I got tired of running Docker manually. So I built a sandbox for AI-generated code.

Arun Raghunath — Thu, 04 Jun 2026 09:18:31 +0000

I've been on sabbatical for a few months. Writing code. Building projects.

And running Docker manually. Again. And again.

docker run. Check what's up. docker stop. Forget one. Find it next week eating RAM. Repeat.

At some point I asked: why is this still manual? Why can't containers just spin up, run, and die when they're done?

Then I threw AI into the mix.

Now I'm not just running my code. I'm running code a model wrote. Code I haven't audited line by line. Code that might have os.system(f'rm -rf {user_input}') because the model had a bad day.

That's a different problem.

The question nobody wants to answer

Cursor, Claude Code, Windsurf, Copilot. They all generate Python, Node, Go.

None of them answer: where does that code actually run?

Best case: you paste it into your terminal and hope.

Worst case: you're piping untrusted eval() with access to your .env file, your AWS creds, and your customer database.

In a startup that's risky.

In fintech that's an FCA fine and a conversation with Legal you do not want to have.

I spent 18 years in banking. I watched teams ban AI coding tools outright because nobody could answer: "Where does the generated code run, and what can it touch?"

So I decided to build the answer.

What ships today: Petri

Jhansi.io starts with Petri, the execution engine. It's live right now.

What it does:

Spins up an isolated Docker container per request
Runs Python, Node, or Go code
Returns stdout/stderr
Tears down the container. Zero state left behind.

The API:

POST /v1/sandboxes → Create sandbox, get sb_
POST /v1/sandboxes/{id}/exec → Run code, get output
DELETE /v1/sandboxes/{id} → Destroy it. Gone.

No Docker CLI. No Compose files. No "wait, is sad_fermat still running from Tuesday?"

Petri answers "where does code run". That's it. It does not touch secrets. It does not produce compliance audit logs.

Why existing tools don't cut it

E2B, Modal, Daytona are great tools. I use them. But they're SaaS only.

	E2B / Modal / Daytona	Jhansi.io with Petri
Hosting	Public cloud only	Self-hosted or managed SaaS
Data residency	Your code runs on their infra	Runs in your VPC
Execution model	Stateful VMs in many cases	Ephemeral container per run
Who can use it	Startups	Startups, banks, anyone with a regulator

If you're a bank, you cannot send customer PII to a third party to execute. You need to self-host. You need control.

Petri gives you that. But execution is only 30% of the problem.

The roadmap: What I'm building next

Petri solves "where does it run". It doesn't solve "what can it touch" or "prove it to compliance".

That's why I'm building TenantVault and the Audit Layer.

TenantVault: Secrets injection where your AI agent can use a database password to run a query, but it can't read the password, print it, or exfiltrate it.

Audit Layer: Full execution traces. What ran, what files it touched, what network calls it made. Stream it to your SIEM.

I'm building those because 18 years in banking taught me you can't deploy AI codegen without them. "It ran in Docker" isn't enough when the FCA asks questions.

Full roadmap with ETAs: jhansi.io/roadmap

No vaporware. If it's not on the roadmap with a target date, we're not building it yet.

Where things stand

Petri is running. Python, Node, Go support. REST API. Sub-second cold starts.

Next up is the SDK so you can do this: