Sub-millisecond virtual machine sandboxes for AI agents are provided by Zeroboot, utilizing copy-on-write forking. This offers developers extremely fast, hardware-isolated execution environments, significantly outperforming alternatives in spawn latency and memory footprint, making it ideal for dynamic AI agent workloads.

How It Works

The system employs Firecracker snapshots combined with mmap(MAP_PRIVATE) for copy-on-write memory mapping and KVM VMs to restore CPU state. This approach enables rapid VM forking (~0.8ms) while ensuring hardware-enforced memory isolation for each sandbox, providing robust security and performance.

Quick Start & Requirements

• Managed API: Execute code via curl -X POST https://api.zeroboot.dev/v1/exec with a JSON payload containing the code. A demo token zb_demo_hn2026 is available.
• SDKs: Official SDKs are provided for Python (zeroboot.Sandbox) and TypeScript (@zeroboot/sdk).
• Self-hosting: Requires a Linux environment with KVM enabled.
• Prerequisites: KVM hypervisor for self-hosting; API keys are necessary for the managed service.
• Documentation: Links to official Docs, API Reference, Deployment Guide, and Architecture are mentioned within the README.

Highlighted Details

• Spawn Latency: Achieves a p50 spawn latency of 0.79ms and p99 of 1.74ms, dramatically faster than competitors like E2B (~150ms p50) and microsandbox (~200ms p50).
• Memory Efficiency: Sandboxes require minimal memory, around ~265KB, a significant reduction compared to alternatives consuming ~50-128MB.
• Performance: Python fork and execution complete in approximately 8ms, and 1000 concurrent forks can be managed within 815ms.
• Isolation: Utilizes real KVM virtual machines for hardware-enforced memory isolation.

Maintenance & Community

The project is currently a "working prototype" and not yet production-hardened. Users interested in specific features or improvements are encouraged to open an issue. Early access to a managed service for teams is available via a Tally.so signup link.

Licensing & Compatibility

Licensed under the Apache-2.0 license. This permissive license generally allows for commercial use and integration into closed-source applications without significant restrictions.

Limitations & Caveats

Forks initially share the same CSPRNG state, necessitating explicit reseeding for userspace PRNGs like NumPy or OpenSSL. Each sandbox is limited to a single vCPU, and direct networking is not supported; communication occurs strictly via serial I/O. Updating sandbox templates requires a full re-snapshot, taking approximately 15 seconds, as incremental patching is not implemented. The system is explicitly noted as a prototype and not production-hardened.