Firecracker microVMs · 6-stage security pipeline

Declaw Secure Sandbox

Firecracker-based secure sandboxes with a built-in 6-stage security pipeline. Every agent workload runs in an isolated microVM. PII redaction, prompt injection defense, code security, toxicity scanning, invisible text detection, network controls, and audit logging — all on by default.

Join the Waitlist Read the docs

Architecture

Architecture overview

Every sandbox is a hardware-isolated Firecracker microVM. The security proxy runs as a transparent sidecar inside the VM — your workload never touches the internet directly.

Agent

your code

›

SDK

declaw-py

›

API Server

REST

›

Orchestrator

scheduler

›

Firecracker VM

microVM

›

Security Proxy

6-stage

›

Internet

filtered

Host layer

API Server

REST interface for sandbox lifecycle: create, kill, status, file I/O, audit log retrieval.

Orchestrator

Schedules Firecracker VMs, manages CPU/memory limits, enforces timeouts, and handles teardown.

Per-sandbox · Firecracker VM

envd (PID 1)

Init process — manages the workload lifecycle, stdio relay, and heartbeat back to the orchestrator.

Security Proxy

Transparent HTTP/HTTPS proxy bound to the VM's loopback. Receives all outbound traffic via iptables NAT before it leaves the VM.

User workload

Your agent binary, Python script, or container — isolated from the host and every other sandbox.

The Security Proxy

A transparent HTTP/HTTPS proxy runs inside every VM. All outbound traffic is redirected through it via iptables NAT — the workload makes ordinary network calls with no awareness of the proxy.

iptables NAT intercept. All TCP/443 and TCP/80 traffic inside the VM is redirected to the proxy before it reaches the VM's network interface.

Per-sandbox CA. A unique certificate authority is minted for each VM. The CA cert is injected into the system trust store at boot so TLS interception is seamless.

Transparent by design. Your agent doesn't need code changes. The proxy is invisible at the application layer — it only appears in the audit log.

Key guarantee

Your agent doesn't need code changes — the proxy is transparent. Drop Declaw into any existing agent workflow.

6-stage pipeline

Network Policy

L3/L4 iptables rules — IP/CIDR allow/deny evaluated first.

Domain Filter

L7 SNI + Host header inspection, wildcard patterns.

TLS Interception

Per-sandbox CA issues certificates; request + response body decrypted.

Guardrails

PII redaction, prompt injection, code security, toxicity, invisible text — redact, block, or log.

Transformation Engine

Regex match/replace rules applied to request or response body.

Audit Logger

Full metadata + event record stored; configurable retention.

Deployment

Deployment options

Run on Declaw's managed cloud or bring your own infrastructure. All options use identical SDK and security primitives.

Declaw Secure Sandbox

Free tier — no credit card

Fully managed, zero ops

Sandbox ready in < 5 min

Instant API key

Join the Waitlist

Enterprise / Self-hosted

Deploy in your own VPC

Terraform modules for GCP & AWS

Dedicated support & SLAs

Custom security policies

Get started in two commands

Free cloud sandboxes, no credit card. Get your first secure sandbox running in under two minutes.

terminal
$ pip install declaw
$ export DECLAW_API_KEY=your-key

Join the Waitlist Read the docs