Agent Code Sandboxing AI Agents
Tools and platforms for isolating, containerizing, and safely executing untrusted code from AI agents using Docker, VMs, WebSockets, or namespace-based sandboxes. Does NOT include general container orchestration, deployment platforms, or security monitoring without execution isolation capabilities.
There are 113 agent code sandboxing agents tracked. 3 score above 70 (verified tier). The highest-rated is e2b-dev/E2B at 79/100 with 11,263 stars. 9 of the top 10 are actively maintained.
Get all 113 projects as JSON
curl "https://pt-edge.onrender.com/api/v1/datasets/quality?domain=agents&subcategory=agent-code-sandboxing&limit=20"
Open to everyone — 100 requests/day, no key needed. Get a free key for 1,000/day.
| # | Agent | Score | Tier |
|---|---|---|---|
| 1 |
e2b-dev/E2B
Open-source, secure environment with real-world tools for enterprise-grade agents. |
|
Verified |
| 2 |
alibaba/OpenSandbox
OpenSandbox is a general-purpose sandbox platform for AI applications,... |
|
Verified |
| 3 |
e2b-dev/infra
Infrastructure that's powering E2B Cloud. |
|
Verified |
| 4 |
always-further/nono
Secure, kernel-enforced sandbox CLI and SDKs for AI agents. Capability-based... |
|
Established |
| 5 |
boxlite-ai/boxlite
Sandboxes for every agent. Embeddable, stateful, snapshots, and hardware isolation. |
|
Established |
| 6 |
zerobootdev/zeroboot
Sub-millisecond VM sandboxes for AI agents via copy-on-write forking |
|
Established |
| 7 |
eugene1g/agent-safehouse
Sandbox your local AI agents so they can read/write only what they need |
|
Established |
| 8 |
agbcloud/agbcloud-sdk
AI-native cross-platform sandboxes for developers, featuring multimodal... |
|
Established |
| 9 |
adammiribyan/zeroboot
Sub-millisecond VM sandboxes for AI agents via copy-on-write forking |
|
Established |
| 10 |
multikernel/sandlock
Lightweight process-based sandbox for Linux, no container, no VM, no root. |
|
Established |
| 11 |
rivet-dev/secure-exec
Secure Node.js Execution Without a Sandbox A lightweight library for secure... |
|
Established |
| 12 |
HACKE-RC/Bandsox
Sanboxes for AI agents and humans |
|
Emerging |
| 13 |
dtormoen/tsk-tsk
Keeping your agents out of trouble with sandboxed coding agent automation |
|
Emerging |
| 14 |
tomascupr/sandstorm
Run Claude agents in secure cloud sandboxes — via API, CLI, or Slack. One... |
|
Emerging |
| 15 |
adarsh9780/safe-py-runner
A lightweight, secure-by-default Python code runner designed for LLM agents. |
|
Emerging |
| 16 |
angelorc/vmsan
Firecracker made simple. Spin up secure microVMs in milliseconds, from... |
|
Emerging |
| 17 |
onyx-dot-app/python-sandbox
Secure and lightweight Python code execution environment for LLMs |
|
Emerging |
| 18 |
mavdol/capsule
A secure, durable runtime to sandbox AI agent tasks. Run untrusted code in... |
|
Emerging |
| 19 |
Th0rgal/sandboxed.sh
Self-hosted orchestrator for AI autonomous agents. Run Claude Code & Open... |
|
Emerging |
| 20 |
Parassharmaa/agent-sandbox
A sandboxed execution environment for AI agents via WASM |
|
Emerging |
| 21 |
rpfilomeno/opencode-docker
Stop prompt injection catastrophe! Run your AI Agents in secure isolated... |
|
Emerging |
| 22 |
railroad-dev/railroad
Run Claude Code at full speed, safely. OS-level command blocking with no... |
|
Emerging |
| 23 |
runtm-ai/runtm
Open-source sandboxes where coding agents build and deploy. Spin up isolated... |
|
Emerging |
| 24 |
projecteru2/cocoon
