tencentcloud/cubesandbox

CubeSandbox is a service that creates isolated, short-lived compute environments for AI agents that need to execute code. When an AI model generates code as part of answering a question or completing a task, that code needs somewhere safe to run. Running it directly on a server risks damage if the code is malicious or buggy. A sandbox is an isolated container where the code can run without being able to affect anything outside it. What distinguishes CubeSandbox from typical approaches is how it achieves isolation and how fast it starts. Standard tools like Docker share the operating system kernel between all containers running on a host, which creates a risk that a container escape exploit could compromise the host. CubeSandbox gives each sandbox its own guest OS kernel by using KVM (a Linux virtualization feature) and RustVMM (a lightweight virtual machine layer written in Rust). This is the same level of isolation that full virtual machines provide, but without the usual cost in startup time and memory. Startup time is under 60 milliseconds because the system pre-allocates resources and uses snapshot cloning rather than booting from scratch. Each sandbox uses less than 5 megabytes of memory overhead through aggressive memory sharing using copy-on-write technology. The project claims thousands of concurrent sandboxes can run on a single machine. The service is compatible with the E2B SDK, which is a popular interface for code execution sandboxes. Existing code that uses E2B can switch to CubeSandbox by changing one environment variable, with no other code changes needed. Network traffic between sandboxes is isolated and filtered using eBPF, a Linux kernel technology for enforcing network policies. CubeSandbox is developed and used in production by Tencent Cloud. It is released under the Apache 2.0 license and supports both single-node and multi-node cluster deployments. It requires an x86 Linux environment with KVM support.