Finde die besten sicheren Code-Sandboxes für KI-Agenten. Vergleiche erstklassige Open-Source-Ausführungsumgebungen nach Sicherheit und Performance, um die richtige Wahl zu treffen.
The sandbox-sdk is a development kit designed for building secure, isolated execution environments on a global edge network. It provides a framework for creating ephemeral, containerized workspaces that allow developers to run untrusted code, manage build tasks, and host automated scripts without compromising host system security. By leveraging a serverless runtime, the platform enables the deployment of these environments directly at the network edge to ensure low-latency performance. The platform distinguishes itself by integrating language models with sandboxed execution, facilitating the
Cloudflare's sandbox-sdk is a development kit for creating secure, isolated execution environments on the edge, with explicit support for AI agent integration, providing containerized runtimes, filesystem and network isolation, monitoring, and process controls that directly match the search for a sandboxed code execution framework for AI agents.
This project provides a secure, containerized execution engine designed to run untrusted code within isolated environments. It functions as a library for integrating code interpretation into autonomous agents and intelligent assistant workflows, ensuring that host systems remain protected while enabling dynamic data processing and file manipulation. The platform distinguishes itself through a multi-backend architecture that abstracts diverse container runtimes, allowing for flexible deployment and automated backend failover. It supports interactive, multi-turn workflows by maintaining persist
vndee/llm-sandbox is a secure, containerized execution engine specifically built for AI agents to run untrusted code with resource limits, multi-language support, timeouts, and monitoring—directly matching your need for a full sandboxed runtime with an integration API.
mini-swe-agent is an autonomous software engineering system designed to develop features and fix bugs by combining large language models with a bash interface. It operates as an agentic framework that executes coding tasks and documentation updates through a continuous cycle of model reasoning and tool execution. The project differentiates itself with a strong focus on safety and evaluation, utilizing container-based sandbox execution via Docker or Singularity to isolate command execution. It includes a batch-parallel evaluation harness to measure code-fixing accuracy against standardized sof
mini-swe-agent is an autonomous coding framework that runs LLM-generated shell commands inside Docker or Singularity containers, providing a sandboxed, monitored, and resource-limited execution environment that directly meets the need for secure code execution by AI agents.
rlm is an LLM code execution engine and orchestration framework designed to coordinate multiple language model calls and recursive sub-tasks through a programmable environment. It provides a sandboxed REPL environment and a recursive context processor to handle inputs that exceed standard token limits by programmatically decomposing prompts. The project differentiates itself through a reinforcement learning training harness used to teach models how to utilize recursive calls and code execution. It includes a reasoning visualization system that records and renders execution trajectories to ana
rlm is an LLM code execution engine with a sandboxed REPL, process isolation, orchestration, and execution trajectory logging, directly providing the secure sandboxed runtime environment AI agents need to run code safely.
This project is a Python framework for building autonomous, event-driven agent systems. It provides a unified runtime for orchestrating multi-agent workflows, managing persistent conversation state, and executing code within secure, isolated sandbox environments. The framework is designed to handle complex task delegation, allowing agents to invoke other agents as tools while maintaining context across multi-turn interactions. The framework distinguishes itself through its deep integration with the Model Context Protocol, enabling agents to connect to external data sources and remote services
OpenAI Agents Python Framework provides exactly what you need: a unified runtime for building autonomous agent systems that includes secure, isolated sandbox environments for code execution, with integrated APIs, logging, and filesystem controls—all designed for AI agent workflows.
Microsandbox is a runtime for creating and managing lightweight, hardware-isolated virtual machines — called sandboxes — that boot directly from standard OCI container images. Each sandbox runs as its own host process with a separate kernel, filesystem, and network stack, providing process-per-sandbox isolation. The project includes a command-line tool and multi-language SDKs (Rust, TypeScript, Python, Go) for programmatic lifecycle control, and it communicates with sandbox agents over Unix sockets using a CBOR-encoded protocol. What distinguishes Microsandbox is its combination of host-manag
Microsandbox provides hardware-isolated virtual machines (sandboxes) with separate kernel, filesystem, and network stacks, plus multi-language SDKs for programmatic lifecycle control — exactly the kind of secure runtime needed for AI agents to execute code safely.
