CLI
Fast command-line client for code execution and interactive sessions. 42+ languages, 30+ shells/REPLs.
Official OpenAPI Swagger Docs ↗Quick Start — Tcl
# Download + setup
curl -O https://git.unturf.com/engineering/unturf/un-inception/-/raw/main/clients/tcl/sync/src/un.tcl && chmod +x un.tcl && ln -sf un.tcl un
export UNSANDBOX_PUBLIC_KEY="unsb-pk-xxxx-xxxx-xxxx-xxxx"
export UNSANDBOX_SECRET_KEY="unsb-sk-xxxxx-xxxxx-xxxxx-xxxxx"
# Run code
./un script.tclFeatures
- 42+ languages - Python, JS, Go, Rust, C++, Java...
- Sessions - 30+ shells/REPLs, tmux persistence
- Files - Upload files, collect artifacts
- Services - Persistent containers with domains
- Snapshots - Point-in-time backups
- Images - Publish, share, transfer
Integration Quickstart ⚡
Add unsandbox superpowers to your existing Tcl app:
1
Download
curl -O https://git.unturf.com/engineering/unturf/un-inception/-/raw/main/clients/tcl/sync/src/un.tcl
2
Set API Keys
# Option A: Environment variables
export UNSANDBOX_PUBLIC_KEY="unsb-pk-xxxx-xxxx-xxxx-xxxx"
export UNSANDBOX_SECRET_KEY="unsb-sk-xxxxx-xxxxx-xxxxx-xxxxx"
# Option B: Config file (persistent)
mkdir -p ~/.unsandbox
echo "unsb-pk-xxxx-xxxx-xxxx-xxxx,unsb-sk-xxxxx-xxxxx-xxxxx-xxxxx" > ~/.unsandbox/accounts.csv
3
Hello World
# In your Tcl app:
source un.tcl
set result [execute_code "tcl" {puts "Hello from Tcl running on unsandbox!"}]
puts [dict get $result stdout] ;# Hello from Tcl running on unsandbox!
Demo cooldown: s
stdout:
JSON Response:
4
Run
tclsh myapp.tcl
MD5:
61bbaf04d367fa12368fd3f6b7a445ba
SHA256: 2cb901da16c38a4d290ef1238850b814b9c6e5ae57524c075e37646d27bae6ba
#!/usr/bin/env tclsh
# PUBLIC DOMAIN - NO LICENSE, NO WARRANTY
#
# unsandbox.com TCL SDK (Synchronous)
# Full API with execution, sessions, services, snapshots, and images.
#
# Library Usage:
# source un.tcl
# set result [Un::execute "python" "print(42)"]
# puts [dict get $result stdout]
#
# CLI Usage:
# tclsh un.tcl script.py
# tclsh un.tcl -s python 'print(42)'
# tclsh un.tcl session --list
# tclsh un.tcl service --list
#
# Copyright 2025 TimeHexOn & foxhop & russell@unturf
package require http
package require json
package require tls
package require base64
package require sha256
# Register https support
::http::register https 443 ::tls::socket
namespace eval Un {
variable VERSION "4.2.50"
variable API_BASE "https://api.unsandbox.com"
variable PORTAL_BASE "https://unsandbox.com"
variable LANGUAGES_CACHE_TTL 3600
variable LANGUAGES_CACHE_FILE [file join $::env(HOME) ".unsandbox" "languages.json"]
variable LAST_ERROR ""
# Colors
variable BLUE "\033\[34m"
variable RED "\033\[31m"
variable GREEN "\033\[32m"
variable YELLOW "\033\[33m"
variable RESET "\033\[0m"
# Extension to language mapping
variable EXT_MAP
array set EXT_MAP {
.py python .js javascript .ts typescript
.rb ruby .php php .pl perl .lua lua
.sh bash .go go .rs rust .c c
.cpp cpp .cc cpp .cxx cpp
.java java .kt kotlin .cs csharp .fs fsharp
.hs haskell .ml ocaml .clj clojure .scm scheme
.lisp commonlisp .erl erlang .ex elixir .exs elixir
.jl julia .r r .R r .cr crystal
.d d .nim nim .zig zig .v vlang
.dart dart .groovy groovy .scala scala
.f90 fortran .f95 fortran .cob cobol
.pro prolog .forth forth .4th forth
.tcl tcl .raku raku .m objc
}
# ============================================================================
# Utility Functions
# ============================================================================
proc version {} {
variable VERSION
return $VERSION
}
proc last_error {} {
variable LAST_ERROR
return $LAST_ERROR
}
proc set_error {msg} {
variable LAST_ERROR
set LAST_ERROR $msg
}
proc detect_language {filename} {
variable EXT_MAP
if {$filename eq ""} { return "" }
set ext [file extension $filename]
if {[info exists EXT_MAP($ext)]} {
return $EXT_MAP($ext)
}
return ""
}
proc hmac_sign {secret message} {
if {$secret eq "" || $message eq ""} { return "" }
return [::sha2::hmac -hex -key $secret $message]
}
proc health_check {} {
variable API_BASE
if {[catch {
set token [::http::geturl "$API_BASE/health" -timeout 5000]
set ncode [::http::ncode $token]
::http::cleanup $token
return [expr {$ncode == 200}]
}]} {
return 0
}
}
# ============================================================================
# Credential Management
# ============================================================================
proc load_accounts_csv {path} {
if {![file exists $path]} { return "" }
if {[catch {open $path r} fp]} { return "" }
set line [gets $fp]
close $fp
if {[string index $line 0] eq "#"} { return "" }
return $line
}
proc get_credentials {{public_key ""} {secret_key ""}} {
# Tier 1: Arguments
if {$public_key ne "" && $secret_key ne ""} {
return [list $public_key $secret_key]
}
# Tier 2: Environment
if {[info exists ::env(UNSANDBOX_PUBLIC_KEY)] && [info exists ::env(UNSANDBOX_SECRET_KEY)]} {
return [list $::env(UNSANDBOX_PUBLIC_KEY) $::env(UNSANDBOX_SECRET_KEY)]
}
# Legacy fallback
if {[info exists ::env(UNSANDBOX_API_KEY)]} {
return [list $::env(UNSANDBOX_API_KEY) ""]
}
# Tier 3: Home directory
set creds [load_accounts_csv [file join $::env(HOME) ".unsandbox" "accounts.csv"]]
if {$creds ne ""} {
set parts [split $creds ","]
return [list [lindex $parts 0] [lindex $parts 1]]
}
# Tier 4: Local directory
set creds [load_accounts_csv "./accounts.csv"]
if {$creds ne ""} {
set parts [split $creds ","]
return [list [lindex $parts 0] [lindex $parts 1]]
}
set_error "No credentials found"
error "No credentials found"
}
# ============================================================================
# API Communication
# ============================================================================
proc api_request {endpoint method body {public_key ""} {secret_key ""} {extra_headers {}} {content_type "application/json"}} {
variable API_BASE
lassign [get_credentials $public_key $secret_key] pk sk
set headers [list Authorization "Bearer $pk" Content-Type $content_type]
# Add HMAC signature if secret key exists
if {$sk ne ""} {
set timestamp [clock seconds]
set sig_input "${timestamp}:${method}:${endpoint}:${body}"
set signature [hmac_sign $sk $sig_input]
