awesome-repositories.com
Blog
awesome-repositories.com

Descoperă cele mai bune repository-uri open source cu căutare AI.

ExploreazăCăutări recomandateAlternative open-sourceSoftware self-hostedBlogHartă site
ProiectDespreCum realizăm clasamentulPresăServer MCP
LegalConfidențialitateTermeni
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·
Back to hyperlight-dev/hyperlight

Open-source alternatives to Hyperlight

30 open-source projects similar to hyperlight-dev/hyperlight, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Hyperlight alternative.

  • superradcompany/microsandboxAvatar superradcompany

    superradcompany/microsandbox

    6,570Vezi pe GitHub↗

    Microsandbox is a runtime for creating and managing lightweight, hardware-isolated virtual machines — called sandboxes — that boot directly from standard OCI container images. Each sandbox runs as its own host process with a separate kernel, filesystem, and network stack, providing process-per-sandbox isolation. The project includes a command-line tool and multi-language SDKs (Rust, TypeScript, Python, Go) for programmatic lifecycle control, and it communicates with sandbox agents over Unix sockets using a CBOR-encoded protocol. What distinguishes Microsandbox is its combination of host-manag

    Rust
    Vezi pe GitHub↗6,570
  • microsandbox/microsandboxAvatar microsandbox

    microsandbox/microsandbox

    6,683Vezi pe GitHub↗

    Microsandbox is a microVM sandbox runtime and hardware-isolated code executor designed for running untrusted code. It functions as an embedded virtual machine manager that allows applications to spawn and control lightweight virtual machines directly within code without the need for a background daemon. The system provides a secure execution environment for AI agents by exposing server controls that allow them to execute tools and manage files. It utilizes standard container image formats and volume workflows to initialize guest virtual machines and implements a secret management mechanism th

    Rust
    Vezi pe GitHub↗6,683
  • zerocore-ai/microsandboxAvatar zerocore-ai

    zerocore-ai/microsandbox

    4,802Vezi pe GitHub↗

    microsandbox is a platform that runs untrusted code inside hardware-isolated microVMs, each with its own kernel, filesystem, and network stack. It boots directly from standard OCI container images, supports copy-on-write filesystem layers, and integrates with AI agents to execute tool calls and generated code in isolated environments with secret protection. What sets microsandbox apart is its host-side network proxy that enforces firewall rules, intercepts DNS, inspects TLS traffic, and injects secrets at the network boundary without exposing them inside the VM. It provides SSH access to micr

    Rustagentsaiai-generated
    Vezi pe GitHub↗4,802

Căutare AI

Explorează mai multe repository-uri excelente

Descrie ce ai nevoie în limbaj simplu — AI-ul sortează mii de proiecte open source selectate în funcție de relevanță.

Find more with AI search
  • patriksimek/vm2Avatar patriksimek

    patriksimek/vm2

    4,083Vezi pe GitHub↗

    vm2 is a Node.js JavaScript sandbox and runtime virtualizer designed to execute untrusted code. It functions as a secure code evaluator and module isolator that protects the host process by creating an isolated execution environment with restricted access to the Node.js runtime. The system distinguishes itself through a security framework that utilizes object proxying and deep freezing to prevent sandboxed scripts from modifying the host global context or shared objects. It implements strict module access control using allow-lists and path restrictions to govern which built-in or external dep

    JavaScript
    Vezi pe GitHub↗4,083
  • rkt/rktAvatar rkt

    rkt/rkt

    8,773Vezi pe GitHub↗

    rkt is a pod-native container engine and runtime for Linux that executes containerized applications as isolated pods. It serves as an OCI container runtime and a Linux container manager, supporting the execution of images based on Open Container Initiative, appc, and Docker specifications. The project distinguishes itself by offering hardware-level container isolation, allowing pods to run within virtual machines using KVM or QEMU for a dedicated kernel. It further separates itself through secure container deployment practices, utilizing SELinux mandatory access control and TPM-backed integri