OpenFang is an operating system for LLM agents designed to orchestrate autonomous agents with built-in task scheduling, tool sandboxing, and multi-model routing. It provides a secure AI execution environment that integrates prompt injection scanning, cryptographic audit trails, and resource metering to ensure controlled processing. The platform distinguishes itself through a comprehensive security architecture, featuring fuel-metered tool sandboxing and an immutable activity audit trail based on cryptographic hash-chains. It implements high-assurance identity verification via signed manifests
OpenFang is an operating system for LLM agents that provides a comprehensive secure execution environment with built-in tool sandboxing, resource metering, and cryptographic audit trails, directly matching the requirement for a controlled sandbox to prevent arbitrary code execution.
OpenHands is an autonomous agent framework designed for software engineering workflows. It provides a modular platform for orchestrating AI agents that reason, plan, and execute tasks within isolated, containerized development environments. By integrating with standard version control and development tools, the system enables agents to autonomously navigate codebases, implement features, and resolve issues through iterative reasoning and tool execution. The platform distinguishes itself through a model-agnostic orchestrator that connects diverse language models to a unified tool registry. It
OpenHands is an AI agent framework that runs agents in isolated containerized environments, providing secure sandboxed code execution with resource limitations, network and filesystem isolation, and monitoring — exactly matching your need for a production-grade sandbox for AI agent code execution.
Open Interpreter is an autonomous agent runtime that translates natural language instructions into executable code to interact with local software and operating systems. It functions as an orchestration framework that connects language models to a secure execution environment, enabling the development of agents capable of managing system resources and performing complex tasks. To ensure safety, the system mandates explicit user verification before executing any generated code and provides robust isolation through containerized sandboxing. The project distinguishes itself through its deep inte
Open Interpreter is an autonomous agent runtime that uses containerized sandboxing to safely execute code generated by language models, with explicit user verification, covering the core requirement of secure code execution for AI agents.
E2B is a cloud-based infrastructure platform designed to provide secure, isolated execution environments for code and shell commands. It functions as an ephemeral orchestrator that provisions lightweight virtual machines, allowing developers and autonomous agents to run untrusted processes within a sandbox that is completely separated from the host system. The platform distinguishes itself through its focus on programmable, serverless workspaces that support the full lifecycle of cloud-based development. By utilizing hardware-level isolation and snapshot-based resumption, it enables the near-
E2B provides secure, isolated execution environments for AI agents to run code, with hardware-level isolation, an API/SDK for integration, and support for multiple languages, fitting your need for a sandboxed runtime.
Moltworker is an AI agent sandbox and model orchestrator designed for the secure execution of untrusted code and shell commands generated by large language models. It functions as a gateway proxy that routes requests to multiple AI providers through a unified interface, integrating a container runtime backed by S3-compatible object storage to persist state across ephemeral lifecycles. The system distinguishes itself by combining an AI model orchestrator with a headless browser controller for automated web scraping and screenshot capture. It manages the full lifecycle of AI agents, including m
Moltworker is an AI agent sandbox that securely executes untrusted code and shell commands via a container runtime with full isolation, monitoring, and AI integration, directly addressing the query's core need.
Judge0 is an online code execution engine and multi-language compiler API designed to compile and run source code within isolated sandboxes. It functions as an asynchronous job processor that handles code submissions via a queue and provides a secure environment to run arbitrary programs while preventing unauthorized system access. The system distinguishes itself through a multi-stage compilation pipeline and a flexible execution model that supports both single-file submissions and multi-file program execution via archives. It employs an isolate-based sandboxing mechanism to enforce strict ha
Judge0 is a multi-language code execution engine with isolate-based sandboxing, offering an API that lets AI agents submit code and get results securely, covering sandbox isolation, network and filesystem restrictions, timeouts, and language support.
microsandbox is a platform that runs untrusted code inside hardware-isolated microVMs, each with its own kernel, filesystem, and network stack. It boots directly from standard OCI container images, supports copy-on-write filesystem layers, and integrates with AI agents to execute tool calls and generated code in isolated environments with secret protection. What sets microsandbox apart is its host-side network proxy that enforces firewall rules, intercepts DNS, inspects TLS traffic, and injects secrets at the network boundary without exposing them inside the VM. It provides SSH access to micr
microsandbox runs untrusted AI agent code inside hardware-isolated microVMs with per-VM kernels, filesystems, and network stacks, and integrates via an API/MCP for executing tool calls — exactly the secure, self-hosted sandbox environment you’re looking for, covering isolation, monitoring, and resource limits.
