A small helper for service-first Vercel Sandbox network policies

Showcase
1

I published sandbox-policy-builder, a small helper library for @vercel/sandbox.

It is for the case where you are building a coding agent or AI app in Vercel Sandbox and want to express outbound auth rules in terms of services like OpenAI, Claude, GitHub, or AI Gateway, rather than managing raw domain rules directly.

Example:

import { Sandbox } from "@vercel/sandbox";
import { allow } from "sandbox-policy-builder";

const sandbox = await Sandbox.create({
  networkPolicy: allow({
    codex: { apiKey: process.env.OPENAI_API_KEY! },
    openai: { apiKey: process.env.OPENAI_API_KEY! },
    gemini: { apiKey: process.env.GEMINI_API_KEY! },
    claude: { apiKey: process.env.ANTHROPIC_API_KEY! },
    github: { apiKey: process.env.GITHUB_TOKEN! },
    aiGateway: { apiKey: process.env.AI_GATEWAY_TOKEN! },
  }),
});

The library expands those names into the domain-level NetworkPolicy shape required by Vercel Sandbox.

Supported services today:

  • codex
  • openai
  • gemini
  • claude
  • github
  • aiGateway

Repo: GitHub - giselles-ai/sandbox-policy-builder · GitHub

3 Likes
2

Why is the API key required? Does it only allow requests made using that API key?