Execute Code
Baponi is a sandboxed code execution platform for AI agents. The Execute Code endpoint runs Python, Node.js, or Bash in a multi-layer isolated sandbox and returns stdout, stderr, and an exit code. Sandbox overhead is typically 12-18ms. One required parameter (code), one HTTP call, structured JSON response.
Endpoint
Section titled “Endpoint”POST https://api.baponi.ai/v1/sandbox/executeAuthentication: Bearer token with an API key (sk-us-...).
Content-Type: application/json
curl -X POST https://api.baponi.ai/v1/sandbox/execute \ -H "Authorization: Bearer sk-us-YOUR_API_KEY" \ -H "Content-Type: application/json" \ -d '{"code": "print(\"Hello from Baponi!\")", "language": "python"}'Delivery modes
Section titled “Delivery modes”The execute endpoint supports three delivery modes, selected via request headers. The request body is identical for all modes (with an optional webhook_url field for webhook mode).
| Mode | Header | Response | Plan requirement |
|---|---|---|---|
| Inline (default) | Accept: application/json | Buffered JSON response after execution completes | All plans |
| Streaming | Accept: application/x-ndjson | Real-time NDJSON stream of output as it is produced | Pro or Enterprise |
| Webhook | Prefer: respond-async | 202 Accepted with trace_id, result POSTed to webhook URL | Pro or Enterprise |
Inline mode is the default. The connection stays open until execution finishes, then returns the full result as a single JSON object. This is the simplest integration path and works for executions that complete in seconds.
Streaming mode delivers stdout and stderr line-by-line as the code runs. Use it for long-running executions where you need real-time output, progress updates, or partial results before completion. See Streaming execution (NDJSON) below.
Webhook mode returns 202 Accepted immediately with a trace_id. The execution runs in the background and the result is POSTed to your webhook URL on completion. Use it for long-running executions, CI pipelines, or unreliable clients that can’t hold a connection open. See Webhook delivery below.
Request body parameters
Section titled “Request body parameters”| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
code | string | Yes | - | Code to execute. 1 byte to 1 MB. |
language | string | No | "python" | "python", "node", or "bash" |
timeout | integer | No | 60 | Max execution time in seconds. Range: 1-60 (Free), 1-3600 (Pro/Enterprise). |
thread_id | string | No | null | Persist /home/baponi directory across calls. Max 128 chars, alphanumeric + hyphens/underscores. Must start with an alphanumeric character. |
metadata | object | No | null | Key-value pairs for audit logging. Max 10 keys, key max 40 chars, value max 256 chars. Not sent to the sandbox. |
webhook_url | string | No | null | Per-request webhook URL override for webhook delivery mode. HTTPS only. If omitted, uses the webhook URL configured on the API key. |
env_vars | object | No | null | Environment variables injected into the sandbox for this execution. Keys must be uppercase letters, digits, and underscores (starting with a letter). See environment variables for merge behavior and limits. |
sub_paths | string[] | No | null | Narrow storage mounts to specific subdirectories. Each entry is /data/{slug}/{path}. Must respect connection-level and API key-level path constraints. Max 10 entries, 512 chars each. REST API only - deliberately excluded from MCP to prevent LLM-driven path manipulation. See storage path scoping. |
The execution environment (runtime image, CPU, RAM, network policy, storage mounts, injected credentials) is configured in the admin console and bound to your API key. You cannot override sandbox settings per-request. This is by design: the API key is the security boundary, and all configuration is centralized.
Response body
Section titled “Response body”A successful request returns 200 OK with the execution result:
{ "success": true, "stdout": "Hello from Baponi!\n", "stderr": "", "exit_code": 0, "error": null}Response fields
Section titled “Response fields”| Field | Type | Description |
|---|---|---|
success | boolean | true if exit_code is 0. |
stdout | string | Standard output from the executed code. |
stderr | string | Standard error from the executed code. |
exit_code | integer | Process exit code. 0 means success, non-zero means the code exited with an error. |
error | string or null | Error message if execution failed at the platform level (not a code error). null on success. |
Streaming execution (NDJSON)
Section titled “Streaming execution (NDJSON)”To stream output in real time, set the Accept header to application/x-ndjson. The request body is the same as inline mode. The response is a chunked NDJSON stream where each line is a self-contained JSON object with a type field.