Lightweight MicroVM VMM built on Cloud Hypervisor for AI |
|
Emerging |
| 25 |
jamesmurdza/upstream-agents
Run AI coding agents in isolated sandboxes connected to your GitHub repositories |
|
Emerging |
| 26 |
branchbox/branchbox
Parallel, isolated dev environments for humans and AI coding agents. Real... |
|
Emerging |
| 27 |
stacklok/brood-box
CLI tool for running coding agents inside hardware-isolated microVMs |
|
Emerging |
| 28 |
EXboys/skilllite
A lightweight secure Self-evolution engine built in Rust, featuring a... |
|
Emerging |
| 29 |
akshayaggarwal99/boxed
The Sovereign Code Execution Engine for AI Agents. Run untrusted code safely... |
|
Emerging |
| 30 |
gizmax/Sandcastle
Production-ready AI agent workflow orchestrator. 63 integrations, EU AI Act... |
|
Emerging |
| 31 |
getlark/runtimeuse
Run AI agents inside sandboxes over WebSockets |
|
Emerging |
| 32 |
legionus/devkit
The project allows you to manage isolated containers with AI agents |
|
Emerging |
| 33 |
Raynan00/sandpy
Browser-native Python sandbox for AI agents |
|
Emerging |
| 34 |
HappyHackingSpace/sindoq
AI Sandbox |
|
Emerging |
| 35 |
ixchio/agent-sandbox-runtime
A secure runtime for self-correcting AI agents with Docker sandboxing. |
|
Emerging |
| 36 |
STONE-CELL-SPF-JOSEPH-STONE/SPFsmartGATE
AI Security Gateway — Compiled Rust enforcement between AI agents and your... |
|
Emerging |
| 37 |
89luca89/clampdown
Run AI coding agents in hardened container sandboxes. |
|
Emerging |
| 38 |
reoring/botbox
Kubernetes sidecar that sandboxes container egress. Deny-by-default... |
|
Emerging |
| 39 |
deevus/pixels
Disposable Linux containers for AI coding agents, with extensible backends |
|
Emerging |
| 40 |
joshualamerton/agentic-sandbox
Simulation environment for testing and validating autonomous agents |
|
Emerging |
| 41 |
the-void-ia/void-box
Composable agent runtime with enforced isolation boundaries |
|
Emerging |
| 42 |
foundry-works/foundry-sandbox
Ephemeral, batteries-included Docker workspaces that isolate AI coding... |
|
Emerging |
| 43 |
haasonsaas/capsule-run
Lightweight, secure sandboxed command execution for AI agents |
|
Emerging |
| 44 |
sauravbhattacharya001/ai
Contract-enforced sandbox for studying AI agent self-replication safety |
|
Emerging |
| 45 |
ammmir/sandboxer
Forkable code execution server for LLMs, agents, and devs |
|
Experimental |
| 46 |
Orellius/Laminae
AI personality, safety, red-teaming, and sandboxing in Rust SDK. |
|
Experimental |
| 47 |
sevorix/sevorix-lite
Sevorix Lite is a Rust-native, open-source runtime containment engine for... |
|
Experimental |
| 48 |
Parassharmaa/agent-fetch
Sandboxed HTTP client with SSRF protection for AI agents. Prevents DNS... |
|
Experimental |
| 49 |
arcboxlabs/arcbox
Run AI agents on real and isolated machines — own kernel, filesystem, and... |
|
Experimental |
| 50 |
seznam/jailoc
🔒 Jail your AI agents — sandboxed Docker environments with network isolation... |
|
Experimental |
| 51 |
agentbox-cloud/agentbox
AgentBox SDK — Enterprise AI Sandbox Tools |
|
Experimental |
| 52 |
hyperterse/sandboxer
Single, consistent interface to run code, manage files, and control isolated... |
|
Experimental |
| 53 |
DavidKim0326/DUDA
Isolation Guardian for Claude Code — Prevent AI agents from breaking... |
|
Experimental |
| 54 |
kajogo777/the-agent-sandbox-taxonomy
An open taxonomy and scoring framework for evaluating AI agent sandboxes: 7... |
|
Experimental |
| 55 |
opencapsule/opencapsule
Secure Code Execution Runtime for AI Agents |
