30 open-source projects similar to microsandbox/microsandbox, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Microsandbox alternative.
Microsandbox is a runtime for creating and managing lightweight, hardware-isolated virtual machines — called sandboxes — that boot directly from standard OCI container images. Each sandbox runs as its own host process with a separate kernel, filesystem, and network stack, providing process-per-sandbox isolation. The project includes a command-line tool and multi-language SDKs (Rust, TypeScript, Python, Go) for programmatic lifecycle control, and it communicates with sandbox agents over Unix sockets using a CBOR-encoded protocol. What distinguishes Microsandbox is its combination of host-manag
microsandbox is a platform that runs untrusted code inside hardware-isolated microVMs, each with its own kernel, filesystem, and network stack. It boots directly from standard OCI container images, supports copy-on-write filesystem layers, and integrates with AI agents to execute tool calls and generated code in isolated environments with secret protection. What sets microsandbox apart is its host-side network proxy that enforces firewall rules, intercepts DNS, inspects TLS traffic, and injects secrets at the network boundary without exposing them inside the VM. It provides SSH access to micr
This project is an OCI-compatible container runtime that executes workloads within lightweight virtual machines. By leveraging hardware-based virtualization, it provides strong security isolation between containerized processes and the host operating system, serving as a drop-in replacement for traditional container execution environments. The runtime distinguishes itself through a hypervisor-agnostic architecture that abstracts underlying virtualization operations, allowing for consistent container lifecycle management across different backends. It integrates directly with standard container
This project is a Python framework for building autonomous, event-driven agent systems. It provides a unified runtime for orchestrating multi-agent workflows, managing persistent conversation state, and executing code within secure, isolated sandbox environments. The framework is designed to handle complex task delegation, allowing agents to invoke other agents as tools while maintaining context across multi-turn interactions. The framework distinguishes itself through its deep integration with the Model Context Protocol, enabling agents to connect to external data sources and remote services
Tart is an Apple Silicon virtualization manager used to build and run macOS and Linux virtual machines using native hardware virtualization frameworks. It functions as a virtual machine cluster orchestrator and an ephemeral runner for executing continuous integration pipeline steps within isolated, short-lived environments. The system utilizes an OCI-compatible virtual machine registry to push and pull images via standardized container registries. It features a controller-worker architecture that schedules virtual machine lifecycles across remote worker nodes, incorporating a secure SSH jump
ZenML is an extensible machine learning orchestration framework designed to manage the end-to-end lifecycle of data pipelines and AI agent workflows. It functions as a durable orchestrator that executes machine learning tasks as directed acyclic graphs, ensuring that every step is containerized for consistent performance across local, cloud, and hybrid infrastructure. By decoupling pipeline code from underlying compute and storage backends, the platform allows developers to define infrastructure-agnostic stacks that remain portable across diverse environments. The project distinguishes itself
Daytona is a cloud-native development environment platform designed to orchestrate ephemeral, containerized workspaces. It provides a centralized system for managing reproducible coding environments as code, ensuring consistency across distributed teams by abstracting the underlying infrastructure. By utilizing declarative configuration, the platform automates the entire lifecycle of development sandboxes, from initial provisioning to resource governance. The platform distinguishes itself through its infrastructure-agnostic runner layer, which allows development environments to be deployed ac
Hyperlight is an embedded virtual machine manager designed to execute guest binaries within hardware-isolated code sandboxes. It utilizes a KVM micro-VM manager to run untrusted third-party code, enforcing strict memory boundaries to prevent unauthorized host access. The project features a guest-host function bridge that facilitates bidirectional communication and a state snapshot tool for saving and restoring the memory state of a sandbox to reduce startup latency. The system includes a toolchain for guest binary cross-compilation and mechanisms for managing resource constraints, such as fi
E2B is a cloud-based infrastructure platform designed to provide secure, isolated execution environments for code and shell commands. It functions as an ephemeral orchestrator that provisions lightweight virtual machines, allowing developers and autonomous agents to run untrusted processes within a sandbox that is completely separated from the host system. The platform distinguishes itself through its focus on programmable, serverless workspaces that support the full lifecycle of cloud-based development. By utilizing hardware-level isolation and snapshot-based resumption, it enables the near-