curl -N -X POST https://api.baponi.ai/v1/sandbox/execute \ -H "Authorization: Bearer $BAPONI_API_KEY" \ -H "Content-Type: application/json" \ -H "Accept: application/x-ndjson" \ -d '{"code": "import time\nfor i in range(3):\n print(f\"step {i}\")\n time.sleep(1)", "timeout": 60}'NDJSON event types
Section titled “NDJSON event types”Every event includes a monotonic seq number for ordering and reconnection.
type | Fields | Description |
|---|---|---|
status | trace_id, status, seq | Execution has started. Emitted once at the beginning of the stream. |
output | stream, data, seq | A line of output from the sandbox. stream is "stdout" or "stderr". |
keepalive | seq | Empty heartbeat sent every 15 seconds to prevent proxy and load balancer connection timeouts. |
result | trace_id, status, result, output_truncated, seq | Execution completed (or was cancelled). status is "success", "failed", "timeout", or "cancelled". result contains the same fields as the inline JSON response. Always the last event. |
Example stream
Section titled “Example stream”{"type":"status","trace_id":"trc_a1b2c3d4","status":"running","seq":1}{"type":"output","stream":"stdout","data":"step 0\n","seq":2}{"type":"output","stream":"stdout","data":"step 1\n","seq":3}{"type":"output","stream":"stdout","data":"step 2\n","seq":4}{"type":"result","trace_id":"trc_a1b2c3d4","status":"success","result":{"success":true,"stdout":"step 0\nstep 1\nstep 2\n","stderr":"","exit_code":0,"error":null},"output_truncated":false,"seq":5}Streaming behavior
Section titled “Streaming behavior”- Line-buffered output. Output events are emitted on each newline (
\n) from the sandbox process. Partial lines without a trailing newline are buffered until the next newline or until execution completes. - 15-second keepalive interval. The gateway emits a
keepaliveevent every 15 seconds on idle streams to prevent proxies (nginx, Cloudflare, AWS ALB) from closing the connection. output_truncatedflag. If the stream produced more than 10,000 output chunks, older chunks may be evicted from the reconnection buffer. Theresultevent setsoutput_truncated: trueto indicate this. The finalresult.stdoutandresult.stderrfields always contain the complete buffered output regardless.- Client disconnect. If the client disconnects mid-stream, the execution continues to completion. Use the execution status endpoint to retrieve the final result and the output reconnection endpoint to retrieve missed output chunks.
- Cancellation. A running streaming execution can be cancelled via
POST /v1/executions/{trace_id}/cancel. The process is killed immediately and the stream emits a finalresultevent withstatus: "cancelled"anderror: "Cancelled by user". See Cancel a running execution.
Streaming examples
Section titled “Streaming examples”# Stream output in real time (-N disables curl output buffering)curl -N -X POST https://api.baponi.ai/v1/sandbox/execute \ -H "Authorization: Bearer $BAPONI_API_KEY" \ -H "Content-Type: application/json" \ -H "Accept: application/x-ndjson" \ -d '{ "code": "for i in range(5):\n import time; time.sleep(1)\n print(f\"Processing batch {i}...\")", "timeout": 60 }'import baponifrom baponi import Baponi
client = Baponi()
with client.execute_stream( "for i in range(5):\n import time; time.sleep(1)\n print(f'Processing batch {i}...')", timeout=60,) as stream: for event in stream: if isinstance(event, baponi.OutputEvent): print(f"[{event.stream}] {event.data}", end="") result = stream.get_final_result() print(f"\nDone: exit_code={result.exit_code}")import requestsimport json
response = requests.post( "https://api.baponi.ai/v1/sandbox/execute", headers={ "Authorization": "Bearer sk-us-YOUR_API_KEY", "Content-Type": "application/json", "Accept": "application/x-ndjson", }, json={ "code": "for i in range(5):\n import time; time.sleep(1)\n print(f'Processing batch {i}...')", "timeout": 60, }, stream=True,)
for line in response.iter_lines(): if line: event = json.loads(line) if event["type"] == "output": print(f"[{event['stream']}] {event['data']}", end="") elif event["type"] == "result": print(f"\nDone: exit_code={event['result']['exit_code']}")Webhook delivery
Section titled “Webhook delivery”Send Prefer: respond-async to execute code asynchronously and receive the result via webhook.
