Skip to main content
Every task runs in its own isolated sandbox. Sandboxes are ephemeral: spun up for the task, destroyed when it’s done. No code or state persists after execution.

Sandbox types

Small (default)

Container-based. Fast startup, scalable, no infrastructure to manage.
  • Workloads run as non-root
  • Docker daemon is not exposed inside the sandbox
  • Each task gets its own isolated network namespace
  • Standard container hardening best practices
Best for most tasks: code analysis, fixes, features, reviews.

Large (Full VM)

Dedicated Linux VM per task. No two tasks share the same VM.
  • 4 vCPU / 8 GB RAM (adjustable)
  • 100 GB disk
  • Full nested virtualization (Docker-in-Docker)
  • Stronger isolation boundary
Best for tasks that need Docker (integration tests, building images, multi-container setups) or when your security posture requires VM-level isolation. If your org requires that untrusted code only runs with a VM boundary, we can enforce a VM-only posture. Contact support@tembo.io.

Pre-installed tools

Both sandbox types come with:
CategoryTools
JavaScriptNode.js 22, Bun, pnpm, Yarn
PythonPython 3.12, pipx
GoGo 1.24
RustRustup 1.28
RubyRuby 3.3, Bundler, RuboCop
JavaJDK 21, Gradle, Maven
ElixirElixir 1.18, Erlang 28, Hex, Rebar3
.NET.NET SDK 9
ContainersDocker 28, Docker Compose 2.31 (Large VM only)
OtherGit, curl, ShellCheck, httpie

Nix support

If your repo has a flake.nix with devShells.x86_64-linux.default, Tembo automatically detects it and runs commands inside your Nix dev shell.

Dev Containers

Tembo can run tasks inside a Dev Container (.devcontainer/devcontainer.json). Requires the Large VM sandbox. Same format as VS Code Dev Containers and GitHub Codespaces.