Analysis updated 2026-05-18
Run Claude Code or Codex inside a microVM so it cannot access your home directory or cloud credentials.
Set up a network proxy sandbox so an AI agent can call external APIs without ever seeing your real API keys.
Choose between container, microVM, and process-level isolation based on boot speed and security needs.
Find a macOS-native Apple Silicon sandbox for AI agents that does not require Docker or Linux KVM.
| fishman/awesome-agent-sandbox | 0labs-in/vision-link | 3xhelix/rbdoom | |
|---|---|---|---|
| Stars | 4 | 4 | 4 |
| Language | — | TypeScript | — |
| Setup difficulty | moderate | moderate | hard |
| Complexity | 1/5 | 3/5 | 3/5 |
| Audience | ops devops | developer | ops devops |
Figures from each repo's GitHub metadata at analysis time.
Most tools require Linux KVM or macOS Apple Silicon, some require recent OS versions (macOS 26+).
Awesome Agent Sandbox is a curated list of sandboxing tools for AI coding agents such as Claude Code, GitHub Copilot, Codex, and similar tools. When you give an AI agent access to your computer to write and run code, there is a risk that the agent could accidentally or intentionally read your API keys, modify files outside the project, or make unexpected network requests. This list collects projects designed to contain that risk. The entries are organized into four categories. MicroVMs are small, fast virtual machines that boot in under a second and give the agent a completely isolated computer environment. Examples include tools that boot in under 60 milliseconds, support loading Docker images without needing a Docker daemon running, and can forward SSH credentials to the agent without the agent ever seeing the actual private key. Container sandboxes use Docker or Podman to isolate the agent, often combined with a network proxy that intercepts outbound requests so the agent can call external APIs but cannot read the raw API keys it is using. VM-based options create one full virtual machine per project, often cloning a fresh copy of the repository inside so the host filesystem is never directly accessible. Process sandboxes use operating system security features such as Landlock on Linux and Seatbelt on macOS to restrict what files and network destinations the process can reach, without needing a full virtual machine or container. A common design pattern across many of these tools is that your real API keys never enter the sandbox. Instead, a proxy on the host intercepts API calls and substitutes real credentials at request time. The agent sees a placeholder or a short-lived token with a spending cap, so a compromised or misbehaving agent cannot steal credentials. The repository covers around 20 projects total and does not specify a license. The intended audience is developers building or evaluating agent-powered coding workflows who want to run those agents safely on their own machines.
A curated list of sandboxing tools (microVMs, containers, process isolation) for running AI coding agents safely without exposing API keys or your host filesystem.
Setup difficulty is rated moderate, with roughly 30min to a first successful run.
Mainly ops devops.
This repo across BitVibe Labs
Verify against the repo before relying on details.