41 مستودعات
Isolated runtimes designed to execute scripts safely within protected boundaries.
Distinguishing note: Focuses on the security and isolation of the execution environment rather than general script runners.
Explore 41 awesome GitHub repositories matching security & cryptography · Secure Execution Environments. Refine with filters or upvote what's useful.
This project is a structured educational resource and technical guide for designing and implementing autonomous systems using large language models. It provides a comprehensive curriculum and code samples focused on agentic design patterns, autonomous development, and the creation of systems capable of planning and executing multi-step tasks. The resource details the implementation of agentic retrieval-augmented generation, where models autonomously plan and refine data searches. It covers a wide array of orchestrators and design patterns, including metacognitive reflection for self-correctin
Utilizes sandbox environments and runtime state objects to isolate task execution and prevent context clutter.
Puter is a browser-based desktop environment and cloud-native development platform that provides a virtualized graphical workspace. It enables developers to build and deploy full-stack web applications by integrating cloud storage, authentication, and serverless backend logic directly into the browser, eliminating the need for traditional server infrastructure. The platform distinguishes itself through a unified cloud storage layer and a distributed network runtime that facilitates peer-to-peer communication and cross-origin resource fetching. It features a sophisticated cross-window orchestr
Executes high-performance scripts within a protected and isolated environment to build scalable applications.
Nanoclaw is an LLM agent orchestrator and multi-platform chat gateway designed to deploy and manage isolated AI agents. It provides a containerized runtime that executes agents within sandboxed Linux containers, ensuring filesystem and state isolation through dedicated workspaces and host bind-mounts. The project distinguishes itself through a unified routing pipeline that connects agents to diverse messaging platforms, including WhatsApp, Discord, Slack, Telegram, Signal, and iMessage. It integrates the Model Context Protocol to extend agent capabilities via managed external data and functio
Runs agents in isolated runtimes specifically configured for their lifecycle and resource needs.
OpenClaude is an LLM orchestration interface and multi-provider AI gateway that connects various AI providers and local models to an integrated tool suite. It functions as an agentic tool execution environment and a system for AI-powered code editor integration, enabling in-editor chat and automated coding tasks. The project provides a gRPC AI agent service that exposes model capabilities and file editing tools to external applications as a headless service. It also includes a configuration layer for managing provider credentials and routing specific agents to different model APIs. The syste
Provides a runtime environment specifically configured for executing model-driven shell and file system operations.
This project is a Python framework for building autonomous, event-driven agent systems. It provides a unified runtime for orchestrating multi-agent workflows, managing persistent conversation state, and executing code within secure, isolated sandbox environments. The framework is designed to handle complex task delegation, allowing agents to invoke other agents as tools while maintaining context across multi-turn interactions. The framework distinguishes itself through its deep integration with the Model Context Protocol, enabling agents to connect to external data sources and remote services
Provides secure, isolated workspaces for executing agent tasks and managing file operations.
AgentScope is a multi-agent framework and orchestration platform designed for building and coordinating teams of language model agents. It provides a system for managing multiple agents that collaborate to solve complex tasks through structured communication and state sharing. The project distinguishes itself with a focus on production-ready deployment and security, featuring a multi-tenant hosting service that ensures session isolation between different users. It includes a sandboxed tool execution environment and fine-grained permission controls to manage how agents access system resources
Provides isolated runtimes for running agent-driven code with fine-grained control over system resource permissions.
This project is a Docker educational resource and a collection of practical examples designed for learning containerization technologies. It serves as a guide for understanding container fundamentals, including the creation and management of custom images and the use of registries. The repository provides specialized references for container security hardening, such as managing kernel privileges and implementing supply chain security. It also includes tutorials for multi-container orchestration and a DevOps guide focused on CI/CD automation and image optimization. The material covers a broad
Configures isolated runtimes and execution policy engines to secure autonomous agent tasks.
Forem is an open-source platform designed for building and managing technical communities. It functions as a social publishing engine that enables members to share long-form content, participate in threaded discussions, and engage through social interactions. The platform provides tools for organizations to maintain branded profiles, host community hackathons, and facilitate collaborative learning through structured educational tracks. Beyond its social features, Forem integrates advanced capabilities for AI agent workflow orchestration and codebase knowledge graphing. It allows developers to
Protects system integrity by running agent-generated code within isolated, secure execution environments.
Distroless provides a collection of security-hardened, minimal base container images designed to reduce attack surfaces by excluding non-essential system utilities, package managers, and shells. These images are constructed to contain only an application and its specific runtime dependencies, enforcing the principle of least privilege by configuring environments for non-root execution. The project distinguishes itself through a focus on supply chain integrity and reproducible builds. It utilizes declarative build configurations to track package versions and validates container image integrity
Deploys production applications within hardened, non-root execution environments that exclude unnecessary system tools.
NemoClaw is an LLM agent orchestrator and sandboxed execution environment designed to deploy and manage the lifecycles of large language model agents. It provides a secure runtime that isolates persistent agents from the underlying host system to ensure operational security. The system includes a secure LLM inference gateway that acts as a managed routing layer, securing communication between AI agents and inference engines to prevent unauthorized access. It also integrates with NVIDIA OpenShell to run specialized agents within a secure shell environment. Operational control is provided thro
Maintains long-running agent states within secure containers to support continuous operation without context loss.
