Cinch documentation
Cinch runs untrusted code in secure, disposable sandboxes — one API call, and you get back the result. Your infrastructure is never touched.
Every run executes inside a hardened, gVisor-isolated container with no network access, a read-only filesystem, and strict time and memory limits. Call it from Python or JavaScript/TypeScript.
language on run() to choose — it defaults to Python.Quickstart
Install the SDK, grab an API key from your dashboard, and run code in four lines.
1. Install
pip install pangolin-sdk2. Run code
from pangolin import Sandbox
box = Sandbox(api_key="cinch_live_...")
result = box.run("print(2 + 2)")
print(result.stdout) # "4\n"
print(result.exit_code) # 0
print(result.duration_ms) # 563New accounts come with 10,000 free credits — enough to start experimenting immediately.
Authentication
Cinch authenticates with an API key that looks like cinch_live_…. Generate one in your dashboard — it's shown only once, so store it somewhere safe. If you lose it, just regenerate (the old one is revoked instantly).
from pangolin import Sandbox
# Your key authenticates every request
box = Sandbox(api_key="cinch_live_yourkey")Keep your key server-side. Never ship it in frontend code or commit it to a repo.
Running code
Call run() with a string of Python source. It spins up a fresh sandbox, executes the code, captures output, and tears the sandbox down — all in one call.
result = box.run("""
import math
print(math.sqrt(144))
""")
print(result.stdout) # "12.0\n"Languages
Cinch runs both Python 3 and JavaScript (Node 20). The language option defaults to python; set it to javascript to run JS.
# Python (default)
box.run("print(2 + 2)")
# JavaScript — pass language="javascript"
box.run("console.log(2 + 2)", language="javascript")The same hardening — gVisor isolation, no network, read-only filesystem, time and memory limits — applies to every language.
The result object
Every run returns a result with the captured output and metadata about the execution.
result = box.run("print('hello')")
result.stdout # str — standard output
result.stderr # str — standard error
result.exit_code # int — process exit code (0 = success)
result.timed_out # bool — True if it hit the time limit
result.duration_ms # int — execution time in millisecondsRaw HTTP API
Not using an SDK? Hit the endpoint directly. Send a POST to https://api.cinch.codes/run with your key as a Bearer token.
curl https://api.cinch.codes/run \
-H "Authorization: Bearer cinch_live_yourkey" \
-H "Content-Type: application/json" \
-d '{"code":"print(2 + 2)"}'Response:
{
"stdout": "4\n",
"stderr": "",
"exitCode": 0,
"timedOut": false,
"durationMs": 563
}Errors
Failed requests return a JSON body with an error field and the matching HTTP status.
| Status | Meaning |
|---|---|
| 400 | Bad request — the body must be JSON like { "code": "..." } |
| 401 | Invalid or missing API key |
| 402 | Out of credits — top up in your dashboard |
Limits
Each sandbox runs under strict limits for security and fairness.
| Runtime | Python 3 & JavaScript (Node 20) |
| Time limit | ~10 seconds per run |
| Memory | 256 MB |
| Network | None — sandboxes have no internet access |
| Filesystem | Read-only, with a small writable /tmp |
| Output | Up to 1 MB per run |
| Isolation | gVisor, non-root, all Linux capabilities dropped |
Pricing
Cinch is pay-as-you-go — no subscription, no monthly minimum. You buy credits and spend them only on the compute you actually use.
- •1 credit = 1 millisecond of execution time.
- •Each run deducts credits equal to its
durationMs. A typical run is a few hundred credits. - •New accounts start with 10,000 free credits.
- •Top up any time from your dashboard — pay what you want, starting at $5.
When your balance hits zero, runs are rejected with a 402 until you top up.