Cette page est affichée en anglais. Une traduction française est en cours.
ScriptsMay 25, 2026·2 min de lecture

OpenShell — Secure Agent Runtime by NVIDIA

A safe and private runtime environment for autonomous AI agents developed by NVIDIA. OpenShell provides isolated execution contexts where agents can operate with controlled access to system resources.

Prêt pour agents

Installation agent prête

Cet actif peut être installé après choix du runtime, vérification du plan et exécution de la commande adaptée.

Native · 98/100Policy : autoriser
Surface agent
Tout agent MCP/CLI
Type
Skill
Installation
Single
Confiance
Confiance : Established
Point d'entrée
OpenShell Overview
Commande d'installation directe
npx -y tokrepo@latest install fdcca0ba-57f1-11f1-9bc6-00163e2b0d79 --target codex

À exécuter après confirmation du plan en dry-run.

Introduction

OpenShell is an open-source agent runtime from NVIDIA that provides a secure, private execution environment for autonomous AI agents. It allows agents to run shell commands, read and write files, and interact with tools while maintaining strict isolation boundaries to prevent unintended side effects.

What OpenShell Does

  • Creates isolated execution environments for AI agents to run safely
  • Controls agent access to file systems, networks, and processes via policies
  • Provides a standard interface for agents to execute shell commands securely
  • Supports audit logging of all agent actions for review and debugging
  • Runs locally with no data leaving the host machine

Architecture Overview

OpenShell is built in Rust and uses Linux namespaces and seccomp filters to create lightweight sandboxes for agent execution. Each agent session gets its own isolated environment with a controlled view of the file system. A policy engine evaluates each agent action against the configured rules before execution. The system produces a full audit trail of all commands and file modifications.

Self-Hosting & Configuration

  • Build from source with the Rust toolchain on Linux
  • Define security policies in a TOML configuration file
  • Specify allowed directories, commands, and network access per agent
  • Configure audit log output location and verbosity
  • Supports running multiple isolated agent sessions concurrently

Key Features

  • Linux namespace-based isolation for lightweight, fast sandboxes
  • Fine-grained policy engine controlling file, network, and process access
  • Full audit trail of every agent action for accountability
  • Developed and maintained by NVIDIA
  • No external dependencies beyond the Linux kernel

Comparison with Similar Tools

  • E2B — cloud-hosted sandboxes; OpenShell runs on your own Linux machine
  • IronClaw — uses WebAssembly sandboxing; OpenShell uses Linux namespaces
  • Docker — container-level isolation; OpenShell is lighter and agent-aware
  • CubeSandbox — similar scope from Tencent; OpenShell leverages NVIDIA's agent research

FAQ

Q: Does it require NVIDIA GPUs? A: No. OpenShell is a CPU-based runtime. It does not require NVIDIA hardware despite being developed by NVIDIA.

Q: Which operating systems are supported? A: Linux only, as it relies on Linux namespaces and seccomp for isolation.

Q: Can it run multiple agents simultaneously? A: Yes. Each agent session runs in its own isolated namespace with independent policies.

Q: Is it production-ready? A: OpenShell is under active development. Review the issue tracker for known limitations before deploying in production.

Sources

Fil de discussion

Connectez-vous pour rejoindre la discussion.
Aucun commentaire pour l'instant. Soyez le premier à partager votre avis.

Actifs similaires