# opensandbox-group/opensandbox

**Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/opensandbox-group-opensandbox).**

11,548 stars · 954 forks · Python · Apache-2.0

## Links

- GitHub: https://github.com/opensandbox-group/OpenSandbox
- Homepage: https://open-sandbox.ai
- awesome-repositories: https://awesome-repositories.com/repository/opensandbox-group-opensandbox.md

## Topics

`ai` `ai-agent` `ai-infra` `kubernetes` `sandbox`

## Description

OpenSandbox is a secure execution environment and runtime designed for running untrusted code and scripts generated by AI agents. It utilizes a containerized code execution engine and microVM-based isolation to protect host systems from malicious actions while providing isolated virtual environments.

The project features a sandbox server based on the Model Context Protocol to automate the creation and control of virtual workspaces. It supports the deployment of secure remote desktop hosts, including headless web browsers and editor instances, for automated interaction.

The system includes an isolated workload network gateway for managing egress routing and a vault mechanism for secure credential injection into outbound requests. Additional capabilities cover filesystem operations and a dedicated command-line interface for environment management and diagnostics.

## Tags

### Part of an Awesome List

- [Code Execution Environments](https://awesome-repositories.com/f/awesome-lists/ai/code-execution-environments.md) — Provides secure, isolated runtimes specifically for executing untrusted code and scripts generated by AI agents.

### DevOps & Infrastructure

- [Code Execution Sandboxes](https://awesome-repositories.com/f/devops-infrastructure/execution-environments/code-execution-runtimes/code-execution-sandboxes.md) — Provides secure, isolated environments using container runtimes and microVMs to execute arbitrary AI-generated scripts safely. ([source](https://github.com/opensandbox-group/opensandbox#readme))
- [Containerized Runtimes](https://awesome-repositories.com/f/devops-infrastructure/execution-environments/code-execution-runtimes/containerized-runtimes.md) — Implements a system for deploying isolated workloads using container runtimes or microVMs to protect the host system.
- [Sandbox Lifecycle Management](https://awesome-repositories.com/f/devops-infrastructure/sandbox-lifecycle-management.md) — Provides a unified interface to manage the entire lifecycle of a sandbox from initial creation to final teardown. ([source](https://github.com/opensandbox-group/opensandbox#readme))
- [Virtualization Environments](https://awesome-repositories.com/f/devops-infrastructure/virtualization-environments.md) — Deploys and manages secure containers or microVMs to host remote desktops, web browsers, and editor instances.
- [Container Lifecycle Managers](https://awesome-repositories.com/f/devops-infrastructure/container-lifecycle-managers.md) — Utilizes background services to handle the creation, execution, and monitoring of containerized ephemeral environments.

### Artificial Intelligence & ML

- [Agent Client Protocols](https://awesome-repositories.com/f/artificial-intelligence-ml/agent-communication-protocols/agent-client-protocols.md) — Uses the Model Context Protocol to expose sandbox control functions to external AI agents and clients.
- [AI Execution Sandboxes](https://awesome-repositories.com/f/artificial-intelligence-ml/ai-execution-sandboxes.md) — Provides a secure execution environment specifically designed for running untrusted code and scripts generated by AI agents.
- [MCP Servers](https://awesome-repositories.com/f/artificial-intelligence-ml/mcp-servers.md) — Implements a Model Context Protocol server that exposes sandbox controls to AI clients for automation.
- [Model Context Protocol Implementations](https://awesome-repositories.com/f/artificial-intelligence-ml/model-context-protocol-implementations.md) — Connects AI clients to sandbox environments using the Model Context Protocol standard to automate workspace control.

### Development Tools & Productivity

- [MCP Connectivity](https://awesome-repositories.com/f/development-tools-productivity/sandboxed-execution-environments/sandbox-configuration/mcp-connectivity.md) — Implements the Model Context Protocol to allow AI agents to automate environment creation and command execution. ([source](https://github.com/opensandbox-group/opensandbox#readme))
- [Sandbox Management CLIs](https://awesome-repositories.com/f/development-tools-productivity/sandbox-management-clis.md) — Includes a dedicated terminal command-line interface to create environments, execute commands, and inspect diagnostics. ([source](https://github.com/opensandbox-group/opensandbox#readme))

### Networking & Communication

- [Network Traffic Controllers](https://awesome-repositories.com/f/networking-communication/network-traffic-controllers.md) — Manages outbound network traffic through an isolated gateway to restrict or permit communication with external services. ([source](https://github.com/opensandbox-group/opensandbox#readme))
- [Egress Controllers](https://awesome-repositories.com/f/networking-communication/network-traffic-controllers/egress-controllers.md) — Manages outbound traffic through a routing layer that restricts or permits communication with external network addresses.
- [Workload Network Gateways](https://awesome-repositories.com/f/networking-communication/traffic-management-gateways/workload-network-gateways.md) — Ships a traffic control mechanism for managing egress routing and injecting secure credentials into outbound requests.

### Operating Systems & Systems Programming

- [MicroVM Runtimes](https://awesome-repositories.com/f/operating-systems-systems-programming/virtualization-emulation/microvm-runtimes.md) — Executes untrusted code inside lightweight microVMs to ensure strong security boundaries between the host and workloads.
- [Filesystem Operations](https://awesome-repositories.com/f/operating-systems-systems-programming/filesystem-operations.md) — Enables reading, writing, and moving files within an isolated environment using persistent and shared storage patterns. ([source](https://github.com/opensandbox-group/opensandbox#readme))

### Security & Cryptography

- [Runtime Credential Injection](https://awesome-repositories.com/f/security-cryptography/credential-security/runtime-credential-injection.md) — Inserts sensitive secrets into outgoing requests via a secure proxy to keep credentials hidden from the workload.
- [Secrets and Credential Management](https://awesome-repositories.com/f/security-cryptography/security/cryptography-and-secrets/secrets-credential-management.md) — Injects secrets and manages outbound request authentication to protect credentials from exposure to workloads.

### System Administration & Monitoring

- [Remote Desktop Environments](https://awesome-repositories.com/f/system-administration-monitoring/remote-desktop-environments.md) — Deploys full desktop or browser instances accessible via remote protocols for interactive automation and inspection.