30 open-source projects similar to hyperlight-dev/hyperlight, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Hyperlight alternative.
Microsandbox is a runtime for creating and managing lightweight, hardware-isolated virtual machines — called sandboxes — that boot directly from standard OCI container images. Each sandbox runs as its own host process with a separate kernel, filesystem, and network stack, providing process-per-sandbox isolation. The project includes a command-line tool and multi-language SDKs (Rust, TypeScript, Python, Go) for programmatic lifecycle control, and it communicates with sandbox agents over Unix sockets using a CBOR-encoded protocol. What distinguishes Microsandbox is its combination of host-manag
Microsandbox is a microVM sandbox runtime and hardware-isolated code executor designed for running untrusted code. It functions as an embedded virtual machine manager that allows applications to spawn and control lightweight virtual machines directly within code without the need for a background daemon. The system provides a secure execution environment for AI agents by exposing server controls that allow them to execute tools and manage files. It utilizes standard container image formats and volume workflows to initialize guest virtual machines and implements a secret management mechanism th
microsandbox is a platform that runs untrusted code inside hardware-isolated microVMs, each with its own kernel, filesystem, and network stack. It boots directly from standard OCI container images, supports copy-on-write filesystem layers, and integrates with AI agents to execute tool calls and generated code in isolated environments with secret protection. What sets microsandbox apart is its host-side network proxy that enforces firewall rules, intercepts DNS, inspects TLS traffic, and injects secrets at the network boundary without exposing them inside the VM. It provides SSH access to micr
vm2 is a Node.js JavaScript sandbox and runtime virtualizer designed to execute untrusted code. It functions as a secure code evaluator and module isolator that protects the host process by creating an isolated execution environment with restricted access to the Node.js runtime. The system distinguishes itself through a security framework that utilizes object proxying and deep freezing to prevent sandboxed scripts from modifying the host global context or shared objects. It implements strict module access control using allow-lists and path restrictions to govern which built-in or external dep
rkt is a pod-native container engine and runtime for Linux that executes containerized applications as isolated pods. It serves as an OCI container runtime and a Linux container manager, supporting the execution of images based on Open Container Initiative, appc, and Docker specifications. The project distinguishes itself by offering hardware-level container isolation, allowing pods to run within virtual machines using KVM or QEMU for a dedicated kernel. It further separates itself through secure container deployment practices, utilizing SELinux mandatory access control and TPM-backed integri
Rhai is an embedded scripting engine and dynamically typed language designed for integration into Rust applications. It functions as an abstract syntax tree compiler and native interop layer, allowing developers to map Rust types and functions into a scripting environment for bidirectional communication. The project serves as a framework for creating customizable domain-specific languages. It allows for the definition of custom operators, syntax, and restricted execution environments, enabling the creation of specialized languages with tailored functional sets. The engine covers a broad rang
Isolated-vm is a library for creating secure, memory-isolated JavaScript execution environments within Node.js. It functions as a manager for the underlying engine, allowing developers to instantiate multiple independent execution contexts that share no memory or global state. This architecture is designed to support the execution of untrusted third-party code while preventing interference with the main application process. The project distinguishes itself by enforcing strict resource constraints, including memory limits and CPU execution timeouts, to ensure host system stability. It provides
CubeSandbox is a Kubernetes-based platform for executing AI agents in secure, lightweight environments. It provides a code execution sandbox that uses hardware isolation and dedicated guest kernels to run untrusted code without risking the host system. The project features a network egress firewall that restricts outbound communication via domain allowlists and audit logging. It also includes a container snapshotting manager capable of capturing the runtime memory and disk state of environments to enable instant cloning and recovery. The platform covers cluster orchestration through a web-ba
Atmosphere is a Java-based framework for building and coordinating AI agents. It provides a real-time transport layer for streaming data via WebSockets, SSE, gRPC, and WebTransport, alongside a multi-agent orchestration framework for managing agent fleets through sequential, parallel, and graph-based execution workflows. The project features a durable workflow engine that persists agent state as snapshots, allowing long-running tasks to survive system restarts and incorporate human-in-the-loop approvals. It also implements Model Context Protocol servers to expose tools, resources, and prompt