curl -X POST https://api.baponi.ai/v1/sandbox/execute \ -H "Authorization: Bearer sk-us-YOUR_API_KEY" \ -H "Content-Type: application/json" \ -H "Prefer: respond-async" \ -d '{"code": "import time; time.sleep(60); print(\"done\")", "language": "python", "timeout": 120}'The response is 202 Accepted with a trace_id:
{ "trace_id": "trc_a1b2c3d4", "status": "running"}When the execution completes, Baponi POSTs the result to the webhook URL configured on your API key (or the per-request webhook_url if provided):
{ "event": "execution.completed", "trace_id": "trc_a1b2c3d4", "timestamp": "2026-03-16T12:00:00Z", "result": { "success": true, "stdout": "done\n", "stderr": "", "exit_code": 0, "duration_ms": 60142, "error": null }, "output_truncated": false}If the execution is cancelled, the event is execution.cancelled.
Webhook signing
Section titled “Webhook signing”If a webhook secret is configured on the API key, the delivery includes an X-Baponi-Signature header with an HMAC-SHA256 signature: sha256=<hex>. Verify it server-side to authenticate the request.
Webhook retry
Section titled “Webhook retry”Delivery is attempted up to 3 times with backoff (1s, 10s, 60s). If all attempts fail, webhook_delivery_status is set to "failed". Poll GET /v1/executions/{trace_id} to retrieve the result.
Webhook URL configuration
Section titled “Webhook URL configuration”Configure a default webhook URL on each API key via the admin console or API. Per-request webhook_url in the body overrides the key default. Both must be HTTPS. SSRF protection validates the URL before accepting the request.
Error responses
Section titled “Error responses”Error responses use a structured JSON format with a machine-readable error code and a human-readable message:
{ "error": "validation_error", "message": "code must be between 1 byte and 1 MB"}HTTP status codes
Section titled “HTTP status codes”| Status | Error Code | When |
|---|---|---|
400 | validation_error | Invalid code length, unrecognized language, malformed thread_id, or metadata exceeds limits. |
401 | unauthorized | Missing, invalid, or revoked API key. |
409 | conflict | Another execution is already using this thread_id. Only one execution per thread at a time. |
429 | rate_limited | Concurrent execution limit exceeded for your plan, requested timeout exceeds your plan’s maximum, or streaming requested on Free tier. |
503 | service_unavailable | No executor pod is available to handle the request. Retry with backoff. |
504 | gateway_timeout | Execution exceeded the specified timeout. The process was killed. |
Rate-limited responses include an actionable message:
{ "error": "rate_limited", "message": "concurrent execution limit reached (5/5). Upgrade to Pro for 100 concurrent executions."}See the API Overview for the full error reference.
Examples
Section titled “Examples”Run Python, Node.js, or Bash
Section titled “Run Python, Node.js, or Bash”# Python (default language)curl -X POST https://api.baponi.ai/v1/sandbox/execute \ -H "Authorization: Bearer $BAPONI_API_KEY" \ -H "Content-Type: application/json" \ -d '{"code": "import sys; print(f\"Python {sys.version}\")"}'
# Node.jscurl -X POST https://api.baponi.ai/v1/sandbox/execute \ -H "Authorization: Bearer $BAPONI_API_KEY" \ -H "Content-Type: application/json" \ -d '{"code": "console.log(`Node.js ${process.version}`)", "language": "node"}'
# Bashcurl -X POST https://api.baponi.ai/v1/sandbox/execute \ -H "Authorization: Bearer $BAPONI_API_KEY" \ -H "Content-Type: application/json" \ -d '{"code": "echo \"Bash $BASH_VERSION\" && uname -a", "language": "bash"}'from baponi import Baponi
client = Baponi(api_key="sk-us-YOUR_API_KEY") # or set BAPONI_API_KEY env var
# Python (default)result = client.execute("import sys; print(f'Python {sys.version}')")print(result.stdout)
# Node.jsresult = client.execute("console.log(`Node.js ${process.version}`)", language="node")print(result.stdout)
# Bashresult = client.execute("echo \"Bash $BASH_VERSION\" && uname -a", language="bash")print(result.stdout)Persist state across calls with thread_id
Section titled “Persist state across calls with thread_id”Without thread_id, every execution is fully ephemeral, nothing persists. With thread_id, the /home/baponi directory is saved to cloud storage after execution and restored on the next call with the same thread_id. Installed packages, created files, and environment modifications in the home directory all carry over.
