4 dépôts
Runs each agent session inside a hypervisor-level Docker sandbox that isolates filesystem, network, and process access.
Distinct from Execution Sandboxes: Distinct from Execution Sandboxes: adds hypervisor-level isolation and persistent session state, not just ephemeral code execution.
Explore 4 awesome GitHub repositories matching devops & infrastructure · Hypervisor-Level Docker Sandboxes. Refine with filters or upvote what's useful.
OrbStack is a native macOS application that replaces Docker Desktop, providing an all-in-one environment for running Docker containers, full Linux virtual machines, and local Kubernetes clusters. It runs Linux VMs directly on the macOS hypervisor framework for near-native performance, uses VirtioFS for fast bidirectional file sharing between macOS and Linux, and leverages Rosetta for near-native x86 emulation on Apple Silicon. The system assigns predictable local domain names to containers and VMs with automatic HTTPS certificate generation, forwards ports via event-driven updates, and stores
Replaces Docker Desktop with a native macOS app and CLI for managing containers and Linux VMs.
Microsandbox is a runtime for creating and managing lightweight, hardware-isolated virtual machines — called sandboxes — that boot directly from standard OCI container images. Each sandbox runs as its own host process with a separate kernel, filesystem, and network stack, providing process-per-sandbox isolation. The project includes a command-line tool and multi-language SDKs (Rust, TypeScript, Python, Go) for programmatic lifecycle control, and it communicates with sandbox agents over Unix sockets using a CBOR-encoded protocol. What distinguishes Microsandbox is its combination of host-manag
Boots a Docker daemon inside an isolated microVM and opens an interactive shell for running containers.
Claudecodeui is an open-source web interface that orchestrates multiple AI coding agents from different providers—including Claude Code, Cursor CLI, Codex, and Gemini CLI—side by side in isolated cloud environments. It functions as a multi-provider orchestration platform, allowing users to run agents from different tools within the same workspace without being locked into a single vendor. The platform runs each agent session inside a hypervisor-level Docker sandbox that isolates filesystem, network, and process access, with sessions persisting in the cloud to survive network disconnection or
Runs each agent session inside a hypervisor-level Docker sandbox that isolates filesystem, network, and process access.
microsandbox is a platform that runs untrusted code inside hardware-isolated microVMs, each with its own kernel, filesystem, and network stack. It boots directly from standard OCI container images, supports copy-on-write filesystem layers, and integrates with AI agents to execute tool calls and generated code in isolated environments with secret protection. What sets microsandbox apart is its host-side network proxy that enforces firewall rules, intercepts DNS, inspects TLS traffic, and injects secrets at the network boundary without exposing them inside the VM. It provides SSH access to micr
Starts a Docker daemon inside a hardware-isolated VM for running Docker commands.