RD-Agent is an autonomous framework designed to orchestrate multi-step software engineering and data science workflows. By leveraging large language models, the system decomposes complex technical requirements into actionable research, planning, and execution phases, ultimately generating and running code to solve specific development tasks. The platform distinguishes itself through a containerized execution sandbox that ensures secure dependency management and system stability for all autonomously generated code. It employs multi-agent orchestration to manage iterative feedback loops, allowi
RD-Agent is a framework for AI agents that includes a containerized execution sandbox to securely run autonomously generated code, directly providing the sandboxed runtime environment, isolation, and resource control this search targets.
This project provides secure, containerized infrastructure designed for autonomous agents, remote code execution, and cloud development. It functions as a sandboxed environment where AI agents and external processes can execute code, run shell commands, and manage files while remaining isolated from the host system. The system distinguishes itself by implementing the Model Context Protocol, allowing it to act as a standardized tool server that exposes browser and filesystem capabilities to compatible clients. It further integrates headless browser automation, enabling programmatic web navigat
This repository provides a containerized sandbox environment built specifically for AI agents to execute code and shell commands in isolation, with MCP protocol integration and multi-language runtime support, exactly matching the need for secure code execution by autonomous agents.
OpenSandbox is a secure sandbox runtime and containerized code execution engine designed to run AI-generated code and scripts in isolated environments. It serves as a workload orchestrator that prevents host system contamination by utilizing kernel-level isolation to execute arbitrary commands and scripts. The project distinguishes itself by providing a model context server that bridges large language models to the sandbox for performing file operations and system commands. It also includes a remote GUI sandbox that supports browser automation and desktop interfaces via remote access protocol
OpenSandbox is a dedicated secure sandbox runtime for running AI-generated code, with kernel-level isolation, model context server for direct AI integration, and support for file operations and system commands—exactly matching the need for safe sandboxed code execution by AI agents.
Fragments is an open-source AI code generation sandbox that produces code automatically based on user prompts and executes it inside isolated cloud environments. The project provides a secure foundation for running AI-generated code by sandboxing execution away from the host system, preventing potential harm while allowing users to see results immediately. The sandbox supports customization through configurable execution environments defined via Dockerfiles, enabling code to run in specific runtimes or frameworks. Users can integrate different language models and model providers by registerin
Fragments is a dedicated open-source sandbox that executes AI-generated code in isolated cloud environments, with configurable runtimes via Dockerfiles and integration with various language models, directly matching the need for a secure sandboxed code execution tool for AI agents.
CubeSandbox is a Kubernetes-based platform for executing AI agents in secure, lightweight environments. It provides a code execution sandbox that uses hardware isolation and dedicated guest kernels to run untrusted code without risking the host system. The project features a network egress firewall that restricts outbound communication via domain allowlists and audit logging. It also includes a container snapshotting manager capable of capturing the runtime memory and disk state of environments to enable instant cloning and recovery. The platform covers cluster orchestration through a web-ba
CubeSandbox is a Kubernetes-based sandbox platform designed to execute AI agents in hardware-isolated environments with network egress filtering, snapshotting, and orchestration—directly matching the need for secure, controlled code execution in AI workflows.
container-use is a containerized AI execution environment and code sandbox designed to provide a secure space for AI coding agents to execute commands and build applications. It functions as a workspace orchestrator that provisions isolated containers mapped to git branches, allowing multiple agents to operate in parallel without state conflicts or affecting the host system. The project serves as a Model Context Protocol server, bridging AI agents to containerized environments for standardized tool access. It enables a workflow for reviewing and merging changes made by agents within these iso
dagger/container-use provides containerized, isolated execution environments for AI coding agents, with an MCP server for integration, execution monitoring, and container-level security controls—directly addressing the need for secure sandboxed code execution in AI agent workflows.
OpenShell is a security framework and sandboxed execution runtime for autonomous AI agents. It provides isolated environments using containers and virtual machines to protect host infrastructure and sensitive data from unauthorized access during agent execution. The system distinguishes itself by combining hardware-accelerated passthrough for host GPU access with a security gateway that intercepts model API calls. This gateway manages credentials by stripping caller information and injecting backend secrets, ensuring sensitive API keys remain off the local filesystem. The platform covers bro
OpenShell is a security framework and sandboxed execution runtime built for autonomous AI agents, providing container/VM isolation, GPU acceleration, monitoring dashboards, and secure credential handling — exactly the kind of tool this search asks for.
