explaingit

alibaba/opensandbox

10,614PythonAudience · developerComplexity · 4/5Setup · hard

TLDR

Alibaba's platform for running AI agents in isolated sandboxes, gives each agent its own contained environment to safely execute code, browse the web, and manage files without touching your host machine.

Mindmap

mindmap
  root((OpenSandbox))
    What it does
      Isolated AI agent envs
      Safe code execution
      Browser automation
    Deployment
      Single machine Docker
      Kubernetes cluster
    Security options
      gVisor runtime
      Kata Containers
      Firecracker
    SDKs
      Python and Java
      Go and TypeScript
      C sharp
    Built-in tools
      Shell execution
      File read and write
      VNC desktop
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Run untrusted AI-generated code safely inside a container that cannot harm the host machine or escape its boundaries.

USE CASE 2

Give an AI agent a live browser environment to automate web tasks using Chrome and Playwright inside a sandbox.

USE CASE 3

Deploy many parallel AI agent sandboxes on Kubernetes for a multi-agent workflow with strong security isolation.

USE CASE 4

Control sandbox network access to restrict which outbound connections an AI agent is allowed to make.

Tech stack

PythonDockerKubernetesPlaywrightgVisor

Getting it running

Difficulty · hard Time to first run · 1h+

Requires Docker or a Kubernetes cluster, stronger isolation modes like gVisor and Kata Containers need additional host-level setup.

In plain English

OpenSandbox is a platform from Alibaba for running AI agents inside isolated, controlled environments. When an AI agent needs to execute code, browse the web, manipulate files, or interact with a desktop, it should do so in a contained space where it cannot accidentally harm the host machine or escape its boundaries. OpenSandbox provides that containment layer. The platform supports running sandboxes through Docker on a single machine or through Kubernetes for larger deployments where many sandboxes need to run in parallel. It includes built-in environments for running shell commands, reading and writing files, and executing code through an interpreter. It also ships example configurations for browser automation using Chrome and Playwright, and for graphical desktop environments accessible over VNC or through VS Code. For stronger security isolation, OpenSandbox supports plugging in specialized container runtimes like gVisor, Kata Containers, and Firecracker. These create a deeper barrier between sandbox workloads and the underlying host system, which matters when running untrusted or AI-generated code. SDKs are available in Python, Java, Kotlin, JavaScript, TypeScript, C# and Go, so you can connect to and control sandboxes from whichever language your application uses. There is also a command-line tool called osb for manual sandbox operations: creating sandboxes, running commands inside them, moving files, and managing network access rules. Network control is built in. You can configure what traffic each sandbox is allowed to send or receive, with an ingress gateway for routing and per-sandbox egress controls for restricting outbound connections. The project is listed in the CNCF Landscape, a registry of cloud-native infrastructure tools maintained by the Cloud Native Computing Foundation.

Copy-paste prompts

Prompt 1
I'm building an AI coding agent that needs to execute Python code safely. Show me how to set up OpenSandbox with Docker so each agent run happens in an isolated container that gets deleted after.
Prompt 2
Using the OpenSandbox Python SDK, write me the code to create a sandbox, run a shell command inside it, read the output, and then destroy the sandbox.
Prompt 3
How do I configure OpenSandbox to let an AI agent browse the web using Playwright inside a sandboxed Chrome instance while blocking all other outbound traffic?
Prompt 4
Walk me through deploying OpenSandbox on a Kubernetes cluster, including what containers are needed and how to configure per-sandbox egress network rules.
Open on GitHub → Explain another repo

← alibaba on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.