Nomad is a distributed workload orchestrator and infrastructure automation platform designed to manage the lifecycle of applications across large-scale, heterogeneous environments. It functions as a multi-cloud orchestration engine, providing a unified control plane to deploy, scale, and govern containers, virtual machines, and legacy applications. By utilizing declarative job specifications, the system ensures infrastructure convergence and maintains the desired state across distributed data centers and geographic regions. The platform distinguishes itself through a flexible, plugin-based ar
OpenFang is an operating system for LLM agents designed to orchestrate autonomous agents with built-in task scheduling, tool sandboxing, and multi-model routing. It provides a secure AI execution environment that integrates prompt injection scanning, cryptographic audit trails, and resource metering to ensure controlled processing. The platform distinguishes itself through a comprehensive security architecture, featuring fuel-metered tool sandboxing and an immutable activity audit trail based on cryptographic hash-chains. It implements high-assurance identity verification via signed manifests
Rivet is a distributed infrastructure for managing the lifecycle, addressing, and persistence of stateful actors and durable execution engines. It provides a distributed process sandbox that executes application logic within lightweight isolates, ensuring resource isolation and fast cold starts. The system is designed to coordinate multi-step operations using persistent queues and timers to guarantee reliable task completion across distributed environments. The platform specifically enables the orchestration of stateful AI agents that maintain persistent memory and state across long-running i
Yao is an LLM agent framework and low-code web app builder designed for orchestrating autonomous AI agents. It provides a platform to design, deploy, and coordinate agents with specialized personas that can plan tasks, utilize external tools, and execute multi-stage pipelines. The project distinguishes itself through a Model Context Protocol server for connecting assistants to external binaries and HTTP services, and a gRPC remote execution engine that allows agents to manage remote servers and devices. It includes a model-agnostic provider bridge that supports dynamic switching between vario
OpenSandbox is a secure sandbox runtime and containerized code execution engine designed to run AI-generated code and scripts in isolated environments. It serves as a workload orchestrator that prevents host system contamination by utilizing kernel-level isolation to execute arbitrary commands and scripts. The project distinguishes itself by providing a model context server that bridges large language models to the sandbox for performing file operations and system commands. It also includes a remote GUI sandbox that supports browser automation and desktop interfaces via remote access protocol
CodeWhale is an AI coding agent orchestrator and development harness designed to coordinate autonomous agents that read, edit, and verify code. It provides a secure environment for AI agents to perform multi-step software engineering tasks, utilizing a sandboxed execution model to isolate shell commands and protect the host system. The system distinguishes itself by spawning multiple independent agents in parallel to handle separate investigation or implementation slices simultaneously. It employs a multi-model gateway to route requests across various cloud APIs and local servers, and utilize
XAgent is an autonomous agent system that decomposes complex goals into sequential subtasks for execution via a planner and actor model. It functions as a collaboration framework that integrates human-in-the-loop workflows, allowing users to provide real-time guidance and missing information during the automation process. The system features a containerized tool sandbox to isolate the execution of shells and browsers, ensuring system safety and consistency. It includes a state-based execution recorder that captures snapshots of agent runs to enable the exact reproduction of specific task sequ
Deno is a high-performance runtime for JavaScript and TypeScript that prioritizes security and developer productivity. Built on the V8 engine, it provides a secure execution environment that enforces a default-deny security model, requiring explicit user authorization for access to system resources like the file system, network, and environment variables. The runtime natively supports modern web-standard APIs, ensuring consistent behavior and portability across different environments. What distinguishes Deno is its integrated approach to the software development lifecycle. It bundles essentia
OrbStack is a native macOS application that replaces Docker Desktop, providing an all-in-one environment for running Docker containers, full Linux virtual machines, and local Kubernetes clusters. It runs Linux VMs directly on the macOS hypervisor framework for near-native performance, uses VirtioFS for fast bidirectional file sharing between macOS and Linux, and leverages Rosetta for near-native x86 emulation on Apple Silicon. The system assigns predictable local domain names to containers and VMs with automatic HTTPS certificate generation, forwards ports via event-driven updates, and stores
Pandas AI is a data analysis library and natural language interface that uses large language models to perform conversational querying on structured datasets. It functions as a retrieval-augmented generation framework designed to translate plain text questions into executable code for extracting insights from dataframes and structured files. The system includes a dedicated sandbox execution environment that runs AI-generated analysis code within an isolated container to prevent security risks and system compromise. It employs a natural language translation layer and contextual retrieval to ma
