https://github.com/arcboxlabs/arcbox
Run AI agents on real and isolated machines — own kernel, filesystem, and network — with <200ms boot. Local first, OCI compatible, pure Rust.
https://github.com/arcboxlabs/arcbox
ai-agents computer-use containers docker firecracker microvm rust sandbox virtual-machine virtualization
Last synced: 22 days ago
JSON representation
Run AI agents on real and isolated machines — own kernel, filesystem, and network — with <200ms boot. Local first, OCI compatible, pure Rust.
- Host: GitHub
- URL: https://github.com/arcboxlabs/arcbox
- Owner: arcboxlabs
- License: apache-2.0
- Created: 2026-01-04T14:46:50.000Z (4 months ago)
- Default Branch: master
- Last Pushed: 2026-04-01T13:43:09.000Z (26 days ago)
- Last Synced: 2026-04-03T04:56:26.498Z (25 days ago)
- Topics: ai-agents, computer-use, containers, docker, firecracker, microvm, rust, sandbox, virtual-machine, virtualization
- Language: Rust
- Homepage:
- Size: 48.6 MB
- Stars: 64
- Watchers: 0
- Forks: 2
- Open Issues: 9
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: LICENSE-APACHE
- Security: SECURITY.md
- Notice: NOTICE.md
- Agents: AGENTS.md
Awesome Lists containing this project
README
# ArcBox
**Sandboxed execution engine for AI agents, containers, and virtual machines.**
**Built from scratch in Rust -- from hypervisor to CLI.**
[](LICENSE)
[](https://www.rust-lang.org)
[](https://github.com/arcboxlabs/arcbox-desktop/releases)
[](https://arcbox.link/discord)
[](https://arcbox.link/telegram)
[](https://arcbox.link/docs)
---
## Why ArcBox
Computer Use is the next frontier for AI -- agents that can write files, run code, browse the web, and operate a real machine. But giving an agent a full computer means giving it a full attack surface. Containers share the host kernel; a single exploit and the agent is out.
ArcBox solves this with Firecracker-style microVMs that boot their own Linux kernel in under 200ms. Each sandbox is a real computer -- real filesystem, real network, real process tree -- with VM-level isolation that containers can't provide. And when you just need Docker, ArcBox is a drop-in replacement for Docker Desktop.
## Three-Tier Runtime
| Tier | Isolation | Boot Time | Overhead | Use Case |
|------|-----------|-----------|----------|----------|
| **Container** | Namespace + chroot | Instant | ~1 MB | Standard Docker workloads |
| **Sandbox** | microVM (own kernel) | <200ms | ~10-30 MB | Untrusted code, CI/CD, AI agents |
| **Machine** | Independent VM | ~1.5s | ~200 MB | Full Linux dev environment |
```
Host
├── arcbox daemon (Docker API + gRPC)
│
├── System VM (Container + Sandbox tiers, shared kernel)
│ └── arcbox-agent
│ ├── Container Runtime ── namespace + chroot
│ └── Sandbox Runtime ─── KVM microVM (<200ms boot)
│
├── Machine VM "ubuntu-dev" (independent kernel + rootfs)
└── Machine VM "alpine-test"
```
### Sandbox — Computer Use Runtime
Give an AI agent a real computer it can't break out of.
- **<200ms cold boot** -- KVM microVM with minimal device model (virtio-MMIO only, no PCI/ACPI/BIOS)
- **<50ms warm start** -- snapshot/restore for instant sandbox cloning
- **VM-level isolation** -- each sandbox runs its own kernel; a vulnerability in one cannot escape to others
- **Real computer** -- real filesystem, real networking, real process tree -- not a simulated shell
- **Disposable** -- spin up, let the agent work, tear down; no state leaks between sessions
- **Docker-compatible** -- `docker run --runtime=sandbox untrusted-image`
### Container
Drop-in Docker engine replacement. Point your existing Docker CLI at ArcBox:
```bash
arcbox docker enable
docker run -d -p 8080:80 nginx
```
### Machine
Full Linux VMs with persistent storage, SSH access, and their own init system.
```bash
arcbox machine create dev --distro ubuntu
arcbox machine ssh dev
```
## Quick Start
```bash
# Install
curl -sSL https://install.arcbox.dev | sh
# Start the daemon
arcbox daemon start
# Enable Docker compatibility
arcbox docker enable
# Run a container
docker run -d -p 8080:80 nginx
curl http://localhost:8080
```
## What Works Today
- **Container lifecycle** -- `run`, `stop`, `rm`, `logs`, `exec`, `inspect`
- **Image management** -- pull from Docker Hub and OCI registries (ARM64)
- **Port forwarding** -- `-p 8080:80` maps host ports into containers
- **Volume mounts** -- bind mounts and named volumes
- **Networking** -- internet access, DNS resolution, inter-container DNS
- **Docker Compose** -- `docker-compose up/down` for multi-container stacks
- **Context switching** -- `arcbox docker enable/disable` to toggle with Docker Desktop
- **Machine management** -- `create/start/stop/rm/ls/inspect/exec/ssh`
- **40+ Docker API endpoints** -- Docker Engine API v1.43 compatible
## Performance
Custom VirtIO stack, zero-copy networking, purpose-built VirtioFS.
| Metric | Container | Sandbox | Machine |
|--------|-----------|---------|---------|
| Boot | Instant | <200ms cold / <50ms warm | ~1.5s |
| Memory | ~1 MB | ~10-30 MB | ~200 MB |
| File I/O (vs native) | >90% | >85% | >90% |
| | ArcBox | E2B (Firecracker) | Docker Desktop |
|--|--------|-------------------|----------------|
| Sandbox boot | <200ms | ~150ms | N/A |
| Container boot | Instant | N/A | Instant |
| Idle memory | <150 MB | Cloud-only | 1-2 GB |
## Known Limitations
| Feature | Status |
|---------|--------|
| `docker build` | Not yet -- use `docker buildx` or pre-built images |
| Sandbox runtime (`--runtime=sandbox`) | Designed, not yet implemented |
| Machine distro management | Designed, not yet implemented |
| x86/amd64 images (Rosetta) | Not yet -- ARM64 only |
| Linux host | macOS first, Linux planned |
| GUI | CLI only -- desktop app planned |
## Requirements
- macOS 13 (Ventura) or later
- Apple Silicon (M1/M2/M3/M4) -- Intel support in progress
- Docker CLI installed (ArcBox replaces the engine, not the CLI)
## Contributing
See [CONTRIBUTING.md](CONTRIBUTING.md) for build instructions, code standards,
and development setup.
## License
[MIT](LICENSE-MIT) OR [Apache-2.0](LICENSE-APACHE)
---
**[Website](https://arcbox.dev)** · **[Docs](https://arcbox.link/docs)** · **[Discord](https://arcbox.link/discord)**