Skip to main content

Lizard SDK — cloud sandboxes for AI agents

Project description

Lizard SDK

Firecracker microVM sandboxes for AI agents — boot a full Linux environment in milliseconds, run code, write files, and expose ports, all from your agent or CI pipeline.

Each sandbox is an isolated microVM with its own filesystem, network, and process namespace. Sandboxes can be snapshotted and resumed instantly, so long-running agent sessions survive restarts without re-running setup.

Install

# JavaScript / TypeScript
npm install @lizard-build/sdk

# Python
pip install lizard-sdk

Quickstart

JavaScript / TypeScript

import { Sandbox } from '@lizard-build/sdk'

// Boot a Node.js microVM from the 'node22' template
const sandbox = await Sandbox.create('node22')

// Write a file directly into the microVM filesystem
await sandbox.fs.write('/app/server.js', `
  const http = require('http')
  http.createServer((_, res) => res.end('hello from Lizard')).listen(3000)
`)

// Execute a process inside the microVM
await sandbox.process.exec('node /app/server.js &')

// Get a public HTTPS URL for port 3000 inside the sandbox
const url = sandbox.getHost(3000)
console.log(`Live at https://${url}`)

// Tear down the microVM when done
await sandbox.kill()

Python

from lizard import Sandbox

# Boot a Python microVM from the 'python312' template
sandbox = Sandbox.create("python312")

# Write a script into the microVM filesystem
sandbox.fs.write("/app/main.py", """
import http.server, socketserver

class Handler(http.server.SimpleHTTPRequestHandler):
    def do_GET(self):
        self.send_response(200)
        self.end_headers()
        self.wfile.write(b"hello from Lizard")

with socketserver.TCPServer(("", 3000), Handler) as httpd:
    httpd.serve_forever()
""")

# Execute a process inside the microVM
sandbox.process.exec_("python /app/main.py &")

print(f"Live at https://{sandbox.get_host(3000)}")

sandbox.kill()

Pause and Resume

Sandboxes can be snapshotted mid-execution and resumed exactly where they left off — including installed packages, in-memory state, and running processes. This makes Lizard sandboxes well-suited for long-running AI agent workflows where you want to checkpoint and continue across separate invocations.

// Boot and set up the environment once
const sandbox = await Sandbox.create('python312')
await sandbox.process.exec('pip install numpy pandas scikit-learn')
const id = sandbox.sandboxId
await sandbox.pause()

// Later — resume instantly from the snapshot (no reinstall needed)
const resumed = await Sandbox.connect(id)
const result = await resumed.process.exec('python -c "import sklearn; print(sklearn.__version__)"')
console.log(result.stdout)
await resumed.kill()
from lizard import Sandbox

sandbox = Sandbox.create("python312")
sandbox.process.exec_("pip install numpy pandas scikit-learn")
sandbox_id = sandbox.sandbox_id
sandbox.pause()

# Resume later — environment is exactly as left
resumed = Sandbox.connect(sandbox_id)
result = resumed.process.exec_("python -c 'import sklearn; print(sklearn.__version__)'")
print(result.stdout)
resumed.kill()

API

Sandbox.create(template?, opts?)

Boot a new Lizard microVM. Built-in templates: base, node22, python312. Custom templates can be pushed via lizard push.

const sandbox = await Sandbox.create('node22')
const sandbox = await Sandbox.create('python312', { timeoutMs: 10 * 60 * 1000 })

Sandbox.connect(sandboxId, opts?)

Connect to an existing sandbox by ID. If the sandbox is paused, it is automatically resumed from its last snapshot.

Sandbox.list(opts?)

List all running sandboxes for the authenticated account.


sandbox.fs

Read and write files inside the microVM filesystem.

Method Description
fs.write(path, data) Write a file (string or bytes)
fs.read(path) Read a file as a string
fs.list(path) List directory contents
fs.remove(path) Delete a file or directory
fs.makeDir(path) Create a directory and parents

sandbox.process

Execute commands inside the microVM.

Method Description
process.exec(cmd, opts?) Run a command and wait for it to finish

exec returns { stdout, stderr, exitCode } (JS) or ProcessResult (Python). In Python the method is named exec_ because exec is a reserved keyword.

sandbox.getHost(port)

Returns a public HTTPS URL for a port listening inside the microVM — no tunneling required.

await sandbox.process.exec('npx -y serve -p 3000 &')
const url = sandbox.getHost(3000)
// https://{sandboxId}-3000.sandbox.lizard.run

sandbox.pause() / sandbox.resume()

Snapshot and restore the microVM state. Useful for checkpointing long agent sessions.

sandbox.kill()

Terminate the sandbox and release all resources.

sandbox.setTimeout(ms)

Extend or reduce the sandbox timeout.


Environment Variables

Variable Description
LIZARD_API_KEY API key (required — get one at lizard.run)
LIZARD_API_URL Override the API base URL (default: https://api.lizard.run)

The X-API-Key header is used for all authenticated requests.

Deploy What You Build

Once your agent has produced a working app inside a sandbox, deploy it as a persistent Lizard service — no Dockerfile needed:

lizard up

Your sandbox template becomes the base, your code ships as a layer on top, and Lizard manages the Firecracker microVM fleet from there.

License

Apache-2.0

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

lizard_sdk-0.1.1.tar.gz (8.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

lizard_sdk-0.1.1-py3-none-any.whl (12.5 kB view details)

Uploaded Python 3

File details

Details for the file lizard_sdk-0.1.1.tar.gz.

File metadata

  • Download URL: lizard_sdk-0.1.1.tar.gz
  • Upload date:
  • Size: 8.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for lizard_sdk-0.1.1.tar.gz
Algorithm Hash digest
SHA256 646c3db5f4e94c2b74a87a8e8f0a78ba57ecc3970d6a9d72b9dedcf06e85e9fb
MD5 3779ef916c6db13d560f07a342e09056
BLAKE2b-256 7b3882e6a504316444c184cefefce953e4dde9978b0ab7cfa745b47ddf9f0e4b

See more details on using hashes here.

Provenance

The following attestation bundles were made for lizard_sdk-0.1.1.tar.gz:

Publisher: publish-pypi.yml on lizard-build/lizard-sdk

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file lizard_sdk-0.1.1-py3-none-any.whl.

File metadata

  • Download URL: lizard_sdk-0.1.1-py3-none-any.whl
  • Upload date:
  • Size: 12.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for lizard_sdk-0.1.1-py3-none-any.whl
Algorithm Hash digest
SHA256 6e0beac0bb7c308e82d68fc557b086e2a65ad04eaa673a0e05a8344ca4c84a06
MD5 977d418fbdc53071fdce1d714b64f84a
BLAKE2b-256 6d4c0552341913809ef3d6020be92fbdf7a1204c56ff80ea87f14b5772e7e756

See more details on using hashes here.

Provenance

The following attestation bundles were made for lizard_sdk-0.1.1-py3-none-any.whl:

Publisher: publish-pypi.yml on lizard-build/lizard-sdk

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page