    Gocontainersgooci
    Vezi pe GitHub↗8,773
  • rhaiscript/rhaiAvatar rhaiscript

    rhaiscript/rhai

    5,453Vezi pe GitHub↗

    Rhai is an embedded scripting engine and dynamically typed language designed for integration into Rust applications. It functions as an abstract syntax tree compiler and native interop layer, allowing developers to map Rust types and functions into a scripting environment for bidirectional communication. The project serves as a framework for creating customizable domain-specific languages. It allows for the definition of custom operators, syntax, and restricted execution environments, enabling the creation of specialized languages with tailored functional sets. The engine covers a broad rang

    Rustembeddedembedded-scripting-languageno-std
    Vezi pe GitHub↗5,453
  • laverdet/isolated-vmAvatar laverdet

    laverdet/isolated-vm

    2,861Vezi pe GitHub↗

    Isolated-vm is a library for creating secure, memory-isolated JavaScript execution environments within Node.js. It functions as a manager for the underlying engine, allowing developers to instantiate multiple independent execution contexts that share no memory or global state. This architecture is designed to support the execution of untrusted third-party code while preventing interference with the main application process. The project distinguishes itself by enforcing strict resource constraints, including memory limits and CPU execution timeouts, to ensure host system stability. It provides

    C++
    Vezi pe GitHub↗2,861
  • tencentcloud/cubesandboxAvatar TencentCloud

    TencentCloud/CubeSandbox

    6,519Vezi pe GitHub↗

    CubeSandbox is a Kubernetes-based platform for executing AI agents in secure, lightweight environments. It provides a code execution sandbox that uses hardware isolation and dedicated guest kernels to run untrusted code without risking the host system. The project features a network egress firewall that restricts outbound communication via domain allowlists and audit logging. It also includes a container snapshotting manager capable of capturing the runtime memory and disk state of environments to enable instant cloning and recovery. The platform covers cluster orchestration through a web-ba

    Rust
    Vezi pe GitHub↗6,519
  • atmosphere/atmosphereAvatar Atmosphere

    Atmosphere/atmosphere

    3,780Vezi pe GitHub↗

    Atmosphere is a Java-based framework for building and coordinating AI agents. It provides a real-time transport layer for streaming data via WebSockets, SSE, gRPC, and WebTransport, alongside a multi-agent orchestration framework for managing agent fleets through sequential, parallel, and graph-based execution workflows. The project features a durable workflow engine that persists agent state as snapshots, allowing long-running tasks to survive system restarts and incorporate human-in-the-loop approvals. It also implements Model Context Protocol servers to expose tools, resources, and prompt

    Javaacpagentic-aiembabel
    Vezi pe GitHub↗3,780
  • vndee/llm-sandboxAvatar vndee

    vndee/llm-sandbox

    1,082Vezi pe GitHub↗

    This project provides a secure, containerized execution engine designed to run untrusted code within isolated environments. It functions as a library for integrating code interpretation into autonomous agents and intelligent assistant workflows, ensuring that host systems remain protected while enabling dynamic data processing and file manipulation. The platform distinguishes itself through a multi-backend architecture that abstracts diverse container runtimes, allowing for flexible deployment and automated backend failover. It supports interactive, multi-turn workflows by maintaining persist

    Pythoncode-generationcode-interpreterlarge-language-models
    Vezi pe GitHub↗1,082
  • kata-containers/kata-containersAvatar kata-containers

    kata-containers/kata-containers

    8,106Vezi pe GitHub↗

    Kata Containers is an OCI container runtime that launches containers inside lightweight virtual machines to combine hardware-level isolation with container operational speed. It functions as a hardware-isolated container engine and lightweight VM hypervisor, providing a virtual machine monitor interface that abstracts multiple hypervisors to optimize for performance or specific hardware emulation. The project distinguishes itself through a confidential computing runtime that leverages hardware-backed trusted execution environments, such as Intel TDX and AMD SEV-SNP, to protect data in use. It