This project provides a secure, containerized execution engine designed to run untrusted code within isolated environments. It functions as a library for integrating code interpretation into autonomous agents and intelligent assistant workflows, ensuring that host systems remain protected while enabling dynamic data processing and file manipulation. The platform distinguishes itself through a multi-backend architecture that abstracts diverse container runtimes, allowing for flexible deployment and automated backend failover. It supports interactive, multi-turn workflows by maintaining persist
Kata Containers is an OCI container runtime that launches containers inside lightweight virtual machines to combine hardware-level isolation with container operational speed. It functions as a hardware-isolated container engine and lightweight VM hypervisor, providing a virtual machine monitor interface that abstracts multiple hypervisors to optimize for performance or specific hardware emulation. The project distinguishes itself through a confidential computing runtime that leverages hardware-backed trusted execution environments, such as Intel TDX and AMD SEV-SNP, to protect data in use. It
Firejail is a Linux application sandbox and kernel security wrapper that isolates untrusted applications from the host system. It uses kernel namespaces and seccomp filters to restrict filesystem access, drop kernel capabilities, and limit the system attack surface. The project is distinguished by its use of predefined security profiles to automatically apply filesystem restrictions and syscall limits based on the executable being launched. It provides specialized isolation for portable packages such as AppImages and implements X11 display isolation via proxy servers to prevent keyboard loggi
This project is an OCI-compatible container runtime that executes workloads within lightweight virtual machines. By leveraging hardware-based virtualization, it provides strong security isolation between containerized processes and the host operating system, serving as a drop-in replacement for traditional container execution environments. The runtime distinguishes itself through a hypervisor-agnostic architecture that abstracts underlying virtualization operations, allowing for consistent container lifecycle management across different backends. It integrates directly with standard container
Bubblewrap is a Linux sandbox runner that creates lightweight, isolated execution environments for running untrusted applications. It combines Linux user, mount, network, PID, and UTS namespaces with seccomp-BPF system call filtering to restrict filesystem, network, process, and inter-process communication access. The project provides comprehensive process isolation by giving each sandbox its own private tmpfs root with selective bind-mounts, a separate network stack containing only a loopback interface, an independent process ID space, and remapped user and group identifiers. It applies secc
Cloud Hypervisor is a Rust-based hypervisor and KVM virtual machine monitor designed to execute 64-bit guest operating systems. It functions as a user-space virtual machine manager that employs a minimal emulation layer to reduce memory overhead and latency for cloud workloads. The project distinguishes itself through the use of a memory-safe language to implement a virtio device emulator and a user-space device model. It provides a standardized web API for managing virtual machine lifecycles and resource configurations. The platform covers broad virtualization capabilities, including the em
HAMi is a hardware orchestration and virtualization system designed to manage accelerators within Kubernetes. It functions as a device plugin that partitions physical hardware into isolated virtual slices, enabling multiple containers to share a single device through enforced memory limits and compute quotas. The project provides a virtualization manager and a heterogeneous compute scheduler that distributes tasks across diverse accelerator types. It uses packing and topology policies to optimize workload placement and allows for specific hardware targeting using unique device identifiers. T
This project is an infrastructure platform designed to provide secure, isolated, and ephemeral cloud-based Linux environments for AI agents and automated code execution. It functions as an orchestrator that provisions on-demand virtual machines, allowing developers to run arbitrary code generated by large language models within hardware-level security boundaries. The platform distinguishes itself through its ability to manage stateful, long-lived sessions that persist across multiple execution calls, enabling complex, multi-step workflows. It supports high-concurrency scaling, allowing for th
Eel is a framework for creating desktop applications using a Python backend and a web-based frontend. It acts as a bidirectional bridge between Python and JavaScript, allowing developers to build graphical user interfaces with HTML and JavaScript that communicate with local system logic. The project facilitates two-way communication by enabling the exposure of Python functions to the browser and allowing the backend to trigger JavaScript functions. It uses a local server to render web interfaces as standalone desktop windows and provides tools to bundle the Python code and web assets into a s
Gravity is an embeddable, bytecode-compiled programming language designed to provide programmable logic within host applications. It is a garbage-collected language that utilizes a mark-and-sweep system to automate memory management and prevent leaks. The language is characterized by a concurrent fiber-based execution model, allowing multiple non-blocking tasks to run simultaneously. It also functions as a JSON-native language, featuring built-in serialization tools to convert complex data structures to and from JSON format. The project includes a virtual machine and a compiler that transfor