|
Experimental |
| 56 |
AxeForging/aigate
OS-level sandbox for AI coding agents - kernel-enforced file, command, and... |
|
Experimental |
| 57 |
nhevers/agent-sandbox
Sandboxed code execution for AI agents |
|
Experimental |
| 58 |
numcys/sudomode
The Missing sudo Command for AI Agents. |
|
Experimental |
| 59 |
danievanzyl/pyro
Open-source Firecracker microVM sandbox platform for AI agents |
|
Experimental |
| 60 |
c4rb0nx1/tuprwre
That install command your AI agent just ran? Never touched your host.... |
|
Experimental |
| 61 |
lzjever/noxrunner
Python client library and CLI for sandbox execution backends (NoxRunner... |
|
Experimental |
| 62 |
dredozubov/hazmat
macOS containment for AI agents — user isolation, kernel sandbox, pf... |
|
Experimental |
| 63 |
Mickdownunder/atlas-validation-layer
Bounded validation and sandbox layer for the Operator research control plane |
|
Experimental |
| 64 |
Embedded-Focus/agent-circus
Run AI coding agents in sandboxed containers communicate via ACP |
|
Experimental |
| 65 |
KometzRobot/capsule-spec
Open tools for AI identity persistence — Capsule Spec, Loop Harness, Cinder Enhanced |
|
Experimental |
| 66 |
throwparty/litterbox
Review *outputs*, not *actions*: give your AI agents litter trays to poop into. |
|
Experimental |
| 67 |
qhkm/zeptocapsule
Isolation sandbox for AI agents — process, namespace, and Firecracker capsules |
|
Experimental |
| 68 |
us/den
Secure sandbox runtime for AI agents |
|
Experimental |
| 69 |
liut/strata
Lightweight Session Sandbox Service — Isolated Shell Environments via... |
|
Experimental |
| 70 |
Mykazi127/noxrunner
🔧 Interact with NoxRunner-compatible sandbox execution backends using this... |
|
Experimental |
| 71 |
D8k4/clampdown
Contain AI coding agents within secure container sandboxes that limit... |
|
Experimental |
| 72 |
bird/paranoid
Isolated QEMU microVM sandboxes with WireGuard-only networking for AI agents |
|
Experimental |
| 73 |
Daaboulex/openviking-nix
OpenViking packaged for NixOS — agent-native context database for AI agents |
|
Experimental |
| 74 |
YujiSuzuki/ai-sandbox-dkmcp
Secure AI sandbox for Claude Code / Gemini — hide secrets, enable... |
|
Experimental |
| 75 |
ydevil2009/AgentFense
🔒 Enforce least-privilege access for AI agents to safely run untrusted code... |
|
Experimental |
| 76 |
nwcnwc/warden-proxy
A localhost proxy that gives browser-sandboxed applications safe, controlled... |
|
Experimental |
| 77 |
heromen22/sandstorm
🚀 Run multiple AI agents securely in isolated cloud sandboxes for long tasks... |
|
Experimental |
| 78 |
nothingnesses/agent-images
Sandboxed OCI container images for AI coding agents, built reproducibly with Nix. |
|
Experimental |
| 79 |
dklymentiev/screenbox
Real virtual desktops for AI agents. MCP-native, self-hosted, fully isolated. |
|
Experimental |
| 80 |
madeinplutofabio/command-scope-contract
Protocol for bounded shell and CLI execution with explicit scope, policy,... |
|
Experimental |
| 81 |
cyruscyliu/agent-vault
Run AI coding agents in isolated Kata Container workspaces on k3s with tmux,... |
|
Experimental |
| 82 |
SatishoBananamoto/svx
Simulate, Verify, Execute — a safety layer for coding agents |
|
Experimental |
| 83 |
edlsh/pi-extension-e2b
E2B cloud sandbox integration for pi — redirects all tool execution to a... |
|
Experimental |
| 84 |
ClawWorksCo/lasso-sandbox
LASSO — Layered Agent Sandbox Security Orchestrator. Sandboxed execution for... |
|
Experimental |
