somewhere safe and disposable. Pick a workload to see how teams use it.

build

Developers and AI teams

contain

Security and platform teams

buildCoding agents that run what they write

An agent writes code; the only way to know it works is to run it. Give it a clean, disposable box instead of a laptop or shared infrastructure.

How a sandbox call gets to EU hardware.

Click any stage to see what it does. The shape of the call is identical to E2B and Modal, so swapping in the orkestr SDK is one import line.

sandbox

Boots in roughly 150 ms cold, under 30 ms from a warm pool. Hardware-virtualised isolation: each sandbox gets its own kernel and rootfs, dropped on terminate. No shared container runtime, no syscall surface across tenants.

Drop-in for the agent stack you already use.

Speaks the same primitives as the existing managed sandbox providers. If your agent can call a tool, it can call this.

MCP servers

Any client speaking Model Context Protocol

Claude Code

Drop-in tool for the CLI agent

Cursor / Windsurf

Custom tool definitions

Claude Managed Agents

Use as a Managed Agents sandbox provider

OpenAI / Mistral agents

Function-call shape supported

LangChain / LlamaIndex

Tool wrappers shipped in SDK

How this fits next to what already exists.

We are not trying to replace the US providers. We are the one to pick when "where the code physically runs" is on the table.

What you'll ask about	orkestr Sandboxes	Cloudflare / Daytona / Modal / Vercel
EU data residency, no US parent	EU bare-metal, EU operator	Cloudflare, Modal, Vercel: US-headquartered; Daytona: US/EU mixed
Sandbox isolation	Dedicated VM per sandbox	Container or v8 isolate, sometimes VM
Snapshot + resume	Native, included on all plans	Available on some, paid tier on others
GDPR DPA on request	Yes, same DPA as orkestr platform	Varies; cross-border transfer clauses common
Pricing model	Per-second CPU + RAM, no minimums	Per-second or per-invocation, varies

Comparison reflects public docs at the time of writing and may change. We will keep this table honest as the others ship.

Start building for free.

Sandboxes are self-serve and free to start - no waitlist, no credit card. Create your first one from the console, or straight from the SDK in a couple of lines.

Start free Read the quickstart

Free tier included on every plan. Upgrade only when you need more compute.

Common questions

What is a sandbox here, exactly?

A dedicated, hardware-isolated VM with its own kernel and rootfs. You create one, run commands or upload files, optionally snapshot it, then terminate. Default lifetime is a few minutes; agents that need persistent state use the pause / resume primitive. Each sandbox is hardware-isolated, not just process- or namespace-isolated.

Why dedicated VMs instead of containers?

Containers share the host kernel. That is fine for trusted workloads, less fine when an LLM is generating shell commands you have not seen yet. We give each sandbox its own kernel via hardware virtualisation, so a kernel-level escape from one sandbox does not reach another tenant. The cold-start cost is roughly 100-200 ms instead of single-digit ms, which is acceptable when an agent step itself is seconds.

Where does the code run?

EU only. Falkenstein (Germany) and Helsinki (Finland), on bare-metal dedicated machines we operate. No edge POPs in non-EU regions. The orkestr legal entity is in the EU, so there is no US-Cloud-Act exposure on snapshots, env vars, or runtime data.

What about networking, egress, secrets?

Three modes per sandbox: off (no outbound, default), restricted (allowlist for package registries and common APIs), open (full egress, paid tier with verified billing). Secrets are passed at create time as env vars and live only in the VM memory. Snapshots include memory by design, so for hard secrets prefer fetching them at exec time from your own KMS.

How does this compare to E2B, Daytona, Modal, Cloudflare Sandboxes?

Same shape of API and same primitives. The differences: we are EU-operated end to end, with no US parent. We give every sandbox its own dedicated VM rather than picking between containers, isolates, and VMs per template. And we are priced for steady, small workloads (per-second metering, no per-invocation premium) rather than burst at scale.

How do I get started, and what does it cost?

Sandboxes are in public beta and free to start - no waitlist. Sign up, enroll in the sandbox beta from the console in one click, and create your first sandbox from the dashboard or the SDK. Every plan includes a free tier of sandbox usage; you only pay if you outgrow it. Published rates land once we have metered real workloads.

Is this affiliated with Anthropic?

No. orkestr is an independent EU company. Claude, Claude Code, and Claude Managed Agents are trademarks of Anthropic, PBC. We mention them as compatible clients, not as a partnership.

Ready to put your agent inside an EU sandbox?

It's free to start. Create your first sandbox in seconds.

Start free