https://github.com/microsandbox/microsandbox

Self-Hosted Plaform for Secure Execution of Untrusted User/AI Code
https://github.com/microsandbox/microsandbox

agents ai ai-generated container docker fly linux macos mcp orchestration python sandbox sandboxing security self-hosted virtualization vm

Last synced: 13 days ago
JSON representation

Self-Hosted Plaform for Secure Execution of Untrusted User/AI Code

• Host: GitHub
• URL: https://github.com/microsandbox/microsandbox
• Owner: microsandbox
• License: apache-2.0
• Created: 2024-10-03T15:57:38.000Z (9 months ago)
• Default Branch: main
• Last Pushed: 2025-06-05T10:11:34.000Z (19 days ago)
• Last Synced: 2025-06-05T10:49:14.687Z (19 days ago)
• Topics: agents, ai, ai-generated, container, docker, fly, linux, macos, mcp, orchestration, python, sandbox, sandboxing, security, self-hosted, virtualization, vm
• Language: Rust
• Homepage: https://docs.microsandbox.dev
• Size: 6.37 MB
• Stars: 2,012
• Watchers: 8
• Forks: 71
• Open Issues: 26
• Metadata Files:
  • Readme: README.md
  • Changelog: CHANGELOG.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE
  • Code of conduct: CODE_OF_CONDUCT.md
  • Codeowners: .github/CODEOWNERS
  • Security: SECURITY.md

Awesome Lists containing this project

• awesome-github-repos - microsandbox/microsandbox - Self-Hosted Plaform for Secure Execution of Untrusted User/AI Code (Rust)
• my-awesome-github-stars - microsandbox/microsandbox - Self-Hosted Plaform for Secure Execution of Untrusted User/AI Code (Rust)
• awesome-mcp-servers - Microsandbox - Self-hosted platform for secure execution of AI code. Great for Code Interpreter, Data Analysis, Browser Use. (📦 <a name="virtualization"></a>Sandbox & Virtualization)

README

        












———   easy secure execution of untrusted user/ai code   ———




  


  








  

    

  

  

    

  






#   WHY MICROSANDBOX?

Ever needed to run code you don't fully trust? Whether it's AI-generated code, user submissions, or experimental code, the traditional options all have serious drawbacks:

- **Running locally** - One malicious script and your entire system is compromised

- **Using containers** - Shared kernels mean sophisticated attacks can still break out

- **Traditional VMs** - Waiting 10+ seconds for a VM to boot kills productivity and performance

- **Cloud solutions** - Not as flexible, at the whim of the cloud provider

**microsandbox** combines the best of all worlds:

- [x]   Strong Isolation - Hardware-level VM isolation with [microVMs](./MSB_V_DOCKER.md)

- [x]   Instant Startup - Boot times under 200ms, not 10+ seconds

- [x]   Your Infrastructure - Self-hosted with full control

- [x]   OCI Compatible - Works with standard container images

- [x]   AI-Ready - Built-in [MCP support](./MCP.md) for seamless AI integration

• • •


#   SDK  B E T A

Get started in few easy steps:



  

  


[ASCIINEMA →]





  

  

  



##



1    Start the Server


##### Install microsandbox

```sh

curl -sSL https://get.microsandbox.dev | sh

```

##### And start the server

```sh

msb server start --dev

```

> [!TIP]

>

> microsandbox server is also an [MCP server](./MCP.md), so it works directly with Claude, Agno and other MCP-enabled AI tools and agents.

>

> For more information on setting up the server, see the [self-hosting guide](./SELF_HOSTING.md).

##### Optionally pull the environment image

```sh

msb pull microsandbox/python

```

##



2    Install the SDK


##### Python

```sh

pip install microsandbox

```

##### JavaScript

```sh

npm install microsandbox

```

##### Rust

```sh

cargo add microsandbox

```

> [!NOTE]

> There are [SDKs](./sdk) for other languages as well! Join us in expanding support for your favorite language.

>

> 


>   

>   

>   

>   

>   

>   

>   

>   

>   

>   

>   

>   

>   

>   

>   

>   

>   

>   

>   

>   

>   

>   

>   

>   

>   

>   

>   

> 


##



3    Execute the Code


`microsandbox` offers a growing list of sandbox environment types optimized for different execution requirements. Choose the appropriate sandbox (e.g., PythonSandbox or NodeSandbox) to run your code in a secure tailored environment.

