explaingit

fishman/awesome-agent-sandbox

Analysis updated 2026-05-18

4Audience · ops devopsComplexity · 1/5Setup · moderate

TLDR

A curated list of sandboxing tools (microVMs, containers, process isolation) for running AI coding agents safely without exposing API keys or your host filesystem.

Mindmap

mindmap
  root((Agent Sandboxes))
    MicroVMs
      Sub 200ms boot
      Hardware isolation
      Key forwarding
    Containers
      Docker Podman
      Network proxy
      Secret injection
    VM based
      Per project VM
      Fresh repo clone
    Process sandboxes
      Landlock Linux
      Seatbelt macOS
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Run Claude Code or Codex inside a microVM so it cannot access your home directory or cloud credentials.

USE CASE 2

Set up a network proxy sandbox so an AI agent can call external APIs without ever seeing your real API keys.

USE CASE 3

Choose between container, microVM, and process-level isolation based on boot speed and security needs.

USE CASE 4

Find a macOS-native Apple Silicon sandbox for AI agents that does not require Docker or Linux KVM.

What is it built with?

DockerPodmanFirecrackerLinux KVMRust

How does it compare?

fishman/awesome-agent-sandbox0labs-in/vision-link3xhelix/rbdoom
Stars444
LanguageTypeScript
Setup difficultymoderatemoderatehard
Complexity1/53/53/5
Audienceops devopsdeveloperops devops

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · moderate Time to first run · 30min

Most tools require Linux KVM or macOS Apple Silicon, some require recent OS versions (macOS 26+).

In plain English

Awesome Agent Sandbox is a curated list of sandboxing tools for AI coding agents such as Claude Code, GitHub Copilot, Codex, and similar tools. When you give an AI agent access to your computer to write and run code, there is a risk that the agent could accidentally or intentionally read your API keys, modify files outside the project, or make unexpected network requests. This list collects projects designed to contain that risk. The entries are organized into four categories. MicroVMs are small, fast virtual machines that boot in under a second and give the agent a completely isolated computer environment. Examples include tools that boot in under 60 milliseconds, support loading Docker images without needing a Docker daemon running, and can forward SSH credentials to the agent without the agent ever seeing the actual private key. Container sandboxes use Docker or Podman to isolate the agent, often combined with a network proxy that intercepts outbound requests so the agent can call external APIs but cannot read the raw API keys it is using. VM-based options create one full virtual machine per project, often cloning a fresh copy of the repository inside so the host filesystem is never directly accessible. Process sandboxes use operating system security features such as Landlock on Linux and Seatbelt on macOS to restrict what files and network destinations the process can reach, without needing a full virtual machine or container. A common design pattern across many of these tools is that your real API keys never enter the sandbox. Instead, a proxy on the host intercepts API calls and substitutes real credentials at request time. The agent sees a placeholder or a short-lived token with a spending cap, so a compromised or misbehaving agent cannot steal credentials. The repository covers around 20 projects total and does not specify a license. The intended audience is developers building or evaluating agent-powered coding workflows who want to run those agents safely on their own machines.

Copy-paste prompts

Prompt 1
Compare the microVM and container-based sandbox options in awesome-agent-sandbox for running Claude Code. Which offers the fastest boot time and strongest isolation?
Prompt 2
I'm on macOS Apple Silicon. Which sandboxes from awesome-agent-sandbox work natively without needing Linux KVM?
Prompt 3
How does the token substitution proxy pattern work in AI agent sandboxes, and which projects in this list implement it?
Prompt 4
Set up drydock or yolobox to run Claude Code on my project with network egress restricted to npm and GitHub only.
Prompt 5
What is the difference between process-level sandboxing with Landlock and running an agent in a Firecracker microVM?

Frequently asked questions

What is awesome-agent-sandbox?

A curated list of sandboxing tools (microVMs, containers, process isolation) for running AI coding agents safely without exposing API keys or your host filesystem.

How hard is awesome-agent-sandbox to set up?

Setup difficulty is rated moderate, with roughly 30min to a first successful run.

Who is awesome-agent-sandbox for?

Mainly ops devops.

Open on GitHub → Explain another repo

This repo across BitVibe Labs

Scan in gitsafehub Deploy in gitdeployhub fishman on gitmyhub

Verify against the repo before relying on details.