MicroPython is a lean implementation of Python 3 optimized to run on microcontrollers and other resource-constrained systems. It serves as a cross-platform embedded runtime and hardware abstraction layer, providing a firmware framework that maps high-level software commands to specific microcontroller registers across diverse processor architectures. The project functions as an embedded language interpreter that enables rapid prototyping on hardware through an interactive read-eval-print loop. It supports a wide range of target environments, including ARM, ESP32, STM32, RISC-V, and WebAssembl
Goja is a JavaScript engine and ECMAScript compliant interpreter implemented entirely in Go. It serves as an embedded scripting engine that allows Go applications to execute JavaScript code and integrate a programmable scripting layer without relying on Cgo or external native dependencies. The project functions as a bridge between Go and JavaScript, enabling bidirectional data exchange and function invocation. It allows Go hosts to expose native structs, slices, and maps as JavaScript objects and arrays, while providing mechanisms to export script values and functions back into native Go type
MobX State Tree is a structured, tree-based state management library for JavaScript applications that combines typed model definitions with reactive snapshots and patch-based change tracking. It provides a reactive state container with runtime and compile-time type safety, where application state is defined as a tree of typed models with collocated actions, computed views, and lifecycle hooks for predictable state mutations. The library is built around an action-centric mutation model that encapsulates all state changes within named functions that directly modify the tree, supported by genera
Wasmtime is a WebAssembly runtime and sandboxed bytecode executor designed to run WebAssembly bytecode on a host system. It functions as an embeddable engine that integrates into applications through native APIs and language-specific bindings, as well as a standalone execution environment accessible via a command line interface. It is a WASI compatible runtime, implementing the WebAssembly System Interface to provide portable access to system resources. The engine utilizes a JIT compilation model to translate intermediate representation into optimized machine code for various CPU architecture
rusty_v8 is a Rust wrapper for the V8 JavaScript engine that allows for the embedding of a JavaScript runtime into native applications. It provides core components for managing engine bindings, memory allocation, sandboxed isolates, and the execution of WebAssembly modules. The project features a native host function bridge to map Rust functions to JavaScript objects and a dedicated memory allocator to manage thread-safe allocation and heap pressure. It includes a system for compiling and executing binary WebAssembly modules within the hosted native environment. The runtime covers capabiliti
Tengo is a dynamic, embeddable scripting language for Go applications that allows for the execution of custom scripts without requiring the host binary to be recompiled. It operates as a bytecode-compiled virtual machine, transforming source code into a compact intermediate representation for execution on a stack-based engine. The system is designed as a secure scripting sandbox, enforcing strict limits on memory allocation and execution time to safely run untrusted code. It supports concurrent script execution by cloning compiled bytecode and using recursive immutability conversion to share
Incus is a unified orchestration platform for managing system containers, OCI application containers, and virtual machines through a single control plane. It brings together cluster infrastructure management, secure multi-tenancy, software-defined networking, and pluggable storage backend orchestration into one cohesive system exposed via a full REST API and command-line interface. What distinguishes Incus is its ability to run multiple instance types side by side—full Linux system containers, OCI application containers, and QEMU virtual machines—all managed with consistent tooling. Networkin
Extism is a cross-language WebAssembly plugin framework that lets applications written in any programming language load and execute plugins written in any other language. It provides a universal plugin system where host applications use idiomatic SDKs to load WebAssembly modules, call exported functions, and pass data back and forth, while plugin authors use development kits that handle memory management and host interaction so they can focus on business logic. The framework distinguishes itself through its comprehensive approach to cross-language integration, offering schema-driven binding g
Docker-Android runs a full Android emulator inside a Docker container, enabling mobile app testing and automation without requiring a physical device. The emulator uses QEMU-based virtualization with optional KVM acceleration for hardware-backed performance, and supports nested virtualization on cloud VMs from providers like AWS, GCP, and Azure for environments without direct hardware acceleration. The container exposes the Android Debug Bridge over TCP/IP, allowing host-side tools to connect to the emulator as if it were a local device. It provides browser-based interaction with the emulator