##### Python

```py

import asyncio

from microsandbox import PythonSandbox

async def main():

    async with PythonSandbox.create(name="test") as sb:

        exec = await sb.run("name = 'Python'")

        exec = await sb.run("print(f'Hello {name}!')")

    print(await exec.output()) # prints Hello Python!

asyncio.run(main())

```

##### JavaScript

```js

import { NodeSandbox } from "microsandbox";

async function main() {

  const sb = await NodeSandbox.create({ name: "test" });

  try {

    let exec = await sb.run("var name = 'JavaScript'");

    exec = await sb.run("console.log(`Hello ${name}!`)");

    console.log(await exec.output()); // prints Hello JavaScript!

  } finally {

    await sb.stop();

  }

}

main().catch(console.error);

```

##### Rust

```rs

use microsandbox::{SandboxOptions, PythonSandbox};

#[tokio::main]

async fn main() -> Result<(), Box> {

    let mut sb = PythonSandbox::create(SandboxOptions::builder().name("test").build()).await?;

    let exec = sb.run(r#"name = "Python""#).await?;

    let exec = sb.run(r#"print(f"Hello {name}!")"#).await?;

    println!("{}", exec.output().await?); // prints Hello Python!

    sb.stop().await?;

    Ok(())

}

```

> [!NOTE]

>

> If you haven't pulled the environment image, the first run will take a while as it tries to download it.

> Executions will be much faster afterwards.

>

> For more information on how to use the SDK, [check out the SDK README](./sdk/README.md).

#   PROJECTS  B E T A

Beyond the SDK, microsandbox supports project-based development with the familiar package-manager workflow devs are used to. Think of it like npm or cargo, but for sandboxes!

Create a `Sandboxfile`, define your environments, and manage your sandboxes with simple commands.






##

#### Create a Sandbox Project

```sh

msb init

```

This creates a `Sandboxfile` in the current directory, which serves as the configuration manifest for your sandbox environments.

##

#### Add a Sandbox to the Project

```sh

msb add app \

    --image python \

    --cpus 1 \

    --memory 1024 \

    --start 'python -c "print(\"hello\")"'

```

The command above registers a new sandbox named `app` in your Sandboxfile, configured to use the `python` image.

You should now have a `Sandboxfile` containing a sandbox named **`app`**:

```sh

cat Sandboxfile

```

```yaml

# Sandbox configurations

sandboxes:

  app:

    image: python

    memory: 1024

    cpus: 1

    scripts:

      start: python -c "print(\"hello\")"

```

> [!TIP]

>

> Run `msb  --help` to see all the options available for a subcommand.

>

> For example, `msb add --help`.

##

#### Running a Sandbox

##### Run a Sandbox Defined in Your Project

```sh

msb run --sandbox app

```



_**or**_



```sh

msr app

```

This executes the default _start_ script of your sandbox. For more control, you can directly specify which script to run — `msr app~start`.

When running project sandboxes, all file changes and installations made inside the sandbox are automatically persisted to the `./menv` directory. This means you can stop and restart your sandbox any time without losing your work. Your development environment will be exactly as you left it.

##### Run an Temporary Sandbox

For experimentation or one-off tasks, temporary sandboxes provide a clean environment that leaves no trace:

```sh

msb exe --image python

```



_**or**_



```sh

msx python

```

Temporary sandboxes are perfect for isolating programs you get from the internet. Once you exit the sandbox, all changes are discarded automatically.

##

#### Installing Sandboxes

The `msb install` command sets up a sandbox as a system-wide executable. It installs a slim launcher program that allows you to start your sandbox from anywhere in your system with a simple command.

```sh

msb install --image alpine

```



_**or**_



```sh

msi alpine

```

After installation, you can start your sandbox by simply typing its name in any terminal:

```sh

alpine

```

This makes frequently used sandboxes incredibly convenient to access — no need to navigate to specific directories or remember complex commands. Just type the sandbox name and it launches immediately with all your configured settings.

> [!TIP]

> You can give your sandbox a descriptive, easy-to-remember name during installation:

>

> ```sh

> msi alpine:20250108 slim-linux

> ```

>

> This allows you to create multiple instances of the same sandbox image with different names and configurations. For example:

>

> - `msi python python-data-science` - A Python environment for data analysis

> - `msi python python-web` - A Python environment for web development

>

> Installed sandboxes maintain their state between sessions, so you can pick up exactly where you left off each time you launch them.