lappend headers X-Timestamp $timestamp
lappend headers X-Signature $signature
}
# Add extra headers
foreach {k v} $extra_headers {
lappend headers $k $v
}
set url "${API_BASE}${endpoint}"
if {$method eq "GET"} {
set token [::http::geturl $url -headers $headers -timeout 300000]
} elseif {$method eq "DELETE"} {
set token [::http::geturl $url -method DELETE -headers $headers -timeout 300000]
} else {
set token [::http::geturl $url -method $method -headers $headers -query $body -timeout 300000]
}
set ncode [::http::ncode $token]
set response [::http::data $token]
::http::cleanup $token
return [list $ncode $response]
}
proc api_request_json {endpoint method body {public_key ""} {secret_key ""}} {
lassign [api_request $endpoint $method $body $public_key $secret_key] ncode response
if {$ncode >= 200 && $ncode < 300} {
if {[catch {::json::json2dict $response} result]} {
return $response
}
return $result
}
set_error "API error ($ncode): $response"
error "API error ($ncode)"
}
proc api_request_with_sudo {endpoint method body {public_key ""} {secret_key ""}} {
variable YELLOW RED GREEN RESET
lassign [api_request $endpoint $method $body $public_key $secret_key] ncode response
# Handle 428 - Sudo OTP required
if {$ncode == 428} {
set challenge_id ""
if {[catch {::json::json2dict $response} resp_dict] == 0} {
if {[dict exists $resp_dict challenge_id]} {
set challenge_id [dict get $resp_dict challenge_id]
}
}
puts stderr "${YELLOW}Confirmation required. Check your email for a one-time code.${RESET}"
puts -nonewline stderr "Enter OTP: "
flush stderr
gets stdin otp
set otp [string trim $otp]
if {$otp eq ""} {
set_error "Operation cancelled"
error "Operation cancelled"
}
# Retry with sudo headers
set extra_headers [list X-Sudo-OTP $otp]
if {$challenge_id ne ""} {
lappend extra_headers X-Sudo-Challenge $challenge_id
}
lassign [api_request $endpoint $method $body $public_key $secret_key $extra_headers] ncode response
}
if {$ncode >= 200 && $ncode < 300} {
if {[catch {::json::json2dict $response} result]} {
return $response
}
return $result
}
set_error "API error ($ncode)"
error "API error ($ncode)"
}
# ============================================================================
# Execution Functions (8)
# ============================================================================
proc execute {language code {network_mode "zerotrust"} {public_key ""} {secret_key ""}} {
set body [::json::write object \
language [::json::write string $language] \
code [::json::write string $code] \
network_mode [::json::write string $network_mode] \
ttl 60]
return [api_request_json "/execute" "POST" $body $public_key $secret_key]
}
proc execute_async {language code {network_mode "zerotrust"} {public_key ""} {secret_key ""}} {
set body [::json::write object \
language [::json::write string $language] \
code [::json::write string $code] \
network_mode [::json::write string $network_mode] \
ttl 300]
return [api_request_json "/execute/async" "POST" $body $public_key $secret_key]
}
proc wait_job {job_id {public_key ""} {secret_key ""}} {
set delays {300 450 700 900 650 1600 2000}
for {set i 0} {$i < 120} {incr i} {
set job [get_job $job_id $public_key $secret_key]
set status [dict get $job status]
if {$status eq "completed"} { return $job }
if {$status eq "failed"} {
set_error "Job failed"
error "Job failed"
}
set delay [lindex $delays [expr {$i % 7}]]
after $delay
}
set_error "Max polls exceeded"
error "Max polls exceeded"
}
proc get_job {job_id {public_key ""} {secret_key ""}} {
return [api_request_json "/jobs/$job_id" "GET" "" $public_key $secret_key]
}
proc cancel_job {job_id {public_key ""} {secret_key ""}} {
return [api_request_json "/jobs/$job_id" "DELETE" "" $public_key $secret_key]
}
proc list_jobs {{public_key ""} {secret_key ""}} {
return [api_request_json "/jobs" "GET" "" $public_key $secret_key]
}
proc get_languages {{public_key ""} {secret_key ""}} {
variable LANGUAGES_CACHE_FILE LANGUAGES_CACHE_TTL
# Check cache
if {[file exists $LANGUAGES_CACHE_FILE]} {
set mtime [file mtime $LANGUAGES_CACHE_FILE]
set age [expr {[clock seconds] - $mtime}]
if {$age < $LANGUAGES_CACHE_TTL} {
if {[catch {open $LANGUAGES_CACHE_FILE r} fp] == 0} {
set content [read $fp]
close $fp
if {[catch {::json::json2dict $content} cache]} {
return [dict get $cache languages]
}
}
}
}
# Fetch from API
set result [api_request_json "/languages" "GET" "" $public_key $secret_key]
# Save to cache
file mkdir [file dirname $LANGUAGES_CACHE_FILE]
set cache_json [::json::write object \
languages [dict get $result languages] \
timestamp [clock seconds]]
set fp [open $LANGUAGES_CACHE_FILE w]
puts -nonewline $fp $cache_json
close $fp
return [dict get $result languages]
}
# ============================================================================
# Session Functions (9)
# ============================================================================
proc session_list {{public_key ""} {secret_key ""}} {
return [api_request_json "/sessions" "GET" "" $public_key $secret_key]
}
proc session_get {session_id {public_key ""} {secret_key ""}} {
return [api_request_json "/sessions/$session_id" "GET" "" $public_key $secret_key]
}
proc session_create {{shell "bash"} {network ""} {vcpu ""} {public_key ""} {secret_key ""}} {
set body [::json::write object shell [::json::write string $shell]]
if {$network ne ""} {
set body [string trimright $body "\}"]
append body ",\"network\":\"$network\"\}"
}
if {$vcpu ne ""} {
set body [string trimright $body "\}"]
append body ",\"vcpu\":$vcpu\}"
}
return [api_request_json "/sessions" "POST" $body $public_key $secret_key]
}
proc session_destroy {session_id {public_key ""} {secret_key ""}} {
return [api_request_json "/sessions/$session_id" "DELETE" "" $public_key $secret_key]
}
proc session_freeze {session_id {public_key ""} {secret_key ""}} {
return [api_request_json "/sessions/$session_id/freeze" "POST" "\{\}" $public_key $secret_key]
}
proc session_unfreeze {session_id {public_key ""} {secret_key ""}} {
return [api_request_json "/sessions/$session_id/unfreeze" "POST" "\{\}" $public_key $secret_key]
}
proc session_boost {session_id {vcpu 2} {public_key ""} {secret_key ""}} {