# Call 1: Install a package and create a filecurl -X POST https://api.baponi.ai/v1/sandbox/execute \ -H "Authorization: Bearer $BAPONI_API_KEY" \ -H "Content-Type: application/json" \ -d '{ "code": "pip install --user pandas && echo done", "language": "bash", "thread_id": "analysis-session-1" }'
# Call 2: pandas is already installed, pick up where you left offcurl -X POST https://api.baponi.ai/v1/sandbox/execute \ -H "Authorization: Bearer $BAPONI_API_KEY" \ -H "Content-Type: application/json" \ -d '{ "code": "import pandas as pd; print(pd.__version__)", "language": "python", "thread_id": "analysis-session-1" }'from baponi import Baponi
client = Baponi()
# Call 1: Install pandasresult = client.execute( "pip install --user pandas && echo done", language="bash", thread_id="analysis-session-1",)print(result.stdout) # done
# Call 2: pandas is already installedresult = client.execute( "import pandas as pd; print(pd.__version__)", thread_id="analysis-session-1",)print(result.stdout) # 2.2.3Between calls, nothing is running and there is no idle billing. Baponi saves only the diff to cloud storage and restores it on the next call. You can resume a thread minutes or days later.
Attach metadata for audit logging
Section titled “Attach metadata for audit logging”Metadata is attached to the execution record for debugging and audit queries. It is NOT sent to the sandbox. Your code cannot read metadata values.
curl -X POST https://api.baponi.ai/v1/sandbox/execute \ -H "Authorization: Bearer $BAPONI_API_KEY" \ -H "Content-Type: application/json" \ -d '{ "code": "print(\"processing order\")", "metadata": { "user_id": "usr_abc123", "request_id": "req_xyz789", "agent": "order-processor-v2" } }'from baponi import Baponi
client = Baponi()
result = client.execute( "print('processing order')", metadata={ "user_id": "usr_abc123", "request_id": "req_xyz789", "agent": "order-processor-v2", },)Query execution history with metadata filters in the admin console.
Set a custom timeout
Section titled “Set a custom timeout”The default timeout is 60 seconds. Free tier maximum is 60 seconds. Pro tier maximum is 3600 seconds (1 hour). Enterprise is configurable. When the timeout is reached, the process is killed immediately.
# Long-running data processing (Pro tier required for >60s)curl -X POST https://api.baponi.ai/v1/sandbox/execute \ -H "Authorization: Bearer $BAPONI_API_KEY" \ -H "Content-Type: application/json" \ -d '{ "code": "import time; time.sleep(120); print(\"done\")", "timeout": 180 }'from baponi import Baponi
client = Baponi()
result = client.execute( "import time; time.sleep(120); print('done')", timeout=180,)print(result.stdout) # doneIf the timeout is exceeded, the response has exit_code: -1 and error describes the timeout:
{ "success": false, "stdout": "", "stderr": "", "exit_code": -1, "error": "execution timed out after 30s"}Handle errors in your code
Section titled “Handle errors in your code”# Code that raises an exceptioncurl -X POST https://api.baponi.ai/v1/sandbox/execute \ -H "Authorization: Bearer $BAPONI_API_KEY" \ -H "Content-Type: application/json" \ -d '{"code": "raise ValueError(\"something went wrong\")"}'Response:
{ "success": false, "stdout": "", "stderr": "Traceback (most recent call last):\n File \"/home/baponi/main.py\", line 1, in <module>\n raise ValueError(\"something went wrong\")\nValueError: something went wrong\n", "exit_code": 1, "error": null}from baponi import Baponi
client = Baponi()
result = client.execute("raise ValueError('something went wrong')")
if not result.success: print(f"Code failed with exit code {result.exit_code}") print(f"stderr: {result.stderr}")else: print(result.stdout)Pass environment variables
Section titled “Pass environment variables”Environment variables are injected into the sandbox and accessible to your code via standard APIs (os.environ in Python, process.env in Node.js, $VAR in Bash). Use them to pass configuration, API keys, or feature flags without embedding them in code. Per-request env_vars are merged with variables set on the sandbox and API key in the admin console, with request values taking highest precedence. See environment variables for the full merge model.