Lima is a virtualization engine designed to provision and manage lightweight Linux, macOS, and FreeBSD virtual machines. It functions as a comprehensive virtual machine manager that leverages native hypervisors and system emulation to provide isolated environments for container development, cross-architecture testing, and secure sandboxing. The project distinguishes itself through its template-driven provisioning system, which allows users to define and automate environment configurations via local files or remote URL schemes. It integrates deeply with host systems by providing automated file
Firejail is a Linux application sandbox and kernel security wrapper that isolates untrusted applications from the host system. It uses kernel namespaces and seccomp filters to restrict filesystem access, drop kernel capabilities, and limit the system attack surface. The project is distinguished by its use of predefined security profiles to automatically apply filesystem restrictions and syscall limits based on the executable being launched. It provides specialized isolation for portable packages such as AppImages and implements X11 display isolation via proxy servers to prevent keyboard loggi
Buildbot is a Python-based continuous integration framework and distributed build orchestrator. It functions as a build automation engine that coordinates the retrieval of source code, the execution of build steps, and the reporting of results through a central controller and a network of remote worker agents. The system is distinguished by a plugin-based extensibility architecture and a master-worker distribution model. It allows for dynamic build modification at runtime and supports a pluggable database backend for persisting system state and historical build data. The project covers a bro
This project is a community-curated directory of open-source software designed for deployment in private server environments and home labs. It serves as a comprehensive resource for discovering independent, self-hosted alternatives to mainstream cloud services, enabling users to maintain full data ownership and control over their digital infrastructure. The directory is structured through a hierarchical taxonomy that organizes a vast collection of applications into logical categories, ranging from media management and data analytics to private communication and team productivity tools. It dis
Lua is an embeddable scripting language written in ISO C, designed to be integrated into host applications for runtime customization. It provides a C-based scripting engine and a prototype-based object model that utilizes associative arrays and metatables to implement inheritance and complex data structures. The language features a cooperative multitasking system that manages concurrent execution threads via coroutines and an incremental garbage collector for automatic memory management. It includes a safe code sandbox to isolate global state and run untrusted scripts within a protected envir
Giving Claude ability to run code with E2B via MCP (Model Context Protocol)
Isolate is a low-level sandbox designed to execute untrusted programs within a strictly controlled environment. It functions as a process isolation engine that prevents potentially harmful code from interacting with or damaging the host operating system. The tool leverages Linux kernel primitives, including namespaces and control groups, to partition system resources and enforce hardware usage boundaries. By applying filesystem virtualization and system call filtering, it restricts the visibility and interaction of a process with the host, ensuring that untrusted applications operate only wit
Kata Containers is an OCI container runtime that launches containers inside lightweight virtual machines to combine hardware-level isolation with container operational speed. It functions as a hardware-isolated container engine and lightweight VM hypervisor, providing a virtual machine monitor interface that abstracts multiple hypervisors to optimize for performance or specific hardware emulation. The project distinguishes itself through a confidential computing runtime that leverages hardware-backed trusted execution environments, such as Intel TDX and AMD SEV-SNP, to protect data in use. It
OpenShell is a security framework and sandboxed execution runtime for autonomous AI agents. It provides isolated environments using containers and virtual machines to protect host infrastructure and sensitive data from unauthorized access during agent execution. The system distinguishes itself by combining hardware-accelerated passthrough for host GPU access with a security gateway that intercepts model API calls. This gateway manages credentials by stripping caller information and injecting backend secrets, ensuring sensitive API keys remain off the local filesystem. The platform covers bro
HAMi is a hardware orchestration and virtualization system designed to manage accelerators within Kubernetes. It functions as a device plugin that partitions physical hardware into isolated virtual slices, enabling multiple containers to share a single device through enforced memory limits and compute quotas. The project provides a virtualization manager and a heterogeneous compute scheduler that distributes tasks across diverse accelerator types. It uses packing and topology policies to optimize workload placement and allows for specific hardware targeting using unique device identifiers. T