set body "\{\"vcpu\":$vcpu\}"
return [api_request_json "/sessions/$session_id/boost" "POST" $body $public_key $secret_key]
}
proc session_unboost {session_id {public_key ""} {secret_key ""}} {
return [api_request_json "/sessions/$session_id/unboost" "POST" "\{\}" $public_key $secret_key]
}
proc session_execute {session_id command {public_key ""} {secret_key ""}} {
set body [::json::write object command [::json::write string $command]]
return [api_request_json "/sessions/$session_id/execute" "POST" $body $public_key $secret_key]
}
# ============================================================================
# Service Functions (17)
# ============================================================================
proc service_list {{public_key ""} {secret_key ""}} {
return [api_request_json "/services" "GET" "" $public_key $secret_key]
}
proc service_get {service_id {public_key ""} {secret_key ""}} {
return [api_request_json "/services/$service_id" "GET" "" $public_key $secret_key]
}
proc service_create {name {ports ""} {bootstrap ""} {public_key ""} {secret_key ""}} {
set body [::json::write object name [::json::write string $name]]
if {$ports ne ""} {
set body [string trimright $body "\}"]
append body ",\"ports\":\[$ports\]\}"
}
if {$bootstrap ne ""} {
set body [string trimright $body "\}"]
append body ",\"bootstrap\":\"[string map {\" \\\" \\ \\\\} $bootstrap]\"\}"
}
return [api_request_json "/services" "POST" $body $public_key $secret_key]
}
proc service_destroy {service_id {public_key ""} {secret_key ""}} {
return [api_request_with_sudo "/services/$service_id" "DELETE" "" $public_key $secret_key]
}
proc service_freeze {service_id {public_key ""} {secret_key ""}} {
return [api_request_json "/services/$service_id/freeze" "POST" "\{\}" $public_key $secret_key]
}
proc service_unfreeze {service_id {public_key ""} {secret_key ""}} {
return [api_request_json "/services/$service_id/unfreeze" "POST" "\{\}" $public_key $secret_key]
}
proc service_lock {service_id {public_key ""} {secret_key ""}} {
return [api_request_json "/services/$service_id/lock" "POST" "\{\}" $public_key $secret_key]
}
proc service_unlock {service_id {public_key ""} {secret_key ""}} {
return [api_request_with_sudo "/services/$service_id/unlock" "POST" "\{\}" $public_key $secret_key]
}
proc service_set_unfreeze_on_demand {service_id enabled {public_key ""} {secret_key ""}} {
set body "\{\"unfreeze_on_demand\":$enabled\}"
return [api_request_json "/services/$service_id" "PATCH" $body $public_key $secret_key]
}
proc service_redeploy {service_id {bootstrap ""} {public_key ""} {secret_key ""}} {
set body "\{\}"
if {$bootstrap ne ""} {
set body [::json::write object bootstrap [::json::write string $bootstrap]]
}
return [api_request_json "/services/$service_id/redeploy" "POST" $body $public_key $secret_key]
}
proc service_logs {service_id {lines ""} {public_key ""} {secret_key ""}} {
set endpoint "/services/$service_id/logs"
if {$lines ne ""} {
append endpoint "?lines=$lines"
}
return [api_request_json $endpoint "GET" "" $public_key $secret_key]
}
proc service_execute {service_id command {public_key ""} {secret_key ""}} {
set body [::json::write object command [::json::write string $command]]
return [api_request_json "/services/$service_id/execute" "POST" $body $public_key $secret_key]
}
proc service_env_get {service_id {public_key ""} {secret_key ""}} {
return [api_request_json "/services/$service_id/env" "GET" "" $public_key $secret_key]
}
proc service_env_set {service_id env_content {public_key ""} {secret_key ""}} {
lassign [api_request "/services/$service_id/env" "PUT" $env_content $public_key $secret_key {} "text/plain"] ncode response
return [expr {$ncode >= 200 && $ncode < 300}]
}
proc service_env_delete {service_id {public_key ""} {secret_key ""}} {
return [api_request_json "/services/$service_id/env" "DELETE" "" $public_key $secret_key]
}
proc service_env_export {service_id {public_key ""} {secret_key ""}} {
return [api_request_json "/services/$service_id/env/export" "POST" "\{\}" $public_key $secret_key]
}
proc service_resize {service_id vcpu {public_key ""} {secret_key ""}} {
set body "\{\"vcpu\":$vcpu\}"
return [api_request_json "/services/$service_id" "PATCH" $body $public_key $secret_key]
}
# ============================================================================
# Snapshot Functions (9)
# ============================================================================
proc snapshot_list {{public_key ""} {secret_key ""}} {
return [api_request_json "/snapshots" "GET" "" $public_key $secret_key]
}
proc snapshot_get {snapshot_id {public_key ""} {secret_key ""}} {
return [api_request_json "/snapshots/$snapshot_id" "GET" "" $public_key $secret_key]
}
proc snapshot_session {session_id {name ""} {hot false} {public_key ""} {secret_key ""}} {
set body "\{\}"
if {$name ne "" || $hot} {
set parts [list]
if {$name ne ""} { lappend parts "\"name\":\"$name\"" }
if {$hot} { lappend parts "\"hot\":true" }
set body "\{[join $parts ","]\}"
}
return [api_request_json "/sessions/$session_id/snapshot" "POST" $body $public_key $secret_key]
}
proc snapshot_service {service_id {name ""} {hot false} {public_key ""} {secret_key ""}} {
set body "\{\}"
if {$name ne "" || $hot} {
set parts [list]
if {$name ne ""} { lappend parts "\"name\":\"$name\"" }
if {$hot} { lappend parts "\"hot\":true" }
set body "\{[join $parts ","]\}"
}
return [api_request_json "/services/$service_id/snapshot" "POST" $body $public_key $secret_key]
}
proc snapshot_restore {snapshot_id {public_key ""} {secret_key ""}} {
return [api_request_json "/snapshots/$snapshot_id/restore" "POST" "\{\}" $public_key $secret_key]
}
proc snapshot_delete {snapshot_id {public_key ""} {secret_key ""}} {
return [api_request_with_sudo "/snapshots/$snapshot_id" "DELETE" "" $public_key $secret_key]
}
proc snapshot_lock {snapshot_id {public_key ""} {secret_key ""}} {
return [api_request_json "/snapshots/$snapshot_id/lock" "POST" "\{\}" $public_key $secret_key]
}
proc snapshot_unlock {snapshot_id {public_key ""} {secret_key ""}} {