| 85 |
al002/agent-fort
Security runtime for AI agents |
|
Experimental |
| 86 |
0rzech/vibe-containers
Simple sandbox Podman containers for Mistral Vibe |
|
Experimental |
| 87 |
geraldthewes/python-executor
Currently the About section may be empty or generic. Suggested (107... |
|
Experimental |
| 88 |
rankgnar/agent-sandbox
Linux-native sandboxing for AI coding agents. Run Codex, Claude Code, and... |
|
Experimental |
| 89 |
ian-flores/securer
Sandboxed R code execution with tool-call IPC for LLM agents |
|
Experimental |
| 90 |
firmo-tecnologia/devbox
Run unattended, safelly cloud code inside a container. |
|
Experimental |
| 91 |
SudoDog-official/SudoDog
Secure sandbox for AI agents. Blocks dangerous operations, monitors... |
|
Experimental |
| 92 |
Enigma-s9v/chitin-shell
Protect AI agents by isolating LLMs from sensitive data with process... |
|
Experimental |
| 93 |
Rookie481/spotdb
🏖️ Create a secure, temporary data sandbox for AI workflows and exploration,... |
|
Experimental |
| 94 |
Arjun2729/Ithilien
Safe autonomous mode for AI coding agents. Docker sandbox + tamper-evident... |
|
Experimental |
| 95 |
milyas2001/forge-agent-sandbox
FORGE - Bare-Metal Microkernel for AI Agent Sandboxing |
|
Experimental |
| 96 |
DynamicExploit/runtm
🌐 Spin up isolated environments for coding agents to build and deploy... |
|
Experimental |
| 97 |
NihalKA/sandboxshift
Self-hosted AI agent sandbox with automatic local/cloud bursting |
|
Experimental |
| 98 |
scarab-project/scarab-runtime
Strict-confinement sandbox for autonomous AI agents. Built in Rust using... |
|
Experimental |
| 99 |
sourcery-zone/agent-vm
🛡️ Security by Compartmentalization for AI Coding Agents. |
|
Experimental |
| 100 |
KonghaYao/ts-sandbox-server
A secure, high-performance TypeScript/JavaScript execution sandbox server... |
|
Experimental |
| 101 |
brooksomics/llm-rustyolo
Secure Docker wrapper for AI coding agents with filesystem, privilege, and... |
|
Experimental |
| 102 |
kraaakilo/opencode-vm
Isolated Ubuntu VM setup for running OpenCode AI agents safely — Vagrant +... |
|
Experimental |
| 103 |
RutgerLubbers/cage
Put untrusted commands in a cage. Flexible file system sandboxing with... |
|
Experimental |
| 104 |
tobocop2/beebox
Secure Docker sandbox for running AI coding agents in isolated containers —... |
|
Experimental |
| 105 |
danieljhkim/DevBox
DevBox is a minimal, language-agnostic contract that standardizes how local... |
|
Experimental |
| 106 |
deepsarda/Nox
Nox is a secure, embeddable sandbox runtime for executing untrusted scripts... |
|
Experimental |
| 107 |
RobinhoX/llm-rustyolo
🔒 Run AI agents securely with filesystem, privilege, and network isolation... |
|
Experimental |
| 108 |
hanu-tayal/local-agent-sandbox
Privacy-first local AI agent runtime: sandboxed execution, sensitivity... |
|
Experimental |
| 109 |
aliathiullah/the-agent-sandbox-taxonomy
Provide a framework to evaluate AI agent sandboxes by scoring defense layers... |
|
Experimental |
| 110 |
ParthSareen/zuko
Read-only CLI sandbox for AI Agents with Touch ID for unlocking commands |
|
Experimental |
| 111 |
iamladi/sandcaster
Run Pi agents in secure cloud sandboxes — via API, CLI, or Slack. One call.... |
|
Experimental |
| 112 |
yevhen/klitka
Local sandbox runtime for running LLM workloads inside a microVM with... |
|
Experimental |
| 113 |
openagentworld/openagentworld-sandbox
A framework-agnostic sandbox for AI agent code execution — works with... |
|
Experimental |