curl -X POST https://api.baponi.ai/v1/sandbox/execute \ -H "Authorization: Bearer $BAPONI_API_KEY" \ -H "Content-Type: application/json" \ -d '{ "code": "import os; print(f\"Target: {os.environ[\"TARGET_URL\"]}\")", "env_vars": { "TARGET_URL": "https://api.example.com", "LOG_LEVEL": "debug" } }'from baponi import Baponi
client = Baponi()
result = client.execute( "import os; print(f'Target: {os.environ[\"TARGET_URL\"]}')", env_vars={ "TARGET_URL": "https://api.example.com", "LOG_LEVEL": "debug", },)print(result.stdout) # Target: https://api.example.comSee environment variables for the full merge model and validation rules.
Narrow storage mounts with sub_paths
Section titled “Narrow storage mounts with sub_paths”When your API key has storage connections (BYOB buckets or managed volumes), the sandbox mounts them at /data/{slug}/. By default, the mount exposes everything the connection and API key allow. Pass sub_paths to narrow a mount to a specific subdirectory for this execution only.
# Only mount the Q1 reports subdirectory from the "company-data" bucketcurl -X POST https://api.baponi.ai/v1/sandbox/execute \ -H "Authorization: Bearer $BAPONI_API_KEY" \ -H "Content-Type: application/json" \ -d '{ "code": "import os; print(os.listdir(\"/data/company-data/\"))", "sub_paths": ["/data/company-data/reports/q1-2026"] }'from baponi import Baponi
client = Baponi()
result = client.execute( "import os; print(os.listdir('/data/company-data/'))", sub_paths=["/data/company-data/reports/q1-2026"],)print(result.stdout) # Only files under reports/q1-2026/The sandbox sees /data/company-data/ as the mount point, but only the reports/q1-2026 subtree is accessible. The agent cannot see or access anything outside that path.
See storage path scoping for the full three-level constraint model and validation rules.
Full request with all parameters
Section titled “Full request with all parameters”curl -X POST https://api.baponi.ai/v1/sandbox/execute \ -H "Authorization: Bearer $BAPONI_API_KEY" \ -H "Content-Type: application/json" \ -d '{ "code": "import os, pandas as pd\ndf = pd.read_csv(\"/data/company-data/customers.csv\")\nprint(df.describe().to_json())", "language": "python", "timeout": 60, "thread_id": "data-analysis-session", "metadata": { "user_id": "usr_abc123", "workflow": "csv-analysis", "step": "describe" }, "env_vars": { "OUTPUT_FORMAT": "json", "LOG_LEVEL": "info" }, "sub_paths": ["/data/company-data/customers"] }'from baponi import Baponi
client = Baponi()
result = client.execute( code='import os, pandas as pd\ndf = pd.read_csv("/data/company-data/customers.csv")\nprint(df.describe().to_json())', language="python", timeout=60, thread_id="data-analysis-session", metadata={ "user_id": "usr_abc123", "workflow": "csv-analysis", "step": "describe", }, env_vars={ "OUTPUT_FORMAT": "json", "LOG_LEVEL": "info", }, sub_paths=["/data/company-data/customers"],)
if result.success: print(result.stdout)else: print(f"Failed: {result.stderr}")Behavior reference
Section titled “Behavior reference”Supported languages and default runtimes
Section titled “Supported languages and default runtimes”language value | Runtime | Version |
|---|---|---|
"python" (default) | Python | 3.14 |
"node" | Node.js | 25 |
"bash" | GNU Bash | Latest |
These are the default runtime images. You can import any OCI-compatible image through the admin console and Baponi auto-discovers available interpreters. Custom images support any language or toolchain.
thread_id: stateful execution across calls
Section titled “thread_id: stateful execution across calls”- Without
thread_id: Fully ephemeral. Nothing persists after the call returns. - With
thread_id: The/home/baponidirectory is saved to cloud storage after execution and restored on the next call with the samethread_id. - One execution per thread at a time. Concurrent requests to the same
thread_idreturn409 Conflict. Use differentthread_idvalues for parallel work. - What persists: Installed packages (pip, npm), created files, environment modifications, anything written to
/home/baponi. - What does not persist:
/tmpis always ephemeral. System-level changes outside/home/baponiare discarded. - Format: Max 128 characters. Alphanumeric characters, hyphens (
-), and underscores (_) only. Must start with an alphanumeric character.