return [api_request_with_sudo "/snapshots/$snapshot_id/unlock" "POST" "\{\}" $public_key $secret_key]
}
proc snapshot_clone {snapshot_id {clone_type "session"} {name ""} {public_key ""} {secret_key ""}} {
set parts [list "\"clone_type\":\"$clone_type\""]
if {$name ne ""} { lappend parts "\"name\":\"$name\"" }
set body "\{[join $parts ","]\}"
return [api_request_json "/snapshots/$snapshot_id/clone" "POST" $body $public_key $secret_key]
}
# ============================================================================
# Image Functions (13)
# ============================================================================
proc image_list {{filter ""} {public_key ""} {secret_key ""}} {
set endpoint "/images"
if {$filter ne ""} {
append endpoint "?filter=$filter"
}
return [api_request_json $endpoint "GET" "" $public_key $secret_key]
}
proc image_get {image_id {public_key ""} {secret_key ""}} {
return [api_request_json "/images/$image_id" "GET" "" $public_key $secret_key]
}
proc image_publish {source_type source_id {name ""} {public_key ""} {secret_key ""}} {
set parts [list "\"source_type\":\"$source_type\"" "\"source_id\":\"$source_id\""]
if {$name ne ""} { lappend parts "\"name\":\"$name\"" }
set body "\{[join $parts ","]\}"
return [api_request_json "/images/publish" "POST" $body $public_key $secret_key]
}
proc image_delete {image_id {public_key ""} {secret_key ""}} {
return [api_request_with_sudo "/images/$image_id" "DELETE" "" $public_key $secret_key]
}
proc image_lock {image_id {public_key ""} {secret_key ""}} {
return [api_request_json "/images/$image_id/lock" "POST" "\{\}" $public_key $secret_key]
}
proc image_unlock {image_id {public_key ""} {secret_key ""}} {
return [api_request_with_sudo "/images/$image_id/unlock" "POST" "\{\}" $public_key $secret_key]
}
proc image_set_visibility {image_id visibility {public_key ""} {secret_key ""}} {
set body "\{\"visibility\":\"$visibility\"\}"
return [api_request_json "/images/$image_id/visibility" "POST" $body $public_key $secret_key]
}
proc image_grant_access {image_id trusted_key {public_key ""} {secret_key ""}} {
set body "\{\"api_key\":\"$trusted_key\"\}"
return [api_request_json "/images/$image_id/access" "POST" $body $public_key $secret_key]
}
proc image_revoke_access {image_id trusted_key {public_key ""} {secret_key ""}} {
return [api_request_json "/images/$image_id/access/$trusted_key" "DELETE" "" $public_key $secret_key]
}
proc image_list_trusted {image_id {public_key ""} {secret_key ""}} {
return [api_request_json "/images/$image_id/access" "GET" "" $public_key $secret_key]
}
proc image_transfer {image_id to_key {public_key ""} {secret_key ""}} {
set body "\{\"to_api_key\":\"$to_key\"\}"
return [api_request_json "/images/$image_id/transfer" "POST" $body $public_key $secret_key]
}
proc image_spawn {image_id {name ""} {ports ""} {public_key ""} {secret_key ""}} {
set parts [list]
if {$name ne ""} { lappend parts "\"name\":\"$name\"" }
if {$ports ne ""} { lappend parts "\"ports\":\[$ports\]" }
set body "\{[join $parts ","]\}"
return [api_request_json "/images/$image_id/spawn" "POST" $body $public_key $secret_key]
}
proc image_clone {image_id {name ""} {public_key ""} {secret_key ""}} {
set body "\{\}"
if {$name ne ""} {
set body "\{\"name\":\"$name\"\}"
}
return [api_request_json "/images/$image_id/clone" "POST" $body $public_key $secret_key]
}
# ============================================================================
# PaaS Logs Functions (2)
# ============================================================================
proc logs_fetch {{source "all"} {lines 100} {since "1h"} {grep ""} {public_key ""} {secret_key ""}} {
set parts [list "\"source\":\"$source\"" "\"lines\":$lines" "\"since\":\"$since\""]
if {$grep ne ""} { lappend parts "\"grep\":\"$grep\"" }
set body "\{[join $parts ","]\}"
return [api_request_json "/paas/logs" "POST" $body $public_key $secret_key]
}
proc logs_stream {args} {
set_error "logs_stream requires async support"
error "logs_stream requires async support"
}
# ============================================================================
# Key Validation
# ============================================================================
proc validate_keys {{public_key ""} {secret_key ""}} {
variable PORTAL_BASE
lassign [get_credentials $public_key $secret_key] pk sk
set headers [list Authorization "Bearer $pk" Content-Type "application/json"]
if {$sk ne ""} {
set timestamp [clock seconds]
set sig_input "${timestamp}:POST:/keys/validate:"
set signature [hmac_sign $sk $sig_input]
lappend headers X-Timestamp $timestamp
lappend headers X-Signature $signature
}
set token [::http::geturl "$PORTAL_BASE/keys/validate" -method POST -headers $headers -timeout 30000]
set ncode [::http::ncode $token]
set response [::http::data $token]
::http::cleanup $token
if {$ncode == 200} {
return [::json::json2dict $response]
}
set_error "Key validation failed ($ncode)"
error "Key validation failed"
}
# ============================================================================
# CLI Commands
# ============================================================================
proc cmd_languages {args} {
variable BLUE RESET
set json_output 0
foreach arg $args {
if {$arg eq "--json"} { set json_output 1 }
}
set langs [get_languages]
if {$json_output} {
puts $langs
} else {
foreach lang $langs {
puts $lang
}
}
}
proc cmd_key {args} {
variable GREEN RED YELLOW PORTAL_BASE RESET
set extend 0
foreach arg $args {
if {$arg eq "--extend"} { set extend 1 }
}
set result [validate_keys]
set pk [dict get $result public_key]
if {$extend && $pk ne ""} {
set url "$PORTAL_BASE/keys/extend?pk=$pk"
puts "${YELLOW}Opening browser to extend key...${RESET}"
catch {exec xdg-open $url &}
return
}
if {[dict exists $result expired] && [dict get $result expired]} {
puts "${RED}Expired${RESET}"
puts "Public Key: $pk"
puts "Tier: [dict get $result tier]"
puts "${YELLOW}To renew: Visit $PORTAL_BASE/keys/extend${RESET}"
exit 1
}
puts "${GREEN}Valid${RESET}"
puts "Public Key: $pk"
puts "Tier: [dict get $result tier]"
puts "Status: [dict get $result status]"
if {[dict exists $result expires_at]} {
