8 repositorios
Isolated environments for running untrusted or external code snippets securely.
Distinguishing note: Focuses on ephemeral containerized isolation for code execution rather than general infrastructure management.
Explore 8 awesome GitHub repositories matching devops & infrastructure · Execution Sandboxes. Refine with filters or upvote what's useful.
LibreChat is an artificial intelligence orchestration platform that provides a unified interface for interacting with multiple language models. It functions as a centralized workspace where users can switch between different intelligence engines, manage complex conversational workflows, and maintain persistent memory across sessions through a vector-database-backed storage system. The platform distinguishes itself through an extensible agent framework that supports autonomous task execution and the integration of external tools. It features a secure, containerized environment for executing co
Code snippets are processed within isolated, ephemeral containers to ensure secure execution without compromising the host system or local environment.
This project is an AI agent orchestration platform that provides a visual environment for building, testing, and deploying complex automation workflows. It functions as a low-code development interface where users can chain discrete functional blocks into dependency-aware pipelines to integrate artificial intelligence with external data and services. The platform supports the creation of intelligent conversational agents, automated business processes, and multi-service API orchestrations within a unified workspace. The platform distinguishes itself through its event-driven integration engine,
Offers secure infrastructure for running custom code and AI inferences in isolated environments.
Hermes-webui is a self-hosted AI orchestrator and web interface for managing autonomous agents. It serves as a multi-provider gateway that connects cloud and local large language models, providing a central hub to execute scheduled background jobs, run shell commands, and manage agent memory on private hardware. The system distinguishes itself through a persistent memory manager that utilizes knowledge graphs and markdown files for long-term context across sessions. It features a model context protocol host for extending agent capabilities with standardized tools and supports the orchestratio
Executes agent processes within isolated Docker, SSH, or serverless sandboxes for secure code execution.
OrbStack is a native macOS application that replaces Docker Desktop, providing an all-in-one environment for running Docker containers, full Linux virtual machines, and local Kubernetes clusters. It runs Linux VMs directly on the macOS hypervisor framework for near-native performance, uses VirtioFS for fast bidirectional file sharing between macOS and Linux, and leverages Rosetta for near-native x86 emulation on Apple Silicon. The system assigns predictable local domain names to containers and VMs with automatic HTTPS certificate generation, forwards ports via event-driven updates, and stores
Replaces Docker Desktop with a native macOS app and CLI for managing containers and Linux VMs.
Microsandbox is a runtime for creating and managing lightweight, hardware-isolated virtual machines — called sandboxes — that boot directly from standard OCI container images. Each sandbox runs as its own host process with a separate kernel, filesystem, and network stack, providing process-per-sandbox isolation. The project includes a command-line tool and multi-language SDKs (Rust, TypeScript, Python, Go) for programmatic lifecycle control, and it communicates with sandbox agents over Unix sockets using a CBOR-encoded protocol. What distinguishes Microsandbox is its combination of host-manag
Boots a Docker daemon inside an isolated microVM and opens an interactive shell for running containers.
Claudecodeui is an open-source web interface that orchestrates multiple AI coding agents from different providers—including Claude Code, Cursor CLI, Codex, and Gemini CLI—side by side in isolated cloud environments. It functions as a multi-provider orchestration platform, allowing users to run agents from different tools within the same workspace without being locked into a single vendor. The platform runs each agent session inside a hypervisor-level Docker sandbox that isolates filesystem, network, and process access, with sessions persisting in the cloud to survive network disconnection or
Runs each agent session inside a hypervisor-level Docker sandbox that isolates filesystem, network, and process access.
microsandbox is a platform that runs untrusted code inside hardware-isolated microVMs, each with its own kernel, filesystem, and network stack. It boots directly from standard OCI container images, supports copy-on-write filesystem layers, and integrates with AI agents to execute tool calls and generated code in isolated environments with secret protection. What sets microsandbox apart is its host-side network proxy that enforces firewall rules, intercepts DNS, inspects TLS traffic, and injects secrets at the network boundary without exposing them inside the VM. It provides SSH access to micr
Creates temporary sandboxes for single commands and removes them automatically after completion.
rlm is an LLM code execution engine and orchestration framework designed to coordinate multiple language model calls and recursive sub-tasks through a programmable environment. It provides a sandboxed REPL environment and a recursive context processor to handle inputs that exceed standard token limits by programmatically decomposing prompts. The project differentiates itself through a reinforcement learning training harness used to teach models how to utilize recursive calls and code execution. It includes a reasoning visualization system that records and renders execution trajectories to ana
Runs untrusted code in ephemeral cloud virtual machines to secure the host system.