Network access
Section titled “Network access”Network policy is determined by the sandbox configuration bound to your API key (configured in the admin console):
| Policy | Behavior |
|---|---|
blocked (default) | No outbound network access. DNS, HTTP, and all other protocols are blocked. |
unrestricted | Full internet access. Outbound bytes are metered internally for billing. |
You cannot change the network policy per-request. To switch between blocked and unrestricted, create separate API keys bound to different sandboxes.
Timeout limits by plan tier
Section titled “Timeout limits by plan tier”| Plan | Default | Maximum |
|---|---|---|
| Free | 60s | 60s |
| Pro ($97/mo) | 60s | 3600s (1 hour) |
| Enterprise | 60s | Configurable |
Requesting a timeout above your plan’s maximum returns 429 with an upgrade message. It is not silently capped.
Metadata constraints
Section titled “Metadata constraints”| Constraint | Limit |
|---|---|
| Max keys | 10 |
| Key length | 1-40 characters |
| Value length | Max 256 characters |
Metadata is stored on the execution record and queryable in the admin console. It is never sent to the sandbox. Your executed code cannot read metadata values.
Environment variables
Section titled “Environment variables”Environment variables can be set at three levels. When the same key appears at multiple levels, the most specific scope wins:
- Sandbox (lowest precedence) - configured in the admin console, applied to every execution using that sandbox.
- API key - configured in the admin console on each API key, applied to every execution using that key.
- Request (highest precedence) - passed in the
env_varsfield of the request body, applied to that execution only.
All three sources are merged at execution time. If the same key exists at multiple levels, the request value overrides the API key value, which overrides the sandbox value.
Validation rules
Section titled “Validation rules”| Constraint | Limit |
|---|---|
| Max variables (combined after merge) | 50 |
| Key format | Uppercase letters, digits, underscores. Must start with a letter. |
| Key length | 1-128 characters |
| Value length | Max 4,096 characters |
| Total size (all keys + values combined) | 64 KB |
| Reserved names | System names (e.g., PATH, HOME) and platform prefixes are blocked. |
Keys and values are validated at each level independently. After the 3-way merge, the combined set is checked against the 50-variable and 64 KB limits. Requests that exceed post-merge limits return 400 validation_error.
Storage path scoping
Section titled “Storage path scoping”Storage mounts support three levels of path constraints: connection prefix, API key prefix, and per-request sub_paths. Each level can only narrow the scope, never widen it. Constraints are enforced server-side with segment-aware prefix matching and path traversal rejection.
| Constraint | Limit |
|---|---|
Max sub_paths entries per request | 10 |
| Entry format | /data/{slug}/{path} where {slug} matches a mounted storage connection |
| Entry length | Max 512 characters |
| Duplicate slugs | One entry per connection per request |
sub_paths is deliberately excluded from MCP to prevent prompt injection attacks from manipulating path selection. MCP executions use connection and API key prefixes set by an admin in the console.
For the full constraint model, worked examples, common patterns, and security properties, see the Storage Path Scoping guide.
Plan limits that affect this endpoint
Section titled “Plan limits that affect this endpoint”| Limit | Free | Pro | Enterprise |
|---|---|---|---|
| Max CPU per sandbox | 1 core | 4 cores | Unlimited |
| Max RAM per sandbox | 1 GiB | 4 GiB | Unlimited |
| Concurrent executions | 5 | 100 | Unlimited |
| Max timeout | 60s | 3600s (1 hour) | Unlimited |
| Streaming / async delivery | No | Yes | Yes |
See Pricing for credit costs. One credit = 60 seconds of execution at 1 CPU + 1 GiB RAM. Credits scale proportionally with time and resources.