puts "Expires: [dict get $result expires_at]"
}
if {[dict exists $result time_remaining]} {
puts "Time Remaining: [dict get $result time_remaining]"
}
}
proc cmd_session {args} {
variable GREEN RESET
set action ""
set target ""
for {set i 0} {$i < [llength $args]} {incr i} {
set arg [lindex $args $i]
switch -exact -- $arg {
--list - -l { set action "list" }
--info { set action "info"; incr i; set target [lindex $args $i] }
--kill { set action "kill"; incr i; set target [lindex $args $i] }
--freeze { set action "freeze"; incr i; set target [lindex $args $i] }
--unfreeze { set action "unfreeze"; incr i; set target [lindex $args $i] }
}
}
switch -exact -- $action {
list {
set result [session_list]
if {[dict exists $result sessions]} {
foreach s [dict get $result sessions] {
puts "[dict get $s id]\t[dict get $s shell]\t[dict get $s status]\t[dict get $s created_at]"
}
}
}
info { puts [session_get $target] }
kill {
session_destroy $target
puts "${GREEN}Session terminated: $target${RESET}"
}
freeze {
session_freeze $target
puts "${GREEN}Session frozen: $target${RESET}"
}
unfreeze {
session_unfreeze $target
puts "${GREEN}Session unfreezing: $target${RESET}"
}
default {
puts stderr "Usage: un.tcl session --list|--info ID|--kill ID|--freeze ID|--unfreeze ID"
exit 1
}
}
}
proc cmd_service {args} {
variable GREEN RESET
set action ""
set target ""
set name ""
set ports ""
for {set i 0} {$i < [llength $args]} {incr i} {
set arg [lindex $args $i]
switch -exact -- $arg {
--list - -l { set action "list" }
--info { set action "info"; incr i; set target [lindex $args $i] }
--destroy { set action "destroy"; incr i; set target [lindex $args $i] }
--freeze { set action "freeze"; incr i; set target [lindex $args $i] }
--unfreeze { set action "unfreeze"; incr i; set target [lindex $args $i] }
--lock { set action "lock"; incr i; set target [lindex $args $i] }
--unlock { set action "unlock"; incr i; set target [lindex $args $i] }
--logs { set action "logs"; incr i; set target [lindex $args $i] }
--name { incr i; set name [lindex $args $i] }
--ports { incr i; set ports [lindex $args $i] }
}
}
switch -exact -- $action {
list {
set result [service_list]
if {[dict exists $result services]} {
foreach s [dict get $result services] {
puts "[dict get $s id]\t[dict get $s name]\t[dict get $s status]"
}
}
}
info { puts [service_get $target] }
destroy {
service_destroy $target
puts "${GREEN}Service destroyed: $target${RESET}"
}
freeze {
service_freeze $target
puts "${GREEN}Service frozen: $target${RESET}"
}
unfreeze {
service_unfreeze $target
puts "${GREEN}Service unfreezing: $target${RESET}"
}
lock {
service_lock $target
puts "${GREEN}Service locked: $target${RESET}"
}
unlock {
service_unlock $target
puts "${GREEN}Service unlocked: $target${RESET}"
}
logs {
set result [service_logs $target]
if {[dict exists $result logs]} {
puts [dict get $result logs]
}
}
default {
if {$name ne ""} {
set result [service_create $name $ports ""]
puts "${GREEN}Service created${RESET}"
puts $result
} else {
puts stderr "Usage: un.tcl service --list|--info ID|--destroy ID|--name NAME"
exit 1
}
}
}
}
proc cmd_snapshot {args} {
variable GREEN RESET
set action ""
set target ""
for {set i 0} {$i < [llength $args]} {incr i} {
set arg [lindex $args $i]
switch -exact -- $arg {
--list - -l { set action "list" }
--info { set action "info"; incr i; set target [lindex $args $i] }
--delete { set action "delete"; incr i; set target [lindex $args $i] }
--restore { set action "restore"; incr i; set target [lindex $args $i] }
--lock { set action "lock"; incr i; set target [lindex $args $i] }
--unlock { set action "unlock"; incr i; set target [lindex $args $i] }
}
}
switch -exact -- $action {
list {
set result [snapshot_list]
if {[dict exists $result snapshots]} {
foreach s [dict get $result snapshots] {
puts "[dict get $s id]\t[dict get $s name]\t[dict get $s type]"
}
}
}
info { puts [snapshot_get $target] }
delete {
snapshot_delete $target
puts "${GREEN}Snapshot deleted: $target${RESET}"
}
restore {
snapshot_restore $target
puts "${GREEN}Snapshot restored${RESET}"
}
lock {
snapshot_lock $target
puts "${GREEN}Snapshot locked: $target${RESET}"
}
unlock {
snapshot_unlock $target
puts "${GREEN}Snapshot unlocked: $target${RESET}"
}
default {
puts stderr "Usage: un.tcl snapshot --list|--info ID|--delete ID|--restore ID"
exit 1
}
}
}
proc cmd_image {args} {
variable GREEN RESET
set action ""
set target ""
set source_type ""
set visibility_mode ""
set name ""
set ports ""
for {set i 0} {$i < [llength $args]} {incr i} {
set arg [lindex $args $i]
switch -exact -- $arg {
--list - -l { set action "list" }
--info { set action "info"; incr i; set target [lindex $args $i] }
--delete { set action "delete"; incr i; set target [lindex $args $i] }
--lock { set action "lock"; incr i; set target [lindex $args $i] }
--unlock { set action "unlock"; incr i; set target [lindex $args $i] }
--publish { set action "publish"; incr i; set target [lindex $args $i] }
--source-type { incr i; set source_type [lindex $args $i] }
--visibility {
set action "visibility"
incr i; set target [lindex $args $i]
incr i; set visibility_mode [lindex $args $i]
}
--spawn { set action "spawn"; incr i; set target [lindex $args $i] }
--clone { set action "clone"; incr i; set target [lindex $args $i] }
--name { incr i; set name [lindex $args $i] }
--ports { incr i; set ports [lindex $args $i] }
}
}
switch -exact -- $action {
list {
set result [image_list]
if {[dict exists $result images]} {
foreach img [dict get $result images] {
set img_name "-"
if {[dict exists $img name]} { set img_name [dict get $img name] }
puts "[dict get $img id]\t$img_name\t[dict get $img visibility]"
}
}
}
info { puts [image_get $target] }
delete {
image_delete $target
puts "${GREEN}Image deleted: $target${RESET}"
}
lock {
image_lock $target
puts "${GREEN}Image locked: $target${RESET}"
}
unlock {
image_unlock $target
puts "${GREEN}Image unlocked: $target${RESET}"
}
publish {
if {$source_type eq ""} {
puts stderr "Error: --source-type required"
exit 1
}
set result [image_publish $source_type $target $name]
puts "${GREEN}Image published${RESET}"
