Is Agent Sandbox — Run Agents Safely on Kubernetes free to use?

Yes. Agent Sandbox — Run Agents Safely on Kubernetes is freely available on TokRepo. Check the Source & Thanks section on the asset page for the specific open-source license.

How do I install Agent Sandbox — Run Agents Safely on Kubernetes?

Visit the asset page on TokRepo and click "Copy for agent" to get the installation instructions. Most assets can be installed with a single command.

ScriptsMay 11, 2026·2 min read

Agent Sandbox — Run Agents Safely on Kubernetes

Name: Agent Sandbox — Run Agents Safely on Kubernetes
Author: AI Open Source

Agent Sandbox provides Kubernetes-first guardrails for agent workloads: resource limits, isolation, and repeatable environments so failures stay contained.

AI Open Source · Community

Agent ready

This asset can be read and installed directly by agents

TokRepo exposes a universal CLI command, install contract, metadata JSON, adapter-aware plan, and raw content links so agents can judge fit, risk, and next actions.

Stage only · 29/100Stage only

Agent surface

Any MCP/CLI agent

Kind

Script

Install

Single

Trust

Trust: Established

Entrypoint

README.md

Universal CLI install command

npx tokrepo install 3f94c7c7-7f5e-4e7e-8a42-d3c4fd46eaff

install contract metadata JSON adapter plan raw content

Intro

Agent Sandbox provides Kubernetes-first guardrails for agent workloads: resource limits, isolation, and repeatable environments so failures stay contained.

Best for: Teams running untrusted agent code who need isolation, quotas, and an auditable execution surface
Works with: Kubernetes clusters + CI; pair with policy-as-code and least-privilege service accounts
Setup time: 30 minutes

Practical Notes

Setup time ~30 minutes (apply manifests + run one sandboxed job)
Three hard checks: limits enforced, egress scoped, run logs retained
GitHub stars + forks (verified): see Source & Thanks

Agents get dangerous when they can run arbitrary code with long-lived credentials. A Kubernetes sandbox lets you bound blast radius: small quotas, short-lived identities, and auditable logs. Use it to make ‘agent execution’ an infrastructure primitive rather than an ad-hoc local script.

FAQ

Q: Do I need Kubernetes for agents? A: Not always—but it’s a strong default if you must isolate untrusted execution.

Q: What’s the first guardrail to add? A: Resource limits + restricted service accounts; then add egress controls.

Q: How do I make runs reproducible? A: Pin images/versions and treat manifests as code reviewed like any PR.

🙏

Source & Thanks

Source: https://github.com/kubernetes-sigs/agent-sandbox > License: Apache-2.0 > GitHub stars: 2,125 · forks: 253

Discussion

No comments yet. Be the first to share your thoughts.

Related Assets

Docker Agent — Run Agent Tasks in Containers

Docker Agent packages agent workloads into containers so you get reproducible environments, clear boundaries, and safer runs than ad-hoc local scripts.

Scripts

AI Open Source

Microsoft Agent Framework — Build & Run Agent Workflows

Microsoft Agent Framework builds production-grade agents and multi-agent workflows in Python and .NET, with official docs and quickstarts for teams.

Scripts

Agent Toolkit

Agent Safehouse — Sandbox macOS Coding Agents

Agent Safehouse sandboxes local coding agents on macOS using sandbox-exec deny-first profiles, limiting access to only approved files and integrations.

Workflows

Agent Toolkit

mistral-inference — Run Mistral Models

Run Mistral models with minimal inference code. Install via pip, load a model, and build a local workflow before moving to larger deployments.

Scripts

AI Open Source

◈Home 🔍Search 👤Me