• • •


#   USE CASES





### Coding & Dev Environments

Let your AI agents build real apps with professional dev tools. When users ask their AI to create a web app, fix a bug, or build a prototype, it can handle everything from Git operations to dependency management to testing in a protected environment.

Your AI can create comprehensive development environments in milliseconds and run programs with full system access. The fast startup means developers get instant feedback and can iterate quickly. This makes it perfect for AI pair programming, coding education platforms, and automated code generation where quick results matter.








### Data Analysis

Transform raw numbers into meaningful insights with AI that works for you. Your AI can process spreadsheets, create charts, and generate reports safely. Whether it's analyzing customer feedback, sales trends, or research data, everything happens in a protected environment that respects data privacy.

Microsandbox lets your AI work with powerful libraries like NumPy, Pandas, and TensorFlow while creating visualizations that bring insights to life. Perfect for financial analysis tools, privacy-focused data processing, medical research, and any situation where you need serious computing power with appropriate safeguards.








### Web Browsing Agent

Build AI assistants that can browse the web for your users. Need to compare prices across stores, gather info from multiple news sites, or automate form submissions? Your AI can handle it all while staying in a contained environment.

With microsandbox, your AI can navigate websites, extract data, fill out forms, and handle logins. It can visit any site and deliver only the useful information back to your application. This makes it ideal for price comparison tools, research assistants, content aggregators, automated testing, and web automation workflows that would otherwise require complex setup.








### Instant App Hosting

Share working apps and demos in seconds without deployment headaches. When your AI creates a useful tool, calculator, visualization, or prototype, users can immediately access it through a simple link.

Zero-setup deployment means your AI-generated code can be immediately useful without complex configuration. Each app runs in its own protected space with appropriate resource limits, and everything cleans up automatically when no longer needed. Perfect for educational platforms hosting student projects, AI assistants creating live demos, and users needing immediate value.




• • •


### The Server Architecture

```mermaid

flowchart TB

    %% ── Client side ──────────────────────────

    subgraph ClientProcess["process"]

        A["Your Business Logic"]

        B["microsandbox SDK"]

        A -->|calls| B

    end

    %% ── Server side ─────────────────────────

    subgraph ServerProcess["process"]

        C["microsandbox server"]

    end

    B -->|sends untrusted code to| C

    %% ── Branching hub ───────────────────────

    D([ ])

    C -->|runs code in| D

    %% ── Individual MicroVMs ────────────────

    subgraph VM1["microVM"]

        VM1S["python environment"]

    end

    subgraph VM2["microVM"]

        VM2S["python environment"]

    end

    subgraph VM3["microVM"]

        VM3S["node environment"]

    end

    D --> VM1S

    D --> VM2S

    D --> VM3S

    %% ── Styling ─────────────────────────────

    style A    fill:#D6EAF8,stroke:#2E86C1,stroke-width:2px,color:#000000

    style B    fill:#D6EAF8,stroke:#2E86C1,stroke-width:2px,color:#000000

    style C    fill:#D5F5E3,stroke:#28B463,stroke-width:2px,color:#000000

    style D    fill:#F4F6F6,stroke:#ABB2B9,stroke-width:2px,color:#000000

    style VM1S fill:#FCF3CF,stroke:#F1C40F,stroke-width:2px,color:#000000

    style VM2S fill:#FCF3CF,stroke:#F1C40F,stroke-width:2px,color:#000000

    style VM3S fill:#FCF3CF,stroke:#F1C40F,stroke-width:2px,color:#000000

```

• • •


#   DEVELOPMENT

Interested in contributing to microsandbox? Check out our [Development Guide](./DEVELOPMENT.md) for instructions on setting up your development environment, building the project, running tests, and creating releases.

For contribution guidelines, please refer to [CONTRIBUTING.md](./CONTRIBUTING.md).

• • •


#   LICENSE

This project is licensed under the [Apache License 2.0](./LICENSE).

• • •


#   ACKNOWLEDGMENTS

We'd like to thank the following projects and communities that made microsandbox possible:

- **[libkrun](https://github.com/containers/libkrun)** - The lightweight virtualization library that powers our secure microVM isolation

Special thanks to all our contributors, testers, and community members who help make microsandbox better every day!

• • •


#   STAR HISTORY

Thanks for all the support!



  

   

     

     

     

   

  






• • •