Dedicated kernel per run
Each sandbox runs inside a Firecracker microVM — not a container. Own kernel, filesystem, memory, and network stack. No cross-tenant leakage.
Execute untrusted code in isolated microVMs
Each client.execute() call runs inside a Firecracker microVM with its own kernel and filesystem. State persists across calls within a session, then tears down automatically. Egress is deny-by-default.
<200ms
P95 cold start
<10ms
Warm reuse
1–8 vCPU
Per VM
code execution
$instavm execute --code "import sys; print(sys.version)"
↳provisioning firecracker vm (2 vcpu, 512mb)
↳vm ready in 147ms | kernel isolated
↳3.11.7 (main, Dec 8 2024)
$instavm execute --code "pip install pandas && python analysis.py"
↳session reuse: 4ms | packages persist from previous call
↳{"status":"ok","records":1240,"risk_score":0.07}
$instavm session close
↳vm terminated | filesystem destroyed
$
Capabilities
Session state persistence
Variables, files, and installed packages persist across execute() calls within a session. New session starts clean.
Deny-by-default egress
Outbound traffic is blocked unless explicitly allowed. Whitelist specific domains, CIDR ranges, or enable package managers per session or VM.
Stdout, stderr, and file capture
Every execute() returns stdout, stderr, and execution_time. Use upload_file() and download_file() to move artifacts in and out of the VM.
SDK reference
code-execution.py
pythonExecute + result
1from instavm import InstaVM23client = InstaVM(api_key="sk_instavm_...")45# State persists across calls in the same session6client.execute("pip install pandas numpy")7result = client.execute("import pandas; print(pandas.__version__)")89print(result["stdout"]) # "2.1.4"10print(result["execution_time"]) # 0.0431112client.close_session()
How it works
Three API calls from code to output
Create a client
InstaVM(api_key=...) provisions a Firecracker VM and returns a session. Specify cpu_count, memory_mb, and env if needed.
Call execute()
Pass any string of Python or Bash. Returns stdout, stderr, and execution_time. Packages installed here persist for subsequent calls.
Close or let it expire
client.close_session() tears down immediately. Or set timeout (vm_lifetime_seconds) and the VM auto-terminates.
Get started with InstaVM
Free tier available. No credit card required. VMs provision in under 200ms.