# microsandbox — Secure Local Sandboxes for AI Agents

> microsandbox provides lightweight, programmable sandboxes that let AI agents execute code safely on your own machine, with strong isolation and support for multiple runtimes.

## Install

Save the content below to `.claude/skills/` or append to your `CLAUDE.md`:

# microsandbox — Secure Local Sandboxes for AI Agents

## Quick Use
```bash
# Install the server
curl -fsSL https://get.microsandbox.dev | sh
# Start the sandbox server
msb server start
# Run code in an isolated sandbox
msb run python -c "print('hello from sandbox')"
```

## Introduction
microsandbox gives AI agents a safe place to execute arbitrary code on your local machine. Each sandbox is an isolated micro-VM with its own filesystem and network stack, providing defense-in-depth without the overhead of full virtual machines or the security gaps of plain containers.

## What microsandbox Does
- Spins up lightweight micro-VMs in milliseconds for executing untrusted code
- Provides SDKs for Node.js, Python, and Rust to programmatically create and manage sandboxes
- Supports filesystem mounts for sharing data between the host and sandbox
- Offers network isolation with configurable policies per sandbox
- Exposes an HTTP API and CLI for integration with any AI agent framework

## Architecture Overview
microsandbox uses a Rust-based server that manages sandbox lifecycles through lightweight virtualization. Each sandbox runs in its own isolated environment with a minimal Linux userspace. The server exposes a local HTTP API that agent frameworks call to create sandboxes, execute commands, and retrieve results. Resource limits (CPU, memory, time) are enforced at the hypervisor level.

## Self-Hosting & Configuration
- Install with the one-line installer or build from source with `cargo build --release`
- The server runs as a background daemon listening on localhost by default
- Configure resource limits per sandbox in `~/.config/microsandbox/config.toml`
- Supports macOS and Linux; Windows support is under development
- No cloud dependency — all execution happens locally on your hardware

## Key Features
- Millisecond sandbox startup for interactive agent workflows
- Strong isolation via micro-VM technology, not just containers
- Multi-language SDKs for TypeScript, Python, and Rust
- Configurable resource limits and network policies
- Open source under Apache 2.0 license

## Comparison with Similar Tools
- **E2B** — cloud-hosted sandboxes; microsandbox runs entirely on your local machine
- **Daytona** — cloud dev environments; microsandbox focuses on ephemeral code execution
- **Docker** — container-based isolation with shared kernel; microsandbox provides VM-level separation
- **Firecracker** — low-level microVM manager; microsandbox adds agent-friendly SDKs and API

## FAQ
**Q: How is this different from running code in Docker?**
A: microsandbox uses micro-VM isolation which provides stronger security boundaries than shared-kernel containers.

**Q: What languages can run inside a sandbox?**
A: Any language available in the sandbox image — Python, Node.js, Go, Rust, and others.

**Q: Does it require root privileges?**
A: The server needs elevated privileges for VM management. Sandbox users do not.

**Q: Can I mount host directories into the sandbox?**
A: Yes. Configure filesystem mounts in the sandbox creation request with read-only or read-write access.

## Sources
- https://github.com/superradcompany/microsandbox
- https://microsandbox.dev

---
Source: https://tokrepo.com/en/workflows/microsandbox-secure-local-sandboxes-ai-agents-bc067d8e
Author: Script Depot