Secure Exec — Secure Node.js execution without a sandbox

A lightweight library for secure Node.js execution.
No containers, no VMs — just npm-compatible sandboxing out of the box.
Powered by the same tech as Cloudflare Workers.

Give your AI agent secure code execution

Expose secure-exec as a tool with the Vercel AI SDK. Your agent can execute arbitrary code without risking your infrastructure.

Why Secure Exec

Give your AI agent the ability to write and run code safely.

No infrastructure required

No Docker daemon, no hypervisor, no orchestrator. Runs anywhere Node.js, Bun, or an HTML5 browser runs. Deploy to Lambda, a VPS, or a static site — your existing deployment works.

Node.js & npm compatibility

fs, child_process, http, dns, process, os — bridged to real host capabilities, not stubbed. Run Express, Hono, Next.js, and any npm package.

Compatibility matrix →

Built for AI agents

Give your AI agent the ability to write and run code safely. Works with the Vercel AI SDK, LangChain, and any tool-use framework.

Deny-by-default permissions

Filesystem, network, child processes, and env vars are all blocked unless explicitly allowed. Permissions are composable functions — grant read but not write, allow fetch but block spawn.

Configurable resource limits

CPU time budgets and memory caps. Runaway code is terminated deterministically with exit code 124 — no OOM crashes, no infinite loops, no host exhaustion.

Powered by V8 isolates

The same isolation primitive behind Cloudflare Workers for Platforms and every browser tab. Battle-tested at scale by the infrastructure you already trust.