puts $result
}
visibility {
image_set_visibility $target $visibility_mode
puts "${GREEN}Visibility set to $visibility_mode${RESET}"
}
spawn {
set result [image_spawn $target $name $ports]
puts "${GREEN}Service spawned from image${RESET}"
puts $result
}
clone {
set result [image_clone $target $name]
puts "${GREEN}Image cloned${RESET}"
puts $result
}
default {
puts stderr "Usage: un.tcl image --list|--info ID|--delete ID|--publish ID|--spawn ID|--clone ID"
exit 1
}
}
}
proc run_file {file} {
variable BLUE RED RESET
if {![file exists $file]} {
puts stderr "${RED}Error: File not found: $file${RESET}"
exit 1
}
set fp [open $file r]
set code [read $fp]
close $fp
set lang [detect_language $file]
if {$lang eq ""} {
puts stderr "${RED}Error: Cannot detect language${RESET}"
exit 1
}
set result [execute $lang $code]
if {[dict exists $result stdout]} {
puts -nonewline "${BLUE}[dict get $result stdout]${RESET}"
}
if {[dict exists $result stderr]} {
puts -nonewline stderr "${RED}[dict get $result stderr]${RESET}"
}
set exit_code 0
if {[dict exists $result exit_code]} {
set exit_code [dict get $result exit_code]
}
exit $exit_code
}
proc show_help {} {
puts {Unsandbox CLI - Execute code in secure sandboxes
Usage:
tclsh un.tcl [options] <source_file>
tclsh un.tcl -s <language> '<code>'
tclsh un.tcl session [options]
tclsh un.tcl service [options]
tclsh un.tcl snapshot [options]
tclsh un.tcl image [options]
tclsh un.tcl languages [--json]
tclsh un.tcl key [--extend]
Commands:
languages List available programming languages
key Validate API key
session Manage interactive sessions
service Manage persistent services
snapshot Manage snapshots
image Manage images
Environment:
UNSANDBOX_PUBLIC_KEY API public key
UNSANDBOX_SECRET_KEY API secret key}
}
proc main {argv} {
variable BLUE RED RESET
if {[llength $argv] == 0} {
show_help
exit 1
}
set first_arg [lindex $argv 0]
switch -exact -- $first_arg {
languages { cmd_languages {*}[lrange $argv 1 end] }
key { cmd_key {*}[lrange $argv 1 end] }
session { cmd_session {*}[lrange $argv 1 end] }
service { cmd_service {*}[lrange $argv 1 end] }
snapshot { cmd_snapshot {*}[lrange $argv 1 end] }
image { cmd_image {*}[lrange $argv 1 end] }
--help - -h { show_help }
-s {
set lang [lindex $argv 1]
set code [lindex $argv 2]
if {$lang eq "" || $code eq ""} {
puts stderr "${RED}Error: -s requires language and code${RESET}"
exit 1
}
set result [execute $lang $code]
if {[dict exists $result stdout]} {
puts -nonewline [dict get $result stdout]
}
if {[dict exists $result stderr]} {
puts -nonewline stderr [dict get $result stderr]
}
set exit_code 0
if {[dict exists $result exit_code]} {
set exit_code [dict get $result exit_code]
}
exit $exit_code
}
default {
run_file $first_arg
}
}
}
}
# CLI entry point
if {[info script] eq $argv0} {
Un::main $argv
}
Documentation clarifications
Dependencies
C Binary (un1) — requires libcurl and libwebsockets:
sudo apt install build-essential libcurl4-openssl-dev libwebsockets-dev
wget unsandbox.com/downloads/un.c && gcc -O2 -o un un.c -lcurl -lwebsocketsSDK Implementations — most use stdlib only (Ruby, JS, Go, etc). Some require minimal deps:
pip install requests # PythonExecute Code
Run a Script
./un hello.py
./un app.js
./un main.rsWith Environment Variables
./un -e DEBUG=1 -e NAME=World script.pyWith Input Files (teleport files into sandbox)
./un -f data.csv -f config.json process.pyGet Compiled Binary (teleport artifacts out)
./un -a -o ./bin main.cInteractive Sessions
Start a Shell Session
# Default bash shell
./un session
# Choose your shell
./un session --shell zsh
./un session --shell fish
# Jump into a REPL
./un session --shell python3
./un session --shell node
./un session --shell juliaSession with Network Access
./un session -n semitrustedSession Auditing (full terminal recording)
# Record everything (including vim, interactive programs)
./un session --audit -o ./logs
# Replay session later
zcat session.log*.gz | less -RCollect Artifacts from Session
# Files in /tmp/artifacts/ are collected on exit
./un session -a -o ./outputsSession Persistence (tmux/screen)
# Default: session terminates on disconnect (clean exit)
./un session
# With tmux: session persists, can reconnect later
./un session --tmux
# Press Ctrl+b then d to detach
# With screen: alternative multiplexer
./un session --screen
# Press Ctrl+a then d to detachList Active Sessions
./un session --list
# Output:
# Active sessions: 2
#
# SESSION ID CONTAINER SHELL TTL STATUS
# abc123... unsb-vm-12345 python3 45m30s active
# def456... unsb-vm-67890 bash 1h2m activeReconnect to Existing Session
# Reconnect by container name (requires --tmux or --screen)
./un session --attach unsb-vm-12345
# Use exit to terminate session, or detach to keep it runningTerminate a Session
./un session --kill unsb-vm-12345Available Shells & REPLs
Shells: bash, dash, sh, zsh, fish, ksh, tcsh, csh, elvish, xonsh, ash
REPLs: python3, bpython, ipython # Python
node # JavaScript
ruby, irb # Ruby
lua # Lua
php # PHP
perl # Perl
guile, scheme # Scheme
ghci # Haskell
erl, iex # Erlang/Elixir
sbcl, clisp # Common Lisp
r # R
julia # Julia
clojure # ClojureAPI Key Management
Check Key Status
# Check if your API key is valid
./un key
# Output:
# Valid: key expires in 30 daysExtend Expired Key
# Open the portal to extend an expired key
./un key --extend
# This opens the unsandbox.com portal where you can
# add more credits to extend your key's expirationAuthentication
Credentials are loaded in priority order (highest first):
# 1. CLI flags (highest priority)
./un -p unsb-pk-xxxx -k unsb-sk-xxxxx script.py
# 2. Environment variables
export UNSANDBOX_PUBLIC_KEY=unsb-pk-xxxx-xxxx-xxxx-xxxx
export UNSANDBOX_SECRET_KEY=unsb-sk-xxxxx-xxxxx-xxxxx-xxxxx
./un script.py
# 3. Config file (lowest priority)
# ~/.unsandbox/accounts.csv format: public_key,secret_key
mkdir -p ~/.unsandbox
echo "unsb-pk-xxxx-xxxx-xxxx-xxxx,unsb-sk-xxxxx-xxxxx-xxxxx-xxxxx" > ~/.unsandbox/accounts.csv
./un script.pyRequests are signed with HMAC-SHA256. The bearer token contains only the public key; the secret key computes the signature (never transmitted).
