nvidia/openshell

OpenShell is a tool from NVIDIA that runs AI agents inside isolated, controlled environments called sandboxes. The core problem it addresses is that AI agents often need to execute code, browse the internet, and access files, but letting them do all of that freely is risky. OpenShell wraps each agent session in a container and enforces policies that specify exactly what the agent is and is not allowed to do, blocking unauthorized file access, unwanted network connections, and data leaks. The policies are written as short YAML files that describe which websites can be reached, which HTTP methods are allowed, and which local paths the agent can touch. These rules are enforced by a proxy that sits between the agent and the outside world. If the agent tries to make a network request that is not covered by the policy, the request is blocked and logged. You can apply new policies without restarting the sandbox. Setting up a sandbox is a single command. You name which AI agent you want to run, and OpenShell starts a container that includes common developer tools such as Python, Node.js, git, and network utilities. Supported container backends include Docker, Podman, and lightweight virtual machines. There is also an experimental path for deploying on Kubernetes. The project also includes a privacy-aware routing layer that can intercept calls to AI model APIs, strip the caller's credentials, and inject its own, keeping sensitive context away from external services. OpenShell is currently in alpha, described by the team as single-player mode: one developer, one environment, one gateway. Multi-tenant enterprise deployments are on the roadmap but not yet available. The README is honest about rough edges.