English · 中文
Status: 🟢 Public preview · Free for personal use · Commercial license available · Built on WebAssembly
Real CPython · Real shells · Real SQLite · 100% client-side · Native AOT x86 → WebAssembly
XIA Sandbox is in public preview. The engine build is available now — download it from Releases, then spin up an interactive Ubuntu console on your LAN in minutes (see Quick start). The full integration docs and SDK surface are available too. The polished drop-in 1.0 SDK package is on the way; ⭐ star / watch to follow the launch.
👀 Start here: Quick start · SDK overview · full integration guide · local demo runner (
xia-serve) · CHANGELOG (0.1.0-preview)
XIA Sandbox runs real Linux programs — genuine CPython, bash, busybox, SQLite — entirely inside a browser tab, on the user's own device.
Open a page and you get a real Ubuntu console: type python3, run a bash script, query SQLite — and it executes locally in pure WebAssembly, with nothing sent to a server. There's no backend to send it to.
It's not a reimplementation, and not a cloud VM you rent. The actual x86 binaries are ahead-of-time translated to WebAssembly, so you get the fidelity of the real toolchain with the reach and safety of the web platform — and results are byte-for-byte identical to real x86.
Drop the SDK into any web app, or serve the demo on your LAN and open it on any phone or laptop: a full compute environment that boots in seconds, runs offline once cached, and keeps every byte on the device.
| 🔒 Private by architecture | Code and data never leave the device. There is no backend to send them to. Perfect for sensitive workloads where "don't upload it" is a hard requirement. |
| ⚡ Native AOT, not an interpreter | x86 is translated to WebAssembly ahead of time — not emulated instruction-by-instruction. Real performance, real binaries. |
| 🐍 The real Python you know | Genuine CPython with the standard library — plus an optional scientific stack (NumPy, pandas, Matplotlib, Pillow). |
| 🧰 Real Linux tooling | Shells and core utilities, SQLite, and a real, persistent filesystem. |
| 🤖 Agent-ready | Give an AI agent a safe, real place to run code — sandboxed on the user's machine, not on your servers. |
| 🌐 Web-native delivery | Content-addressed, cacheable, versioned assets. Loads lazily; works offline once cached. |
| 📱 Desktop & mobile | Designed to degrade gracefully across devices, from laptops to phones. |
- Privacy-first & local-first apps — process documents, data, or secrets that must never touch a server.
- In-browser data science — notebooks and analysis with NumPy / pandas / Matplotlib, no kernel to host.
- Document automation — read and generate Word, Excel, PowerPoint, PDF, all client-side.
- Safe AI agent execution — let agents run real code in a sandbox the user owns.
- Interactive education & docs — runnable examples with a real interpreter, zero install.
- Edge & offline tools — compute that keeps working when the network doesn't.
(High-level — no code, just the idea.)
Your web app
│ drop-in SDK
▼
┌──────────────────────────────────────────────┐
│ XIA Sandbox (runs in a Web Worker) │
│ │
│ real Linux program (ELF) │
│ │ ahead-of-time translation │
│ ▼ │
│ WebAssembly ──► executes on-device │
│ │
│ • multiple runtimes, picked automatically │
│ • persistent filesystem │
│ • content-addressed, cached, versioned assets │
└──────────────────────────────────────────────┘
│
▼
results stay on the device
No servers in that picture — and that's the point.
Run the sandbox from one machine; open it on any device on the same network — phone, tablet, laptop. Each device runs the sandbox entirely in its own browser.
# 1. download the engine build from Releases and unzip it into ./dist
curl -L -o engine.zip \
https://github.com/gary95271/xia-sdk/releases/download/engine-v0.1.0-preview/xia-sandbox-engine-0.1.0-preview.zip
mkdir -p dist && tar -xf engine.zip -C dist # or: unzip engine.zip -d dist
# 2. serve it on your LAN:
node xia-serve/xia-serve.mjs --dist ./dist --port 8088
# 3. open the printed network URL on any device — the Ubuntu console loads right thereThe page that opens is an interactive Ubuntu terminal — type uname -a, ls /, python3 --version, python3 -c 'print(2**100)', real bash. The host control panel at /__control turns on the sandbox's network access and stops the server. Full options, the .env config, and the bring-your-own TLS CA are in xia-serve/README.md.
No Node? The packaging flow ships a double-click
xia-serve.exe(no install). The engine build is provided separately, as a Release asset.
One Web Worker + a tiny message protocol: init → run → result.
const worker = new Worker(new URL('./fullruntime-worker.mjs', import.meta.url), { type: 'module' });
worker.onmessage = (e) => {
if (e.data.type === 'boot')
fetch('./manifest.json').then(r => r.json())
.then(manifest => worker.postMessage({ type: 'init', assetBase: './', manifest }));
};
// run a real program on the user's device:
worker.postMessage({ type: 'run', id: 1, core: 'python3', argv: ['python3', '-c', 'print(2**100)'] });
// <- { type:'result', id:1, exit:0, stdout:'1267650600228229401496703205376\n', ... }Full API (Worker protocol, run contract, init options, network egress, hosting): docs/SDK-INTEGRATION-GUIDE.md.
- Core engine: real binaries running in the browser
- Python + scientific stack
- Document & data tooling
- Agent execution
- Public SDK docs + local demo runner (
xia-serve) — available now - Engine binary — preview available in Releases
- Polished drop-in 1.0 SDK package
- Hosted quickstart / playground
- More languages & toolchains
Detailed timelines land with launch.
- ⭐ Star this repo to follow along
- 🔔 Watch for the launch announcement
- 🌐 Website: coming soon
- ✉️ Contact: BD@xuanji.dev
- Free for personal & non-commercial use. Build, learn, prototype, research — on us.
- Commercial use needs a license. Using it in or for a business? Get in touch for a commercial license.
- The engine is distributed as a compiled binary under a proprietary license (see
EULA). It's a general-purpose execution environment. - The guest programs it can run (shells, language runtimes, utilities) ship under their own open-source licenses (GPL / LGPL / MPL / PSF / public-domain) with corresponding source — see
THIRD-PARTY-NOTICES.
Note: this is source-available / commercial, not an OSI "open source" project — and we don't call it that. You get a generous free tier for personal use; businesses fund the work.
Is anything sent to a server? No. Programs run on the user's device in WebAssembly. There's no backend in the loop.
Are these real programs or reimplementations? Real. The actual binaries are translated and executed — you get genuine behavior, not an approximation.
Does it need installation or a plugin? No. It runs in a standard browser tab.
When can I use it? Now, in public preview — the engine build is downloadable from Releases, and the local demo runner + full docs are available (see Quick start). The polished drop-in 1.0 SDK package is on the way; ⭐ star/watch to follow it.