OpenSandbox - DeveloPassion

# OpenSandbox OpenSandbox is an open-source ([[Apache 2.0 License]]) sandbox infrastructure platform for AI applications. It lets you securely run commands, code interpreters, browsers, and developer tools in isolated environments, for coding agents, GUI/browser automation, agent evaluation, RL training, and AI code execution. It solves the core problem of LLM agents executing untrusted, model-generated code by wrapping isolated runtimes in a unified protocol, SDKs, a CLI, and an MCP server. Created by Alibaba; in the CNCF Landscape. ## Architecture - **Control plane**: Python/FastAPI server with SQLite persistence (`uvx opensandbox-server`); orchestrates create/list/get/health/kill and routes to a runtime backend - **In-sandbox agent**: [[execd daemon]], a Go/Gin REST daemon exposing command, file, and metrics APIs - **[[OpenSandbox Sandbox Protocol]]**: the OpenAPI contract that makes runtimes pluggable - **Runtime backends**: Docker (single host) and Kubernetes (distributed), with optional hardened runtimes (gVisor, Kata Containers, Firecracker microVM) for stronger host isolation - **[[OpenSandbox Credential Vault]]** and a per-sandbox egress sidecar for prompt-injection-safe secrets and network policy - **Ingress gateway** and a BatchSandbox Kubernetes CRD controller for pooled, pre-warmed sandboxes ## Interfaces - **[[osb CLI]]** (`pip install opensandbox-cli`) - Five SDKs (Python, JS/TS, Java/Kotlin, Go, C#) sharing a Connect, Create, Operate, Cleanup pattern - A Code Interpreter primitive (Python/Java/Node/Go via Jupyter inside the sandbox) - An `opensandbox-mcp` [[Model Context Protocol (MCP)|MCP]] server so clients like Claude Code and Cursor can drive sandboxes ## Versus Docker Sandboxes [[Docker Sandboxes]] is a microVM container engine feature. OpenSandbox sits a layer above: it treats containers (or gVisor/Kata/Firecracker) as pluggable runtimes and adds sandbox lifecycle, code-interpreter primitives, the Credential Vault, egress policy, and batch delivery. It is an AI-agent execution platform, not a container runtime. ## References - https://open-sandbox.ai/ - https://open-sandbox.ai/getting-started/ - https://open-sandbox.ai/architecture/ - https://github.com/opensandbox-group/OpenSandbox ## Related - [[Docker Sandboxes]] - [[OpenSandbox Sandbox Protocol]] - [[execd daemon]] - [[OpenSandbox Credential Vault]] - [[osb CLI]] - [[AI Agents]] - [[Agentic Engineering]] - [[Model Context Protocol (MCP)]] - [[Apache 2.0 License]] - [[microVM]] - [[Vercel Sandboxes]] - [[Cloudflare Sandbox SDK]] - [[Sandcastle (AI)]]