Agent Zero is an autonomous AI agent framework designed to execute complex, multi-step workflows by managing its own environment, persistent memory, and external tool interactions. It functions as a Python-based automation library that enables agents to write code, execute terminal commands, and perform system-level tasks independently. The system is built to handle large-scale operations through hierarchical agent delegation, allowing for the coordination of subordinate agents to maintain focus and context. The platform distinguishes itself through a focus on secure, isolated execution and s
Executes autonomous scripts and system-level commands within a sandboxed environment to ensure secure and isolated operations.
OpenFang is an operating system for LLM agents designed to orchestrate autonomous agents with built-in task scheduling, tool sandboxing, and multi-model routing. It provides a secure AI execution environment that integrates prompt injection scanning, cryptographic audit trails, and resource metering to ensure controlled processing. The platform distinguishes itself through a comprehensive security architecture, featuring fuel-metered tool sandboxing and an immutable activity audit trail based on cryptographic hash-chains. It implements high-assurance identity verification via signed manifests
Implements an isolated runtime for agents featuring prompt injection scanning and resource metering.
Claude Quickstarts is a development framework and collection of reference implementations designed for building autonomous agents. It provides the foundational patterns necessary to orchestrate multi-agent workflows, enabling models to perform complex, multi-step tasks across software engineering, customer support, and computer-use domains. The platform distinguishes itself through specialized capabilities for desktop and browser automation, allowing agents to interact with graphical interfaces by capturing visual context and executing precise mouse and keyboard inputs. It includes robust inf
Packages agents into containerized templates to ensure secure and consistent execution environments.
DeepCode is an agentic development framework designed to orchestrate autonomous AI agents for software engineering tasks. It functions as a multi-agent workflow orchestrator that translates natural language requirements into functional codebases by coordinating specialized agents for architectural planning, intent analysis, and implementation. The platform integrates multiple language models to power these automated routines, providing a unified environment for complex development projects. The system distinguishes itself through its ability to transform academic research papers into executab
Provides configuration settings for operational environments, model selection, and response constraints for autonomous coding agents.
CrowdSec is a collaborative, distributed security engine designed for threat detection and infrastructure protection. It functions as an intrusion detection system that parses logs and network traffic to identify malicious patterns, utilizing a bucket-based threshold detection model to aggregate events and trigger alerts. The platform is built on a modular architecture that includes a centralized local API server for managing security signals and a relational database for persistent storage of remediation decisions. What distinguishes the project is its decoupled enforcement model, which offl
Runs automated logic before, during, or after request evaluation to dynamically adjust security rules and remediation actions.
Ironclaw is an LLM orchestration framework and AI agent gateway designed to connect large language models with external tools, messaging interfaces, and persistent memory systems. It functions as a communication layer that routes interactions between users and AI models via HTTP webhooks and various messaging channels. The system focuses on secure tool execution through a WebAssembly sandbox and isolated containers, which allows the framework to run untrusted code and dynamically generate new tools from natural language descriptions. Security middleware provides prompt injection defense and s
Runs untrusted code in isolated, resource-constrained environments to expand AI capabilities without compromising the host.
OpenSandbox is a secure sandbox runtime and containerized code execution engine designed to run AI-generated code and scripts in isolated environments. It serves as a workload orchestrator that prevents host system contamination by utilizing kernel-level isolation to execute arbitrary commands and scripts. The project distinguishes itself by providing a model context server that bridges large language models to the sandbox for performing file operations and system commands. It also includes a remote GUI sandbox that supports browser automation and desktop interfaces via remote access protocol
Provides isolated runtimes designed to execute AI-generated scripts safely within protected boundaries to prevent host system contamination.
E2B is a cloud-based infrastructure platform designed to provide secure, isolated execution environments for code and shell commands. It functions as an ephemeral orchestrator that provisions lightweight virtual machines, allowing developers and autonomous agents to run untrusted processes within a sandbox that is completely separated from the host system. The platform distinguishes itself through its focus on programmable, serverless workspaces that support the full lifecycle of cloud-based development. By utilizing hardware-level isolation and snapshot-based resumption, it enables the near-
Provides programmable workspaces for autonomous agents to run untrusted code securely.
WasmEdge is an extensible WebAssembly runtime that executes WebAssembly bytecode in a secure sandbox for cloud, edge, and embedded applications. It functions as a multi-language compiler, compiling applications written in Rust, JavaScript, Go, and Python into WebAssembly bytecode for sandboxed execution, and as a server-side JavaScript runtime that runs JavaScript programs with ES6 modules, NPM packages, and Node.js-compatible APIs. The runtime also serves as an AI inference runtime, executing AI models from JavaScript using WASI-NN plug-ins for inference tasks on personal devices and edge har
Applies security measures to ensure safe execution of any WebAssembly module, protecting the host system.
The Android NDK samples provide a comprehensive collection of code examples demonstrating how to integrate C and C++ native code into Android applications. This repository serves as a practical guide for developers utilizing the Android Native Development Kit to implement performance-critical application components that require direct hardware access and low-level system interaction. The project highlights the use of the Java Native Interface to bridge managed code with native modules, enabling cross-language function calls and efficient data exchange. It demonstrates how to manage native act
Defends against memory-based attack vectors using hardware-level protection features on supported processors.