    Rustacrncontainerscri
    Vezi pe GitHub↗8,106
  • netblue30/firejailAvatar netblue30

    netblue30/firejail

    7,069Vezi pe GitHub↗

    Firejail is a Linux application sandbox and kernel security wrapper that isolates untrusted applications from the host system. It uses kernel namespaces and seccomp filters to restrict filesystem access, drop kernel capabilities, and limit the system attack surface. The project is distinguished by its use of predefined security profiles to automatically apply filesystem restrictions and syscall limits based on the executable being launched. It provides specialized isolation for portable packages such as AppImages and implements X11 display isolation via proxy servers to prevent keyboard loggi

    C
    Vezi pe GitHub↗7,069
  • kata-containers/runtimeAvatar kata-containers

    kata-containers/runtime

    2,089Vezi pe GitHub↗

    This project is an OCI-compatible container runtime that executes workloads within lightweight virtual machines. By leveraging hardware-based virtualization, it provides strong security isolation between containerized processes and the host operating system, serving as a drop-in replacement for traditional container execution environments. The runtime distinguishes itself through a hypervisor-agnostic architecture that abstracts underlying virtualization operations, allowing for consistent container lifecycle management across different backends. It integrates directly with standard container

    Gocontainercontainerscri-o
    Vezi pe GitHub↗2,089
  • containers/bubblewrapAvatar containers

    containers/bubblewrap

    5,839Vezi pe GitHub↗

    Bubblewrap is a Linux sandbox runner that creates lightweight, isolated execution environments for running untrusted applications. It combines Linux user, mount, network, PID, and UTS namespaces with seccomp-BPF system call filtering to restrict filesystem, network, process, and inter-process communication access. The project provides comprehensive process isolation by giving each sandbox its own private tmpfs root with selective bind-mounts, a separate network stack containing only a loopback interface, an independent process ID space, and remapped user and group identifiers. It applies secc

    Clinux-containersuser-namespaces
    Vezi pe GitHub↗5,839
  • cloud-hypervisor/cloud-hypervisorAvatar cloud-hypervisor

    cloud-hypervisor/cloud-hypervisor

    5,285Vezi pe GitHub↗

    Cloud Hypervisor is a Rust-based hypervisor and KVM virtual machine monitor designed to execute 64-bit guest operating systems. It functions as a user-space virtual machine manager that employs a minimal emulation layer to reduce memory overhead and latency for cloud workloads. The project distinguishes itself through the use of a memory-safe language to implement a virtio device emulator and a user-space device model. It provides a standardized web API for managing virtual machine lifecycles and resource configurations. The platform covers broad virtualization capabilities, including the em

    Rustcloud-workloadskvmrust-vmm
    Vezi pe GitHub↗5,285
  • project-hami/hamiAvatar Project-HAMi

    Project-HAMi/HAMi

    3,028Vezi pe GitHub↗

    HAMi is a hardware orchestration and virtualization system designed to manage accelerators within Kubernetes. It functions as a device plugin that partitions physical hardware into isolated virtual slices, enabling multiple containers to share a single device through enforced memory limits and compute quotas. The project provides a virtualization manager and a heterogeneous compute scheduler that distributes tasks across diverse accelerator types. It uses packing and topology policies to optimize workload placement and allows for specific hardware targeting using unique device identifiers. T

    Goascendcambriconcncf
    Vezi pe GitHub↗3,028
  • e2b-dev/code-interpreterAvatar e2b-dev

    e2b-dev/code-interpreter

    2,348Vezi pe GitHub↗

    This project is an infrastructure platform designed to provide secure, isolated, and ephemeral cloud-based Linux environments for AI agents and automated code execution. It functions as an orchestrator that provisions on-demand virtual machines, allowing developers to run arbitrary code generated by large language models within hardware-level security boundaries. The platform distinguishes itself through its ability to manage stateful, long-lived sessions that persist across multiple execution calls, enabling complex, multi-step workflows. It supports high-concurrency scaling, allowing for th

