sandbox
Let your AI go full send. Your home directory stays home.
Run Claude Code, Codex, or any AI coding agent in "yolo mode" without nuking your home directory.
Related contents:
Universal Sandbox Infrastructure for AI Applications.
Securely run commands, filesystems, code interpreters, browsers, and developer tools in isolated runtime environments.
OpenSandbox is a general-purpose sandbox platform for AI applications, offering multi-language SDKs, unified sandbox APIs, and Docker/Kubernetes runtimes for scenarios like Coding Agents, GUI Agents, Agent Evaluation, AI Code Execution, and RL Training.
A sandboxed bash interpreter for AI agents. Pure TypeScript with in-memory filesystem.
A simulated bash environment with an in-memory virtual filesystem, written in TypeScript. Designed for AI agents that need a secure, sandboxed bash environment. Supports optional network access via curl with secure-by-default URL filtering.
A security-focused library OS supporting kernel- and user-mode execution.
LiteBox is a sandboxing library OS that drastically cuts down the interface to the host, thereby reducing attack surface. It focuses on easy interop of various "North" shims and "South" platforms. LiteBox is designed for usage in both kernel and non-kernel scenarios.
Matchlock secures AI agent workloads with a Linux-based sandbox.
Matchlock is a CLI tool for running AI agents in ephemeral microVMs - with network allowlisting, secret injection via MITM proxy, and VM-level isolation. Your secrets never enter the VM.
Easy Linux virtual machine on MacOS to sandbox LLM agents.
Vibe is a quick, zero-configuration way to spin up a Linux virtual machine on Mac to sandbox LLM agents.
Related contents:
Vagrant is the command line utility for managing the lifecycle of virtual machines. Isolate dependencies and their configuration within a single disposable and consistent environment.
Related contents:
Lightweight, container-free sandbox for running commands with network and filesystem restrictions.
Fence wraps commands in a sandbox that blocks network access by default and restricts filesystem operations based on configurable rules. It's most useful for running semi-trusted code (package installs, build scripts, CI jobs, unfamiliar repos) with controlled side effects, and it can also complement AI coding agents as defense-in-depth.
Security, visibility, and authorization for AI agents
Leash wraps AI coding agents in containers and monitors their activity. You define policies in Cedar; Leash enforces them instantly.
Authorize and monitor your AI agents with policy enforcement, sandboxed execution, and real-time observability—ensuring they operate safely within your defined boundaries.
Create and manage micro VMs at scale for safe execution of untrusted code. Secure sandboxed compute for AI agents and workloads
K7 Demo
Katakate aims to make it easy to create, manage and orchestrate lightweight safe VM sandboxes for executing untrusted code, at scale. It is built on battle-tested VM isolation with Kata, Firecracker and Kubernetes. It is orignally motivated by AI agents that need to run arbitrary code at scale.
Sandboxing for Nix.
NixPak is essentially a fancy declarative wrapper around bwrap. You can use it to sandbox all sorts of Nix-packaged applications, including graphical ones.
📦 Lightweight, ephemeral, sandboxes for Linux.
Create lightweight sandboxes for Linux with host isolation, rootfs images, and networking.
Microbox is a sandbox runtime that creates ephemeral and isolated execution environments on Linux by combining specific kernel features such as namespaces, cgroups, seccomp, and capabilities. It provides lightweight sandboxes to run container-like applications securely.
Run AI Generated Code Locally. A secure local sandbox to run LLM-generated code using Apple containers.
CodeRunner is an MCP (Model Context Protocol) server that executes AI-generated code in a sandboxed environment on your Mac using Apple's native containers.
Related contents:
easy secure execution of untrusted user/ai code.
Run untrusted code with VM-level isolation and lightning-fast startup. Built for AI agents, developers, and anyone who needs to execute code safely without compromising on speed or security.
Hyperlight is a lightweight Virtual Machine Manager (VMM) designed to be embedded within applications. It enables safe execution of untrusted code within micro virtual machines with very low latency and minimal overhead.
VMM for native-performance sandboxing.
TinyKVM is a simple, slim and specialized userspace emulator library with native performance.
TinyKVM is designed to execute regular Linux programs and also excels at request-based workloads in high-performance HTTP caches and web servers.
Related contents:
Malware analysis tool. Cuckoo3 is a Python 3 open source automated malware analysis system.
Cuckoo3 is an open-source tool to test suspicious files or links in a controlled environment. It will test them in a sandboxed platform emulator(s) and generate a report, showing what the files or websites did during the test.
In-browser Postgres sandbox with AI assistance.
With postgres.new, you can instantly spin up an unlimited number of Postgres databases that run directly in your browser (and soon, deploy them to S3).
Efficient and consistent CI/CD with Kubernetes.
A solution for implementing efficient and consistent software delivery to Kubernetes facilitating best practices. werf is a CNCF Sandbox CLI tool to implement full-cycle CI/CD to Kubernetes easily. werf integrates into your CI system and leverages familiar and reliable technologies, such as Git, Dockerfile, Helm, and Buildah.
TIO is a family of online interpreters for an evergrowing list of practical and recreational programming languages. To use TIO, simply click the arrow below, pick a programming language, and start typing. Once you click the run button, your code is sent to a TIO arena, executed in a sandboxed environment, and the results are sent back to your browser. You can share your code by generating a client-side permalink that encodes code and input directly in the URL.
Vulnerable REST API with OWASP top 10 vulnerabilities for security testing.
VAmPI is a vulnerable API made with Flask and it includes vulnerabilities from the OWASP top 10 vulnerabilities for APIs. It was created as I wanted a vulnerable API to evaluate the efficiency of tools used to detect security issues in APIs. It includes a switch on/off to allow the API to be vulnerable or not while testing. This allows to cover better the cases for false positives/negatives. VAmPI can also be used for learning/teaching purposes. You can find a bit more details about the vulnerabilities in erev0s.com.
Component toolkit for creating live-running code editing experiences.
Sandpack is a component toolkit for creating your own live running code editing experience powered by CodeSandbox.
PHPSandbox + Packagist. This is a playground to try Composer packages. With it, you can try 350k+ packages using a standard PHP v8.1 environment.
A CLI to create code sandboxes with automatic HTTPS and long running processes in your cloud provider account.
Advanced vm/sandbox for Node.js. vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Securely!
Malware? Tear it apart, discover its ins and outs and collect actionable threat data. Cuckoo is the leading open source automated malware analysis system.