22 repository-uri
Isolated runtime environments that restrict code access to host system resources.
Distinguishing note: Focuses on the security isolation of AI agents rather than general-purpose virtualization.
Explore 22 awesome GitHub repositories matching security & cryptography · Sandboxed Execution Environments. Refine with filters or upvote what's useful.
OpenDevin is an autonomous software engineering agent and orchestrator designed to execute coding tasks and manage development workflows using large language models. It functions as a centralized control center for managing and switching between various local and cloud artificial intelligence backends. The system utilizes a Docker sandbox environment to isolate autonomous agents in containers, protecting the host filesystem during code execution. It includes an automated engineering workflow tool that integrates with version control and chat services to trigger tasks via webhooks or scheduled
Provides a Docker-based sandboxed runtime to securely isolate autonomous agent operations from the host.
Goose is an extensible agentic AI platform designed for autonomous task orchestration and developer-centric assistance. It provides a workflow engine that manages complex, multi-step objectives by delegating tasks to specialized subagents, all while maintaining stateful session continuity. The system is built to integrate directly into terminal and coding environments, allowing for automated file manipulation and context-aware interaction. The platform distinguishes itself through a secure, sandboxed runtime environment that enforces granular permission controls and policy-driven guardrails.
Protects the host system by isolating agent operations and enforcing granular permission controls during task execution.
Awesome Compose is a collection of resources designed to demonstrate the orchestration of multi-container applications. It serves as a practical reference for using declarative configuration files to define, manage, and deploy complex software stacks, ensuring that services run consistently across development, testing, and production environments. The project highlights the capabilities of container lifecycle management by providing examples of how to bundle software with its dependencies into isolated, portable units. It emphasizes the use of multi-stage build pipelines to optimize image siz
Execute untrusted code inside secure virtual machines with dedicated filesystems and network access to protect the host system from malicious or unexpected software behavior.
Appsmith is a low-code platform designed for building internal business tools, such as operational dashboards and administrative panels. It enables developers to construct dynamic user interfaces by dragging and dropping modular widgets onto a canvas and binding them directly to backend data sources. The platform utilizes a reactive framework that automatically updates interface elements and triggers functions whenever underlying data or widget properties change, eliminating the need for manual event handling. The platform distinguishes itself through a server-side proxy architecture that exe
Runs custom application logic within a restricted environment that limits access to global browser objects for security.
AstrBot is an orchestration framework designed for building and managing autonomous agents that integrate multimodal artificial intelligence with secure, isolated execution environments. It serves as a platform for coordinating complex agentic workflows, allowing users to connect diverse language, speech, and vision models while maintaining personalized agent personas and domain-specific knowledge bases. The platform distinguishes itself through a modular plugin architecture and a centralized visual dashboard, which together enable users to extend agent capabilities and manage operational set
Run automated processes within secure sandboxes to safely execute code, manage files, and perform browser automation without risking the stability of the host.
This framework provides a development toolkit for building autonomous agents that utilize language models to solve complex, non-deterministic tasks. Its core design centers on a code-executing architecture where agents generate and run Python code snippets to perform logic, data manipulation, and tool interactions. By moving beyond structured data formats, the system enables agents to manage program flow and object state through iterative reasoning cycles. The project distinguishes itself through its focus on code-based agent implementation and secure execution environments. Developers can ch
Provides an isolated runtime environment to safely execute code generated by language models.
AgentScope is a multi-agent framework and orchestration platform designed for building and coordinating teams of language model agents. It provides a system for managing multiple agents that collaborate to solve complex tasks through structured communication and state sharing. The project distinguishes itself with a focus on production-ready deployment and security, featuring a multi-tenant hosting service that ensures session isolation between different users. It includes a sandboxed tool execution environment and fine-grained permission controls to manage how agents access system resources
Provides a secure system for running agent-triggered code within isolated local or containerized environments.
Bazel is a multi-language build automation engine designed to manage complex dependency graphs and execute compilation tasks for massive codebases. It functions as a hermetic build environment, utilizing sandboxed execution and content-addressable caching to ensure that build artifacts are reproducible and that identical tasks are never re-executed. By modeling dependencies as a directed acyclic graph, the system determines optimal execution order and identifies tasks that can run in parallel. The project distinguishes itself through its support for distributed build execution, allowing resou
Isolates build actions in sandboxed environments to prevent hidden dependencies and ensure reproducibility.
Pandas AI is a data analysis library and natural language interface that uses large language models to perform conversational querying on structured datasets. It functions as a retrieval-augmented generation framework designed to translate plain text questions into executable code for extracting insights from dataframes and structured files. The system includes a dedicated sandbox execution environment that runs AI-generated analysis code within an isolated container to prevent security risks and system compromise. It employs a natural language translation layer and contextual retrieval to ma
Provides an isolated container environment for running AI-generated analysis code to ensure system security.
Suna is an orchestration platform designed for the deployment, management, and governance of autonomous AI agents. It provides a centralized system for defining agent behaviors and tool integrations, enabling the automation of complex business processes through a unified interface. The platform distinguishes itself by applying infrastructure-as-code principles to AI, utilizing version-controlled repositories to manage agent configurations, skills, and guardrails. It ensures secure and predictable operations by spawning ephemeral, isolated virtual machines for every individual task, preventing
Ensures secure execution by spawning isolated, ephemeral virtual machines for every agent task.
