Rustbox#
Cloud runtime for executing untrusted code. Built for AI agents, coding platforms, and secure tool execution.
curl -s -X POST "https://api.rustbox.orkait.com/api/submit?wait=true" \
-H "Content-Type: application/json" \
-H "X-API-Key: rb_live_your_key_here" \
-d '{"language": "python", "code": "print(42)"}' | jq{
"id": "f2c6c5f7-1203-46e5-8a4f-a619c12bfeb0",
"language": "python",
"job_status": "completed",
"schema_version": "1.0",
"verdict": "AC",
"exit_code": 0,
"signal": null,
"stdout": "42\n",
"stderr": "",
"output_integrity": "complete",
"error_message": null,
"cpu_time_secs": 0.009142,
"wall_time_secs": 0.01,
"memory_peak_bytes": 3862528,
"evidence": {
"verdict_cause": "normal_exit",
"verdict_actor": "runtime",
"isolation_mode": "strict",
"controls_applied": ["pid_namespace", "mount_namespace", "network_namespace", "memory_limit", "process_limit", "no_new_privileges"],
"controls_missing": [],
"cgroup": {
"cpu_usage_usec": 9142,
"memory_limit_bytes": 268435456,
"memory_peak_bytes": 3862528,
"oom_events": 0,
"oom_kill_events": 0,
"process_count": 0,
"process_limit": 10
},
"timing": {
"cpu_ms": 9,
"wall_ms": 10,
"cpu_wall_ratio": 0.9,
"divergence": "cpu_bound"
},
"process_lifecycle": {
"reap_status": "clean",
"descendant_containment": "ok",
"zombie_count": 0
},
"judge_actions": [],
"collection_errors": []
},
"created_at": "2026-04-03T08:05:23.540110054+00:00",
"started_at": "2026-04-03T08:05:23.540218508+00:00",
"completed_at": "2026-04-03T08:05:23.570195915+00:00"
}Replace
rb_live_your_key_herewith your actual API key. Request access to get one.
36ms median latency. 8 languages. Kernel-enforced isolation. Evidence-backed verdicts.
Why Rustbox#
| Rustbox | Typical alternatives | |
|---|---|---|
| Latency | 36ms cold start | 500ms+ |
| Throughput | 148 executions/s | ~30/s |
| Isolation | 8 kernel layers, compile-time enforced | Container defaults |
| Syscall filter | 51-rule seccomp deny-list | 300-rule generic defaults |
| Verdicts | Kernel evidence (OOM events, cgroup stats) | Exit code guessing |
| Integration | Single API call | Multiple services to orchestrate |
Two profiles#
Judge - competitive programming, coding assessments. 256 MB memory, per-language time limits, no network access. Tight limits, fast verdicts.
Agent - LLM tool-calls, code interpreters, short-lived Python REPLs. 1 GB memory, 30 second wall time, filtered network.
Judge profile is live in the open beta. Agent profile is on the waitlist - . Read more about profiles.
8 layers of isolation#
Every execution runs in a fresh sandbox with 8 independent security layers. Escape requires defeating all eight simultaneously.
| # | Layer | Stops |
|---|---|---|
| 1 | PID + IPC + UTS namespaces | Seeing host processes, IPC channels |
| 2 | Mount namespace + chroot | Accessing host filesystem |
| 3 | Network namespace | Sockets, DNS, cloud metadata |
| 4 | Cgroups v2 | Memory bombs, fork bombs, CPU abuse |
| 5 | Seccomp-BPF (51 rules) | ptrace, mount, bpf, io_uring, kexec |
| 6 | All capability sets zeroed | Privilege escalation |
| 7 | Credential drop to unprivileged UID | Running as root |
| 8 | NO_NEW_PRIVS | Regaining privileges via setuid |
147 adversarial tests across all 8 languages. Fork bombs, memory bombs, chroot escapes, seccomp bypasses, privilege escalation attempts. 0 escapes across 22 attack vectors x 8 languages. Security details.
8 languages#
Python, C, C++, Java, JavaScript, TypeScript, Go, Rust. Full language reference.
Open beta - Request access to get your API key and start integrating today.
Quickstart - Get from API key to working integration in 5 minutes.
API Reference - Full endpoint documentation.
Security - The 8-layer isolation model in detail.