Code Sandbox

On this page

PlaygroundOrchestration code nodeAgent code executionSecurity modelRate limitsAvailable globalsActivation history

The code sandbox lets you run JavaScript in a secure, isolated environment without deploying a function. Use it for prototyping, data transformation, pre-deploy testing, and AI agent computation.

Three ways to use the sandbox:

  1. Playground -- run code from the Console before deploying
  2. Orchestration code node -- inline transforms inside workflows
  3. Agent tool -- the Fold Agent writes and executes code to answer questions

Playground

The playground is available on the function detail page under the Sandbox tab.

Console

  1. Navigate to any function in the sidebar, or go to Functions.
  2. Select a function and click the Playground tab.
  3. Switch to Sandbox mode.
  4. Write JavaScript in the editor. Use the input variable to read your JSON input. Assign your output to result.
  5. Enter optional input JSON in the field below.
  6. Click Run.

The result (or error) appears below with execution duration.

API

curl -X POST https://api.fold.run/playground/execute \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "code": "const { values } = input;\nresult = values.reduce((a, b) => a + b, 0) / values.length;",
    "input": { "values": [4, 8, 15, 16, 23, 42] }
  }'

Response:

{
  "output": 18,
  "duration_ms": 3,
  "error": null
}

Options

Field Type Default Description
code string required JavaScript source code. Assign output to result.
input object {} Data available as the input variable.
bindings array [] Optional bindings to expose: "kv", "ai".
egress string "blocked" Network access: "blocked" (no network) or "gateway" (audited proxy).
timeout_ms number 5000 Max execution time (100--30,000 ms).

Orchestration code node

The code node type runs inline JavaScript as a step in an orchestration. Use it for data transformation, filtering, or computation between tool and agent nodes.

Adding a code node

In the visual builder, drag the Code node from the palette onto the canvas. Configure:

  • Code -- JavaScript source. Use input to read mapped data, assign output to result.
  • Input mapping -- map fields from prior nodes or the trigger (same syntax as other nodes).
  • Timeout -- max execution time (100--10,000 ms, default 5,000).
  • Network access -- blocked (default) or gateway (audited).

Example

A workflow that classifies an email, then uses a code node to route it:

[Trigger] -> [Agent: classify] -> [Code: route] -> [Condition] -> [Output]

Code node configuration:

const { category, urgency } = input;
result = {
  priority: urgency > 0.8 ? 'high' : urgency > 0.5 ? 'medium' : 'low',
  queue: category === 'billing' ? 'finance-team' : 'support-team',
};

API

{
  "id": "code_1",
  "type": "code",
  "label": "Route",
  "config": {
    "type": "code",
    "code": "const { category, urgency } = input;\nresult = { priority: urgency > 0.8 ? 'high' : 'medium', queue: category };",
    "input_mapping": { "category": "$nodes.agent_1.output.category", "urgency": "$nodes.agent_1.output.urgency" },
    "timeout_ms": 5000,
    "egress": "blocked"
  },
  "position": { "x": 250, "y": 200 }
}

Agent code execution

The Fold Agent has a built-in execute_code tool. When the agent determines that a question is best answered with computation, it writes and runs JavaScript automatically.

You do not need to configure this -- the tool is available by default when the sandbox feature is enabled. The agent uses it for:

  • Mathematical calculations and statistics
  • Data transformation and formatting
  • String manipulation and parsing
  • JSON processing

Example conversation

You: What's the standard deviation of [4, 8, 15, 16, 23, 42]?

Agent: calls execute_code

const nums = input.data;
const mean = nums.reduce((a, b) => a + b) / nums.length;
const variance = nums.reduce((a, b) => a + (b - mean) ** 2, 0) / nums.length;
result = { mean, stddev: Math.sqrt(variance) };

The standard deviation is approximately 12.74 (mean: 18).

Security model

All sandbox code runs in a V8 isolate -- the same sandboxing technology used by all deployed functions. Each execution:

  • Runs in its own isolated environment with no access to other users' data
  • Has no network access by default (egress: "blocked")
  • Has a configurable timeout (default 5 seconds, max 30 seconds)
  • Cannot access platform bindings unless explicitly granted via bindings
  • Is recorded as an activation for audit and usage tracking

Rate limits

Sandbox executions are rate-limited per organization per minute:

Plan Executions / minute
Free Not available
Pro 60
Scale 300

Available globals

Code runs in a standard JavaScript environment with access to:

JSON, Math, Date, crypto, TextEncoder, TextDecoder, URL, URLSearchParams, atob, btoa, Array, Object, Map, Set, Promise, RegExp, parseInt, parseFloat, isNaN, isFinite.

Activation history

Sandbox executions are recorded as activations with function_id set to playground. To view sandbox history:

  1. Navigate to Activations in the sidebar.
  2. Set the Source filter to Sandbox.

Each activation records the code that was executed, the duration, and the result status.

PreviousTroubleshooting