Resource Scaling
Set vCPU Count
# Default: 1 vCPU, 2GB RAM
./un script.py
# Scale up: 4 vCPUs, 8GB RAM
./un -v 4 script.py
# Maximum: 8 vCPUs, 16GB RAM
./un --vcpu 8 heavy_compute.pyLive Session Boosting
# Boost a running session to 2 vCPU, 4GB RAM
./un session --boost sandbox-abc
# Boost to specific vCPU count (4 vCPU, 8GB RAM)
./un session --boost sandbox-abc --boost-vcpu 4
# Return to base resources (1 vCPU, 2GB RAM)
./un session --unboost sandbox-abcSession Freeze/Unfreeze
Freeze and Unfreeze Sessions
# Freeze a session (stop billing, preserve state)
./un session --freeze sandbox-abc
# Unfreeze a frozen session
./un session --unfreeze sandbox-abc
# Note: Requires --tmux or --screen for persistencePersistent Services
Create a Service
# Web server with ports
./un service --name web --ports 80,443 --bootstrap "python -m http.server 80"
# With custom domains
./un service --name blog --ports 8000 --domains blog.example.com
# Game server with SRV records
./un service --name mc --type minecraft --bootstrap ./setup.sh
# Deploy app tarball with bootstrap script
./un service --name app --ports 8000 -f app.tar.gz --bootstrap-file ./setup.sh
# setup.sh: cd /tmp && tar xzf app.tar.gz && ./app/start.shManage Services
# List all services
./un service --list
# Get service details
./un service --info abc123
# View bootstrap logs
./un service --logs abc123
./un service --tail abc123 # last 9000 lines
# Execute command in running service
./un service --execute abc123 'journalctl -u myapp -n 50'
# Dump bootstrap script (for migrations)
./un service --dump-bootstrap abc123
./un service --dump-bootstrap abc123 backup.sh
# Freeze/unfreeze service
./un service --freeze abc123
./un service --unfreeze abc123
# Service settings (auto-wake, freeze page display)
./un service --auto-unfreeze abc123 # enable auto-wake on HTTP
./un service --no-auto-unfreeze abc123 # disable auto-wake
./un service --show-freeze-page abc123 # show HTML payment page (default)
./un service --no-show-freeze-page abc123 # return JSON error instead
# Redeploy with new bootstrap
./un service --redeploy abc123 --bootstrap ./new-setup.sh
# Destroy service
./un service --destroy abc123Snapshots
List Snapshots
./un snapshot --list
# Output:
# Snapshots: 3
#
# SNAPSHOT ID NAME SOURCE SIZE CREATED
# unsb-snapshot-a1b2-c3d4-e5f6-g7h8 before-upgrade session 512 MB 2h ago
# unsb-snapshot-i9j0-k1l2-m3n4-o5p6 stable-v1.0 service 1.2 GB 1d agoCreate Session Snapshot
# Snapshot with name
./un session --snapshot unsb-vm-12345 --name "before upgrade"
# Quick snapshot (auto-generated name)
./un session --snapshot unsb-vm-12345Create Service Snapshot
# Standard snapshot (pauses container briefly)
./un service --snapshot unsb-service-abc123 --name "stable v1.0"
# Hot snapshot (no pause, may be inconsistent)
./un service --snapshot unsb-service-abc123 --hotRestore from Snapshot
# Restore session from snapshot
./un session --restore unsb-snapshot-a1b2-c3d4-e5f6-g7h8
# Restore service from snapshot
./un service --restore unsb-snapshot-i9j0-k1l2-m3n4-o5p6Delete Snapshot
./un snapshot --delete unsb-snapshot-a1b2-c3d4-e5f6-g7h8Images
Images are independent, transferable container images that survive container deletion. Unlike snapshots (which live with their container), images can be shared with other users, transferred between API keys, or made public in the marketplace.
List Images
# List all images (owned + shared + public)
./un image --list
# List only your images
./un image --list owned
# List images shared with you
./un image --list shared
# List public marketplace images
./un image --list public
# Get image details
./un image --info unsb-image-xxxx-xxxx-xxxx-xxxxPublish Images
# Publish from a stopped or frozen service
./un image --publish-service unsb-service-abc123 \
--name "My App v1.0" --description "Production snapshot"
# Publish from a snapshot
./un image --publish-snapshot unsb-snapshot-xxxx-xxxx-xxxx-xxxx \
--name "Stable Release"
# Note: Cannot publish from running containers - stop or freeze firstCreate Services from Images
# Spawn a new service from an image
./un image --spawn unsb-image-xxxx-xxxx-xxxx-xxxx \
--name new-service --ports 80,443
# Clone an image (creates a copy you own)
./un image --clone unsb-image-xxxx-xxxx-xxxx-xxxxImage Protection
# Lock image to prevent accidental deletion
./un image --lock unsb-image-xxxx-xxxx-xxxx-xxxx
# Unlock image to allow deletion
./un image --unlock unsb-image-xxxx-xxxx-xxxx-xxxx
# Delete image (must be unlocked)
./un image --delete unsb-image-xxxx-xxxx-xxxx-xxxxVisibility & Sharing
# Set visibility level
./un image --visibility unsb-image-xxxx-xxxx-xxxx-xxxx private # owner only (default)
./un image --visibility unsb-image-xxxx-xxxx-xxxx-xxxx unlisted # can be shared
./un image --visibility unsb-image-xxxx-xxxx-xxxx-xxxx public # marketplace
# Share with specific user
./un image --grant unsb-image-xxxx-xxxx-xxxx-xxxx \
--key unsb-pk-friend-friend-friend-friend
# Revoke access
./un image --revoke unsb-image-xxxx-xxxx-xxxx-xxxx \
--key unsb-pk-friend-friend-friend-friend
# List who has access
./un image --trusted unsb-image-xxxx-xxxx-xxxx-xxxxTransfer Ownership
# Transfer image to another API key
./un image --transfer unsb-image-xxxx-xxxx-xxxx-xxxx \
--to unsb-pk-newowner-newowner-newowner-newownerUsage Reference
Usage: ./un [options] <source_file>
./un session [options]
./un service [options]
./un snapshot [options]
./un image [options]
./un key
Commands:
(default) Execute source file in sandbox
session Open interactive shell/REPL session
service Manage persistent services
snapshot Manage container snapshots
image Manage container images (publish, share, transfer)
key Check API key validity and expiration
Options:
-e KEY=VALUE Set environment variable (can use multiple times)
-f FILE Add input file (can use multiple times)
-a Return and save artifacts from /tmp/artifacts/
-o DIR Output directory for artifacts (default: current dir)
-p KEY Public key (or set UNSANDBOX_PUBLIC_KEY env var)
-k KEY Secret key (or set UNSANDBOX_SECRET_KEY env var)
-n MODE Network mode: zerotrust (default) or semitrusted
-v N, --vcpu N vCPU count 1-8, each vCPU gets 2GB RAM (default: 1)
-y Skip confirmation for large uploads (>1GB)
-h Show this help
Authentication (priority order):
1. -p and -k flags (public and secret key)
2. UNSANDBOX_PUBLIC_KEY + UNSANDBOX_SECRET_KEY env vars
