microsandbox — Secure Local Sandboxes for AI Agents

Introduction

microsandbox gives AI agents a safe place to execute arbitrary code on your local machine. Each sandbox is an isolated micro-VM with its own filesystem and network stack, providing defense-in-depth without the overhead of full virtual machines or the security gaps of plain containers.

What microsandbox Does

• Spins up lightweight micro-VMs in milliseconds for executing untrusted code
• Provides SDKs for Node.js, Python, and Rust to programmatically create and manage sandboxes
• Supports filesystem mounts for sharing data between the host and sandbox
• Offers network isolation with configurable policies per sandbox
• Exposes an HTTP API and CLI for integration with any AI agent framework

Architecture Overview

microsandbox uses a Rust-based server that manages sandbox lifecycles through lightweight virtualization. Each sandbox runs in its own isolated environment with a minimal Linux userspace. The server exposes a local HTTP API that agent frameworks call to create sandboxes, execute commands, and retrieve results. Resource limits (CPU, memory, time) are enforced at the hypervisor level.

Self-Hosting & Configuration

• Install with the one-line installer or build from source with cargo build --release
• The server runs as a background daemon listening on localhost by default
• Configure resource limits per sandbox in ~/.config/microsandbox/config.toml
• Supports macOS and Linux; Windows support is under development
• No cloud dependency — all execution happens locally on your hardware

Key Features

• Millisecond sandbox startup for interactive agent workflows
• Strong isolation via micro-VM technology, not just containers
• Multi-language SDKs for TypeScript, Python, and Rust
• Configurable resource limits and network policies
• Open source under Apache 2.0 license

Comparison with Similar Tools

• E2B — cloud-hosted sandboxes; microsandbox runs entirely on your local machine
• Daytona — cloud dev environments; microsandbox focuses on ephemeral code execution
• Docker — container-based isolation with shared kernel; microsandbox provides VM-level separation
• Firecracker — low-level microVM manager; microsandbox adds agent-friendly SDKs and API

FAQ

Q: How is this different from running code in Docker? A: microsandbox uses micro-VM isolation which provides stronger security boundaries than shared-kernel containers.

Q: What languages can run inside a sandbox? A: Any language available in the sandbox image — Python, Node.js, Go, Rust, and others.

Q: Does it require root privileges? A: The server needs elevated privileges for VM management. Sandbox users do not.

Q: Can I mount host directories into the sandbox? A: Yes. Configure filesystem mounts in the sandbox creation request with read-only or read-write access.

Sources

• https://github.com/superradcompany/microsandbox
• https://microsandbox.dev