AI-Generated Code Execution Sandboxes

This project provides secure, containerized infrastructure designed for autonomous agents, remote code execution, and cloud development. It functions as a sandboxed environment where AI agents and external processes can execute code, run shell commands, and manage files while remaining isolated from the host system. The system distinguishes itself by implementing the Model Context Protocol, allowing it to act as a standardized tool server that exposes browser and filesystem capabilities to compatible clients. It further integrates headless browser automation, enabling programmatic web navigat

microsandbox is a platform that runs untrusted code inside hardware-isolated microVMs, each with its own kernel, filesystem, and network stack. It boots directly from standard OCI container images, supports copy-on-write filesystem layers, and integrates with AI agents to execute tool calls and generated code in isolated environments with secret protection. What sets microsandbox apart is its host-side network proxy that enforces firewall rules, intercepts DNS, inspects TLS traffic, and injects secrets at the network boundary without exposing them inside the VM. It provides SSH access to micr

OpenSandbox is a secure execution environment and runtime designed for running untrusted code and scripts generated by AI agents. It utilizes a containerized code execution engine and microVM-based isolation to protect host systems from malicious actions while providing isolated virtual environments. The project features a sandbox server based on the Model Context Protocol to automate the creation and control of virtual workspaces. It supports the deployment of secure remote desktop hosts, including headless web browsers and editor instances, for automated interaction. The system includes an

container-use is a containerized AI execution environment and code sandbox designed to provide a secure space for AI coding agents to execute commands and build applications. It functions as a workspace orchestrator that provisions isolated containers mapped to git branches, allowing multiple agents to operate in parallel without state conflicts or affecting the host system. The project serves as a Model Context Protocol server, bridging AI agents to containerized environments for standardized tool access. It enables a workflow for reviewing and merging changes made by agents within these iso

Wasmtime is a WebAssembly runtime and sandboxed bytecode executor designed to run WebAssembly bytecode on a host system. It functions as an embeddable engine that integrates into applications through native APIs and language-specific bindings, as well as a standalone execution environment accessible via a command line interface. It is a WASI compatible runtime, implementing the WebAssembly System Interface to provide portable access to system resources. The engine utilizes a JIT compilation model to translate intermediate representation into optimized machine code for various CPU architecture

rlm is an LLM code execution engine and orchestration framework designed to coordinate multiple language model calls and recursive sub-tasks through a programmable environment. It provides a sandboxed REPL environment and a recursive context processor to handle inputs that exceed standard token limits by programmatically decomposing prompts. The project differentiates itself through a reinforcement learning training harness used to teach models how to utilize recursive calls and code execution. It includes a reasoning visualization system that records and renders execution trajectories to ana

This project is a secure container runtime that provides strong isolation for application workloads by implementing a userspace kernel. By intercepting system calls and executing them within a memory-safe, restricted environment, it minimizes the attack surface exposed to the host kernel. It functions as a drop-in engine for standard container orchestration platforms, ensuring compatibility with industry-standard runtime specifications while maintaining a hardened execution boundary. The runtime distinguishes itself through its ability to virtualize core system resources, including an indepen

Deno is a high-performance runtime for JavaScript and TypeScript that prioritizes security and developer productivity. Built on the V8 engine, it provides a secure execution environment that enforces a default-deny security model, requiring explicit user authorization for access to system resources like the file system, network, and environment variables. The runtime natively supports modern web-standard APIs, ensuring consistent behavior and portability across different environments. What distinguishes Deno is its integrated approach to the software development lifecycle. It bundles essentia

E2B is a cloud-based infrastructure platform designed to provide secure, isolated execution environments for code and shell commands. It functions as an ephemeral orchestrator that provisions lightweight virtual machines, allowing developers and autonomous agents to run untrusted processes within a sandbox that is completely separated from the host system. The platform distinguishes itself through its focus on programmable, serverless workspaces that support the full lifecycle of cloud-based development. By utilizing hardware-level isolation and snapshot-based resumption, it enables the near-

Fragments is an open-source AI code generation sandbox that produces code automatically based on user prompts and executes it inside isolated cloud environments. The project provides a secure foundation for running AI-generated code by sandboxing execution away from the host system, preventing potential harm while allowing users to see results immediately. The sandbox supports customization through configurable execution environments defined via Dockerfiles, enabling code to run in specific runtimes or frameworks. Users can integrate different language models and model providers by registerin

Firecracker is a virtual machine monitor that leverages hardware-assisted virtualization to create and manage isolated execution environments. It functions as a lightweight runtime designed to launch virtual machines with minimal memory overhead and near-instantaneous startup times, providing the security of traditional hardware virtualization with the efficiency of containerized workloads. The project distinguishes itself through a security-focused architecture that enforces strict process boundaries using system-level barriers and restricted user privileges. It minimizes the attack surface

This project provides a containerized network bridge that isolates corporate VPN software from the host operating system. It utilizes a Docker container to encapsulate the VPN client, preventing software conflicts and installation clutter on the host machine. The system includes a web-accessible graphical user interface for remote login and session management, allowing users to interact with VPN authentication prompts from any device. To enable application-level access, it implements a SOCKS5 and HTTP proxy gateway that routes host machine network traffic through the containerized connection.