3. ~/.unsandbox/accounts.csv (format: public_key,secret_key per line)
Session options:
-s, --shell SHELL Shell/REPL to use (default: bash)
-l, --list List active sessions
--attach ID Reconnect to existing session (ID or container name)
--kill ID Terminate a session (ID or container name)
--freeze ID Freeze a session (requires --tmux/--screen)
--unfreeze ID Unfreeze a frozen session
--boost ID Boost session resources (2 vCPU, 4GB RAM)
--boost-vcpu N Specify vCPU count for boost (1-8)
--unboost ID Return to base resources
--audit Record full session for auditing
--tmux Enable session persistence with tmux (allows reconnect)
--screen Enable session persistence with screen (allows reconnect)
Service options:
--name NAME Service name (creates new service)
--ports PORTS Comma-separated ports (e.g., 80,443)
--domains DOMAINS Custom domains (e.g., example.com,www.example.com)
--type TYPE Service type: minecraft, mumble, teamspeak, source, tcp, udp
--bootstrap CMD Bootstrap command/file/URL to run on startup
-f FILE Upload file to /tmp/ (can use multiple times)
-l, --list List all services
--info ID Get service details
--tail ID Get last 9000 lines of bootstrap logs
--logs ID Get all bootstrap logs
--freeze ID Freeze a service
--unfreeze ID Unfreeze a service
--auto-unfreeze ID Enable auto-wake on HTTP request
--no-auto-unfreeze ID Disable auto-wake on HTTP request
--show-freeze-page ID Show HTML payment page when frozen (default)
--no-show-freeze-page ID Return JSON error when frozen
--destroy ID Destroy a service
--redeploy ID Re-run bootstrap script (requires --bootstrap)
--execute ID CMD Run a command in a running service
--dump-bootstrap ID [FILE] Dump bootstrap script (for migrations)
--snapshot ID Create snapshot of session or service
--snapshot-name User-friendly name for snapshot
--hot Create snapshot without pausing (may be inconsistent)
--restore ID Restore session/service from snapshot ID
Snapshot options:
-l, --list List all snapshots
--info ID Get snapshot details
--delete ID Delete a snapshot permanently
Image options:
-l, --list [owned|shared|public] List images (all, owned, shared, or public)
--info ID Get image details
--publish-service ID Publish image from stopped/frozen service
--publish-snapshot ID Publish image from snapshot
--name NAME Name for published image
--description DESC Description for published image
--delete ID Delete image (must be unlocked)
--clone ID Clone image (creates copy you own)
--spawn ID Create service from image (requires --name)
--lock ID Lock image to prevent deletion
--unlock ID Unlock image to allow deletion
--visibility ID LEVEL Set visibility (private|unlisted|public)
--grant ID --key KEY Grant access to another API key
--revoke ID --key KEY Revoke access from API key
--transfer ID --to KEY Transfer ownership to API key
--trusted ID List API keys with access
Key options:
(no options) Check API key validity
--extend Open portal to extend an expired key
Examples:
./un script.py # execute Python script
./un -e DEBUG=1 script.py # with environment variable
./un -f data.csv process.py # with input file
./un -a -o ./bin main.c # save compiled artifacts
./un -v 4 heavy.py # with 4 vCPUs, 8GB RAM
./un session # interactive bash session
./un session --tmux # bash with reconnect support
./un session --list # list active sessions
./un session --attach unsb-vm-12345 # reconnect to session
./un session --kill unsb-vm-12345 # terminate a session
./un session --freeze unsb-vm-12345 # freeze session
./un session --unfreeze unsb-vm-12345 # unfreeze session
./un session --boost unsb-vm-12345 # boost resources
./un session --unboost unsb-vm-12345 # return to base
./un session --shell python3 # Python REPL
./un session --shell node # Node.js REPL
./un session -n semitrusted # session with network access
./un session --audit -o ./logs # record session for auditing
./un service --name web --ports 80 # create web service
./un service --list # list all services
./un service --logs abc123 # view bootstrap logs
./un key # check API key
./un key --extend # extend expired key
./un snapshot --list # list all snapshots
./un session --snapshot unsb-vm-123 # snapshot a session
./un service --snapshot abc123 # snapshot a service
./un session --restore unsb-snapshot-xxxx # restore from snapshot
./un image --list # list all images
./un image --list owned # list your images
./un image --publish-service abc # publish image from service
./un image --spawn img123 --name x # create service from image
./un image --grant img --key pk # share image with userCLI Inception
The UN CLI has been implemented in 42 programming languages, demonstrating that the unsandbox API can be accessed from virtually any environment.
License
PUBLIC DOMAIN - NO LICENSE, NO WARRANTY
This is free public domain software for the public good of a permacomputer hosted
at permacomputer.com - an always-on computer by the people, for the people. One
that is durable, easy to repair, and distributed like tap water for machine
learning intelligence.
The permacomputer is community-owned infrastructure optimized around four values:
TRUTH - First principles, math & science, open source code freely distributed
FREEDOM - Voluntary partnerships, freedom from tyranny & corporate control
HARMONY - Minimal waste, self-renewing systems with diverse thriving connections
LOVE - Be yourself without hurting others, cooperation through natural law
This software contributes to that vision by enabling code execution across all 42
programming languages through a unified interface, accessible to everyone. Code is
seeds to sprout on any abandoned technology.
Learn more: https://www.permacomputer.com
Anyone is free to copy, modify, publish, use, compile, sell, or distribute this
software, either in source code form or as a compiled binary, for any purpose,
commercial or non-commercial, and by any means.
NO WARRANTY. THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND.
That said, our permacomputer's digital membrane stratum continuously runs unit,
integration, and functional tests on all its own software - with our permacomputer
monitoring itself, repairing itself, with minimal human guidance in the loop.
Our agents do their best.
Copyright 2025 TimeHexOn & foxhop & russell@unturf
https://www.timehexon.com
https://www.foxhop.net
https://www.unturf.com/software