    Pythonaiai-data-analysisanthropic
    Vezi pe GitHub↗2,348
  • chrisknott/eelAvatar ChrisKnott

    ChrisKnott/Eel

    6,748Vezi pe GitHub↗

    Eel is a framework for creating desktop applications using a Python backend and a web-based frontend. It acts as a bidirectional bridge between Python and JavaScript, allowing developers to build graphical user interfaces with HTML and JavaScript that communicate with local system logic. The project facilitates two-way communication by enabling the exposure of Python functions to the browser and allowing the backend to trigger JavaScript functions. It uses a local server to render web interfaces as standalone desktop windows and provides tools to bundle the Python code and web assets into a s

    Python
    Vezi pe GitHub↗6,748
  • marcobambini/gravityAvatar marcobambini

    marcobambini/gravity

    4,537Vezi pe GitHub↗

    Gravity is an embeddable, bytecode-compiled programming language designed to provide programmable logic within host applications. It is a garbage-collected language that utilizes a mark-and-sweep system to automate memory management and prevent leaks. The language is characterized by a concurrent fiber-based execution model, allowing multiple non-blocking tasks to run simultaneously. It also functions as a JSON-native language, featuring built-in serialization tools to convert complex data structures to and from JSON format. The project includes a virtual machine and a compiler that transfor

    Cbridgebytecodec
    Vezi pe GitHub↗4,537
  • micropython/micropythonAvatar micropython

    micropython/micropython

    21,806Vezi pe GitHub↗

    MicroPython is a lean implementation of Python 3 optimized to run on microcontrollers and other resource-constrained systems. It serves as a cross-platform embedded runtime and hardware abstraction layer, providing a firmware framework that maps high-level software commands to specific microcontroller registers across diverse processor architectures. The project functions as an embedded language interpreter that enables rapid prototyping on hardware through an interactive read-eval-print loop. It supports a wide range of target environments, including ARM, ESP32, STM32, RISC-V, and WebAssembl

    Cembeddedmicrocontrollermicropython
    Vezi pe GitHub↗21,806
  • luchina-gabriel/osx-proxmoxAvatar luchina-gabriel

    luchina-gabriel/OSX-PROXMOX

    6,461Vezi pe GitHub↗
    Shellapplehackintoshmacos
    Vezi pe GitHub↗6,461
  • dop251/gojaAvatar dop251

    dop251/goja

    6,914Vezi pe GitHub↗

    Goja is a JavaScript engine and ECMAScript compliant interpreter implemented entirely in Go. It serves as an embedded scripting engine that allows Go applications to execute JavaScript code and integrate a programmable scripting layer without relying on Cgo or external native dependencies. The project functions as a bridge between Go and JavaScript, enabling bidirectional data exchange and function invocation. It allows Go hosts to expose native structs, slices, and maps as JavaScript objects and arrays, while providing mechanisms to export script values and functions back into native Go type

    Go
    Vezi pe GitHub↗6,914
  • bytecodealliance/wasm-micro-runtimeAvatar bytecodealliance

    bytecodealliance/wasm-micro-runtime

    5,990Vezi pe GitHub↗
    Caotassembly-scriptembedded
    Vezi pe GitHub↗5,990
  • mobxjs/mobx-state-treeAvatar mobxjs

    mobxjs/mobx-state-tree

    7,050Vezi pe GitHub↗

    MobX State Tree is a structured, tree-based state management library for JavaScript applications that combines typed model definitions with reactive snapshots and patch-based change tracking. It provides a reactive state container with runtime and compile-time type safety, where application state is defined as a tree of typed models with collocated actions, computed views, and lifecycle hooks for predictable state mutations. The library is built around an action-centric mutation model that encapsulates all state changes within named functions that directly modify the tree, supported by genera

