Cloudflare gives AI agents a real computer with Sandboxes GA

Cloudflare is trying to close the gap between agent demos and the way developers actually work. In its 2026-04-13 post, Cloudflare said Sandboxes and Containers are now generally available, framing them as the place where AI agents can clone repos, run development servers, keep state, and safely touch private services. That sounds obvious, but it fixes a real mismatch in the current tooling market. Many agent stacks still model a shell as a turn-by-turn request loop. Real engineering work does not happen that way. It happens in a long-lived environment with files, terminals, background processes, and the ability to stop and resume without losing context.

The post makes that argument directly. Cloudflare says it launched Sandboxes last June because agents that act like developers need a full computer, not a thin simulation. The company also says customers were stitching together VMs and containers to solve burstiness, quick state restoration, security, lifecycle control, and ergonomics. General availability matters here because it turns that idea into a product commitment rather than an experiment. Cloudflare points to work with early partners such as Figma, which uses containers to run untrusted agent- and user-authored code, as evidence that the demand is moving beyond toy projects.

The product changes are what make the release more than a badge change. Cloudflare highlights 7 recent upgrades: secure credential injection at the network layer so the agent never sees raw secrets, PTY support for a real terminal over WebSocket, persistent code interpreters for Python, JavaScript, and TypeScript, background processes plus preview URLs for live apps, filesystem watching through native inotify-backed events, snapshots for faster recovery, and higher limits with Active CPU Pricing so teams can scale agents without paying for idle CPU. The post also stresses that a sandbox is persistent by ID, sleeps when idle, and wakes on demand, which is exactly the behavior agent builders keep re-creating by hand.

The larger signal is that infrastructure vendors are starting to treat AI agents as a first-class runtime target rather than a fancy add-on to serverless compute. A real PTY, resumable state, and credential injection do not make an agent smarter, but they make it less brittle and more deployable. That is what matters in practice. If Sandboxes holds up under production load, Cloudflare will have moved a big part of the agent stack away from prompt choreography and toward something much closer to an actual development workstation in the cloud.