Moltworker is an AI agent sandbox and model orchestrator designed for the secure execution of untrusted code and shell commands generated by large language models. It functions as a gateway proxy that routes requests to multiple AI providers through a unified interface, integrating a container runtime backed by S3-compatible object storage to persist state across ephemeral lifecycles. The system distinguishes itself by combining an AI model orchestrator with a headless browser controller for automated web scraping and screenshot capture. It manages the full lifecycle of AI agents, including m

AssemblyScript is a compiler and tooling suite used for WebAssembly module development. It converts a subset of TypeScript syntax into binary modules to achieve high execution speeds and cross-platform binary execution. The project focuses on translating typed source code into the compact binary format required by WebAssembly runtimes. This allows for the movement of computationally heavy logic into binary modules for browser performance optimization and execution across different operating systems. The compilation process involves TypeScript-compatible syntax analysis and the generation of

Bocker is a minimal container management tool written in Bash that implements core container functionality using Linux namespaces and control groups. It serves as a Linux container manager capable of starting and managing isolated processes and images through low-level kernel features. The project includes an OCI image tool for pulling, saving, and building container images compatible with industry standards. It further integrates a cgroup resource controller to restrict CPU and memory consumption for isolated processes. The tool covers the full container lifecycle, including process isolati

DeepSeek-TUI is an AI coding agent orchestrator and framework designed to automate complex programming tasks. It functions as a harness for coordinating AI models that can read source code, edit files, and execute shell commands through automated agent workflows. The system is distinguished by its multi-agent coordination capabilities, which allow for the spawning of parallel sub-agents to handle concurrent investigations or implementation slices. It employs autonomous goal-seeking loops to pursue objectives across multiple turns and utilizes a tool integration gateway to connect models to ex

Open Interpreter is an autonomous agent runtime that translates natural language instructions into executable code to interact with local software and operating systems. It functions as an orchestration framework that connects language models to a secure execution environment, enabling the development of agents capable of managing system resources and performing complex tasks. To ensure safety, the system mandates explicit user verification before executing any generated code and provides robust isolation through containerized sandboxing. The project distinguishes itself through its deep inte

CodeWhale is an AI coding agent orchestrator and development harness designed to coordinate autonomous agents that read, edit, and verify code. It provides a secure environment for AI agents to perform multi-step software engineering tasks, utilizing a sandboxed execution model to isolate shell commands and protect the host system. The system distinguishes itself by spawning multiple independent agents in parallel to handle separate investigation or implementation slices simultaneously. It employs a multi-model gateway to route requests across various cloud APIs and local servers, and utilize

Lima is a virtualization engine designed to provision and manage lightweight Linux, macOS, and FreeBSD virtual machines. It functions as a comprehensive virtual machine manager that leverages native hypervisors and system emulation to provide isolated environments for container development, cross-architecture testing, and secure sandboxing. The project distinguishes itself through its template-driven provisioning system, which allows users to define and automate environment configurations via local files or remote URL schemes. It integrates deeply with host systems by providing automated file

Suna is an orchestration platform designed for the deployment, management, and governance of autonomous AI agents. It provides a centralized system for defining agent behaviors and tool integrations, enabling the automation of complex business processes through a unified interface. The platform distinguishes itself by applying infrastructure-as-code principles to AI, utilizing version-controlled repositories to manage agent configurations, skills, and guardrails. It ensures secure and predictable operations by spawning ephemeral, isolated virtual machines for every individual task, preventing

NemoClaw is an LLM agent orchestrator and sandboxed execution environment designed to deploy and manage the lifecycles of large language model agents. It provides a secure runtime that isolates persistent agents from the underlying host system to ensure operational security. The system includes a secure LLM inference gateway that acts as a managed routing layer, securing communication between AI agents and inference engines to prevent unauthorized access. It also integrates with NVIDIA OpenShell to run specialized agents within a secure shell environment. Operational control is provided thro