    TypeScripthacktoberfestmobxmobx-state-tree
    Vezi pe GitHub↗7,050
  • bytecodealliance/wasmtimeAvatar bytecodealliance

    bytecodealliance/wasmtime

    18,241Vezi pe GitHub↗

    Wasmtime is a WebAssembly runtime and sandboxed bytecode executor designed to run WebAssembly bytecode on a host system. It functions as an embeddable engine that integrates into applications through native APIs and language-specific bindings, as well as a standalone execution environment accessible via a command line interface. It is a WASI compatible runtime, implementing the WebAssembly System Interface to provide portable access to system resources. The engine utilizes a JIT compilation model to translate intermediate representation into optimized machine code for various CPU architecture

    Rustaotcraneliftjit
    Vezi pe GitHub↗18,241
  • denoland/rusty_v8Avatar denoland

    denoland/rusty_v8

    3,866Vezi pe GitHub↗

    rusty_v8 is a Rust wrapper for the V8 JavaScript engine that allows for the embedding of a JavaScript runtime into native applications. It provides core components for managing engine bindings, memory allocation, sandboxed isolates, and the execution of WebAssembly modules. The project features a native host function bridge to map Rust functions to JavaScript objects and a dedicated memory allocator to manage thread-safe allocation and heap pressure. It includes a system for compiling and executing binary WebAssembly modules within the hosted native environment. The runtime covers capabiliti

    Rustrustv8
    Vezi pe GitHub↗3,866
  • d5/tengoAvatar d5

    d5/tengo

    3,821Vezi pe GitHub↗

    Tengo is a dynamic, embeddable scripting language for Go applications that allows for the execution of custom scripts without requiring the host binary to be recompiled. It operates as a bytecode-compiled virtual machine, transforming source code into a compact intermediate representation for execution on a stack-based engine. The system is designed as a secure scripting sandbox, enforcing strict limits on memory allocation and execution time to safely run untrusted code. It supports concurrent script execution by cloning compiled bytecode and using recursive immutability conversion to share

    Go
    Vezi pe GitHub↗3,821
  • lxc/incusAvatar lxc

    lxc/incus

    4,893Vezi pe GitHub↗

    Incus is a unified orchestration platform for managing system containers, OCI application containers, and virtual machines through a single control plane. It brings together cluster infrastructure management, secure multi-tenancy, software-defined networking, and pluggable storage backend orchestration into one cohesive system exposed via a full REST API and command-line interface. What distinguishes Incus is its ability to run multiple instance types side by side—full Linux system containers, OCI application containers, and QEMU virtual machines—all managed with consistent tooling. Networkin

    Gocloudcontainershacktoberfest
    Vezi pe GitHub↗4,893
  • extism/extismAvatar extism

    extism/extism

    5,657Vezi pe GitHub↗

    Extism is a cross-language WebAssembly plugin framework that lets applications written in any programming language load and execute plugins written in any other language. It provides a universal plugin system where host applications use idiomatic SDKs to load WebAssembly modules, call exported functions, and pass data back and forth, while plugin authors use development kits that handle memory management and host interaction so they can focus on business logic. The framework distinguishes itself through its comprehensive approach to cross-language integration, offering schema-driven binding g

    Rustbrowserccpp
    Vezi pe GitHub↗5,657
  • budtmo/docker-androidAvatar budtmo

    budtmo/docker-android

    15,322Vezi pe GitHub↗

    Docker-Android runs a full Android emulator inside a Docker container, enabling mobile app testing and automation without requiring a physical device. The emulator uses QEMU-based virtualization with optional KVM acceleration for hardware-backed performance, and supports nested virtualization on cloud VMs from providers like AWS, GCP, and Azure for environments without direct hardware acceleration. The container exposes the Android Debug Bridge over TCP/IP, allowing host-side tools to connect to the emulator as if it were a local device. It provides browser-based interaction with the emulator

    Pythonalibabacloudandroidandroid-emulator
    Vezi pe GitHub↗15,322