GitHub Copilot is an AI-powered development platform designed to integrate large language models directly into coding environments. It functions as an interactive assistant and an agentic workflow orchestrator, enabling developers to automate code generation, perform automated code reviews, and execute complex, multi-step development tasks through natural language prompts. The platform distinguishes itself through its autonomous agent capabilities, which allow for repository-level research, implementation planning, and code modifications across multiple files. It supports a modular architectu
Limits access to local filesystems and system resources by running sessions within sandboxed environments.
OpenFang is an operating system for LLM agents designed to orchestrate autonomous agents with built-in task scheduling, tool sandboxing, and multi-model routing. It provides a secure AI execution environment that integrates prompt injection scanning, cryptographic audit trails, and resource metering to ensure controlled processing. The platform distinguishes itself through a comprehensive security architecture, featuring fuel-metered tool sandboxing and an immutable activity audit trail based on cryptographic hash-chains. It implements high-assurance identity verification via signed manifests
Provides a secure, metered isolated runtime environment for the execution of autonomous AI agents.
Claude Quickstarts is a development framework and collection of reference implementations designed for building autonomous agents. It provides the foundational patterns necessary to orchestrate multi-agent workflows, enabling models to perform complex, multi-step tasks across software engineering, customer support, and computer-use domains. The platform distinguishes itself through specialized capabilities for desktop and browser automation, allowing agents to interact with graphical interfaces by capturing visual context and executing precise mouse and keyboard inputs. It includes robust inf
Restricts agent operations to isolated virtual environments to prevent unauthorized host access.
Gorilla is a foundational infrastructure framework for large language model function calling. It provides a system for training, evaluating, and executing the translation of natural language instructions into accurate API calls and executable code. The project integrates a structured API documentation index, a fine-tuning pipeline for model adaptation, and a secure sandboxed action runtime for executing model-generated commands. The framework distinguishes itself through a specialized evaluation benchmark suite that measures the accuracy, cost, and latency of function calls. It includes tools
Implements a secure, isolated runtime for executing model-generated API calls and CLI commands with validation and undo capabilities.
Magentic-UI is an agentic UI toolkit and framework that enables large language models to interface with real-time browser environments, operating systems, and virtual machines. It provides a sandbox environment where models can execute instructions to manage local files and run shell commands. The project functions as a web interaction orchestrator and browser automation framework, allowing for the execution of end-to-end web workflows and form completions. It coordinates these actions through a system that translates natural language goals into executable sequences. The toolkit covers sever
Executes system commands within an isolated runtime environment to prevent unauthorized access to the host machine.
OpenBrowser is an AI web agent toolkit and automation framework designed to translate natural language instructions into executable browser workflows. It functions as a headless browser controller and orchestrator, enabling the creation of autonomous agents that navigate websites, interact with elements, and extract data using plain English commands. The system features a sandboxed execution environment that utilizes domain whitelists and memory limits to ensure secure web interaction. It distinguishes itself through a command-line interface for triggering autonomous tasks with configurable m
Runs autonomous agents within a restricted environment using memory limits and domain whitelists for safety.
This project is a command line interface and GitHub CLI extension that functions as an AI coding agent and model orchestrator. It enables the writing of code and the management of repositories through natural language prompts using large language models. The tool implements the Agent Client Protocol to act as a standardized agent server for external editors. It features a provider-agnostic routing system that allows switching between different hosted AI models or external compatible endpoints. Capabilities include the automation of Git workflows, such as managing pull requests and issues, an
Restricts AI agent access to the local filesystem and network through isolated execution environments.
This project is a comprehensive framework for the orchestration, evaluation, and context management of large language model agents. It provides a set of architectural patterns and standards for designing agent interactions, integrating external tools, and establishing memory architectures to persist knowledge across sessions. The system focuses on optimizing the limited memory of language models through token-aware context compression and filesystem-based context offloading. It incorporates secure execution environments using sandboxed virtual machines and isolated containers to safely run ba
Deploys secure, sandboxed virtual machine environments to isolate the execution of agent-generated code for multiple clients.
This project is a Python framework for building autonomous AI agents capable of executing independent tasks through goal-oriented instructions. It provides a library of tools for managing system operations and processing multimodal data. The framework features a sandboxed system execution environment that restricts shell commands and file access to protect the host system. It also includes an automated OCR text extraction pipeline for converting printed or handwritten text from images and documents into digital formats. Connectivity is handled through a modular tool integration system and a
Isolates AI agent execution within a secure environment to prevent unauthorized access to host system resources.
OpenShell este un framework de securitate și un runtime de execuție sandbox pentru agenți AI autonomi. Oferă medii izolate folosind containere și mașini virtuale pentru a proteja infrastructura gazdă și datele sensibile de accesul neautorizat în timpul execuției agentului. Sistemul se distinge prin combinarea passthrough-ului accelerat hardware pentru accesul GPU al gazdei cu un gateway de securitate care interceptează apelurile API ale modelului. Acest gateway gestionează credențialele prin eliminarea informațiilor apelantului și injectarea secretelor backend, asigurându-se că cheile API sensibile rămân în afara sistemului de fișiere local. Platforma acoperă domenii largi de capabilități, inclusiv aplicarea declarativă a politicilor pentru restricții de sistem de fișiere și rețea, gestionarea credențialelor agentului și monitorizarea activității în timp real. Suportă furnizarea mediilor prin imagini de container personalizate, directoare locale sau cataloage comunitare.
Provisions isolated runtime environments that restrict AI agent access to host system resources.