MustardScript
Local JavaScript sandbox for AI agents to call tools
AI writes the guest code
Everything inside the template literal is sandboxed guest code — that's the only part the AI generates. A small, constrained subset of JavaScript that calls your tools by name.
Runs in-process
MustardScript executes the guest code inside your Node.js process. No remote sandbox, no network round-trip, no cold start. Just fast, safe execution.
// Host setup — you write this in Node.jsconst program = new Mustard(` const account = load_account(accountId); const policy = lookup_plan_policy(account.plan, seats); const quote = create_quote({ accountId: account.id, targetPlan: policy.targetPlan, seats, monthlyDelta: policy.monthlyDelta, }); ({ quoteId: quote.quoteId, approvalMode: policy.requiresApproval ? "manual" : "automatic", });`); const result = await program.run({ inputs: { accountId: "acct_91", seats: 25 }, capabilities: { load_account, lookup_plan_policy, create_quote, },});MustardScript
Local JavaScript sandbox for AI agents to call tools
// Host setup — you write this in Node.jsconst program = new Mustard(` const account = load_account(accountId); const policy = lookup_plan_policy(account.plan, seats); const quote = create_quote({ accountId: account.id, targetPlan: policy.targetPlan, seats, monthlyDelta: policy.monthlyDelta, }); ({ quoteId: quote.quoteId, approvalMode: policy.requiresApproval ? "manual" : "automatic", });`); const result = await program.run({ inputs: { accountId: "acct_91", seats: 25 }, capabilities: { load_account, lookup_plan_policy, create_quote, },});AI writes the guest code
Everything inside the template literal is sandboxed guest code — that's the only part the AI generates. A small, constrained subset of JavaScript that calls your tools by name.
// Host setup — you write this in Node.jsconst program = new Mustard(` const account = load_account(accountId); const policy = lookup_plan_policy(account.plan, seats); const quote = create_quote({ accountId: account.id, targetPlan: policy.targetPlan, seats, monthlyDelta: policy.monthlyDelta, }); ({ quoteId: quote.quoteId, approvalMode: policy.requiresApproval ? "manual" : "automatic", });`); const result = await program.run({ inputs: { accountId: "acct_91", seats: 25 }, capabilities: { load_account, lookup_plan_policy, create_quote, },});Runs in-process
MustardScript executes the guest code inside your Node.js process. No remote sandbox, no network round-trip, no cold start. Just fast, safe execution.
// Sandboxed guest code — the part AI writesconst account = load_account(accountId);const policy = lookup_plan_policy(account.plan, seats);const quote = create_quote({ accountId: account.id, targetPlan: policy.targetPlan, seats, monthlyDelta: policy.monthlyDelta,}); ({ quoteId: quote.quoteId, approvalMode: policy.requiresApproval ? "manual" : "automatic",});Representative 4-tool orchestration workflow · in-process · no network
Representative 4-tool orchestration workflow derived from the audited programmatic tool-call gallery. · Apple M4 · v24.12.0 · Median 0.13ms · p95 0.16ms
Live Playground
Taste the MustardScript
AI knows MustardScript because it's just JavaScript but safer.
Compare host capability orchestration for a simple pricing workflow.
Run the scenario to see output.
Run the scenario to see output.
Get started in minutes
From a two-line eval to production job queues. Pick your use case.
Two lines to run sandboxed JavaScript.
import { Mustard } from 'mustardscript';
const program = new Mustard('const x = 2 + 2; x;');
const result = await program.run();
console.log(result); // 4