Agent Zero is an autonomous AI agent framework designed to execute complex, multi-step workflows by managing its own environment, persistent memory, and external tool interactions. It functions as a Python-based automation library that enables agents to write code, execute terminal commands, and perform system-level tasks independently. The system is built to handle large-scale operations through hierarchical agent delegation, allowing for the coordination of subordinate agents to maintain focus and context. The platform distinguishes itself through a focus on secure, isolated execution and s
Agent Zero is an autonomous AI agent framework with built-in secure, isolated code execution environments, environment isolation, and code execution sandboxes, making it exactly the kind of sandboxed runtime for AI agents this search targets.
Goose is an extensible agentic AI platform designed for autonomous task orchestration and developer-centric assistance. It provides a workflow engine that manages complex, multi-step objectives by delegating tasks to specialized subagents, all while maintaining stateful session continuity. The system is built to integrate directly into terminal and coding environments, allowing for automated file manipulation and context-aware interaction. The platform distinguishes itself through a secure, sandboxed runtime environment that enforces granular permission controls and policy-driven guardrails.
Goose is an AI agent platform that includes a secure, sandboxed runtime environment with policy-driven guardrails and permission controls, directly matching the need for safe code execution by agents, though some specific isolation and monitoring features are not explicitly detailed.
This framework provides a development toolkit for building autonomous agents that utilize language models to solve complex, non-deterministic tasks. Its core design centers on a code-executing architecture where agents generate and run Python code snippets to perform logic, data manipulation, and tool interactions. By moving beyond structured data formats, the system enables agents to manage program flow and object state through iterative reasoning cycles. The project distinguishes itself through its focus on code-based agent implementation and secure execution environments. Developers can ch
huggingface/smolagents is a framework designed for building autonomous agents that generate and run Python code, with a stated focus on secure execution environments, making it directly relevant to sandboxed code execution for AI agents.
Sandbox Agent is a platform designed to manage, secure, and orchestrate autonomous coding assistants. It provides a standardized infrastructure for executing untrusted code and managing agent lifecycles within isolated, containerized environments. By decoupling agent execution from client connections, the platform ensures that session states remain persistent across process restarts and network interruptions. The project distinguishes itself through a capability-based security model that enforces granular permission checks on tool usage, ensuring that autonomous processes operate within defin
This Rust project creates sandboxed runtime environments for AI agents, directly supporting secure code execution with isolation and resource control as required.
Dify-sandbox is a secure runtime environment designed for the execution of untrusted code snippets. It functions as a containerized sandbox that isolates processes from the host operating system, ensuring that arbitrary scripts can be run without granting them unauthorized access to sensitive data or critical system resources. The project distinguishes itself through a multi-layered security approach that combines kernel-level isolation with strict resource management. By utilizing Linux namespaces and container-based process isolation, it partitions system resources to maintain visibility bo
Dify-sandbox is a containerized, multi-layered secure runtime purpose-built for executing untrusted code snippets in AI agent workflows, giving you the isolated, resource-limited sandbox this search is after.
Rikkahub is an AI model aggregator and frontend interface that provides a unified platform for interacting with multiple large language model providers. It serves as a retrieval-augmented generation chat client with a provider-agnostic gateway, allowing users to switch between different models and endpoints. The platform features a character persona manager for importing structured character cards and behavior settings to define specific interaction styles. It includes a sandboxed code execution environment with a portable Linux agent for running technical scripts and commands within the chat
Rikkahub includes a sandboxed code execution environment running a portable Linux agent for technical scripts within its chat interface, which directly matches the requirement for secure AI-agent code execution, though it is part of a broader AI model aggregator rather than a dedicated standalone tool.
Suna is an orchestration platform designed for the deployment, management, and governance of autonomous AI agents. It provides a centralized system for defining agent behaviors and tool integrations, enabling the automation of complex business processes through a unified interface. The platform distinguishes itself by applying infrastructure-as-code principles to AI, utilizing version-controlled repositories to manage agent configurations, skills, and guardrails. It ensures secure and predictable operations by spawning ephemeral, isolated virtual machines for every individual task, preventing
Suna is an orchestration platform that spawns ephemeral, isolated virtual machines for every AI-agent task, giving you a secure sandboxed runtime environment with isolation for networks and filesystems — exactly the kind of sandboxed execution framework this search requires.