Boxer

Strong Isolation

Every execution runs inside gVisor's user-space kernel, which intercepts all syscalls before they reach the host. Even a fully compromised container cannot escape to the host OS.

Simple HTTP API

Send a POST request with an image, command, and optional files. Get back stdout, stderr, exit code, and wall time. No daemon to manage, no sidecar containers.

Any Container Image

Pull any OCI image — Python, Node.js, Rust, Go, Perl — and run commands inside it. Images are cached locally and shared read-only across executions for fast startup.

Quick Start

REST API
Python SDK
TypeScript SDK

curl -s http://localhost:8080/run \
  -H 'Content-Type: application/json' \
  -d '{
    "image": "python:3.12-slim",
    "cmd": ["python3", "-c", "print(42)"]
  }'

from boxer import BoxerClient

with BoxerClient("http://localhost:8080") as c:
    result = c.run(
        image="python:3.12-slim",
        cmd=["python3", "-c", "print(42)"],
    )
    print(result.stdout)  # 42

import { BoxerClient } from "boxer-sdk";

const client = new BoxerClient({
  baseUrl: "http://localhost:8080",
});
const result = await client.run(
  "python:3.12-slim",
  ["python3", "-c", "print(42)"],
);
console.log(result.stdout); // 42

Read the Docs