microsandbox is a platform that runs untrusted code inside hardware-isolated microVMs, each with its own kernel, filesystem, and network stack. It boots directly from standard OCI container images, supports copy-on-write filesystem layers, and integrates with AI agents to execute tool calls and generated code in isolated environments with secret protection.
What sets microsandbox apart is its host-side network proxy that enforces firewall rules, intercepts DNS, inspects TLS traffic, and injects secrets at the network boundary without exposing them inside the VM. It provides SSH access to microVMs without requiring an SSH daemon inside the guest, and can capture, export, and boot from filesystem snapshots for state preservation and replication. The platform also surfaces typed error objects across SDKs for precise failure matching.
Beyond core isolation, microsandbox includes full sandbox lifecycle management — creation, graceful shutdown, force termination, replacement, and state deletion — along with configurable storage attachments, interactive terminal sessions, command execution with streaming output, and metric export via OpenTelemetry to backends like Datadog and Prometheus.
The engine deploys as a Docker container from multi-arch images and is configured through a JSON settings file.
