Instant, Concurrent, Secure & Lightweight Sandbox for AI Agents CubeSandbox provides an instant, concurrent, secure, and lightweight sandbox service for AI agents. It addresses the need for reliable, hardware-isolated execution environments by leveraging RustVMM and KVM, providing sub-60ms cold starts and ultra-low memory overhead (<5MB). This enables high-density deployment of thousands of agents on a single machine, ideal for developers and researchers requiring robust, efficient agent execution.

How It Works

Utilizing RustVMM and KVM, CubeSandbox provides true kernel-level isolation, ensuring each agent runs in its own dedicated Guest OS kernel, mitigating shared-kernel security risks. Fast cold starts (<60ms) are achieved via resource pool pre-provisioning and snapshot cloning. Extreme memory reuse via Copy-on-Write (CoW) and an aggressively trimmed runtime yield per-instance memory overhead below 5MB, facilitating high-density deployments. Network security is enforced at the kernel level using eBPF-powered CubeVS for fine-grained traffic filtering.

Quick Start & Requirements

Requires a KVM-enabled x86_64 Linux environment (WSL 2, physical, or bare-metal). Setup involves cloning, preparing runtime (prepare_image.sh), booting (run_vm.sh), logging in (login.sh), and running an online install script. A sandbox template must be created using cubemastercli. Execution uses the e2b-code-interpreter Python SDK, requiring specific environment variables. Links to the Quick Start guide, full documentation, and example projects are provided.

Highlighted Details

• Blazing-fast cold start: Average <60ms via resource pool pre-provisioning and snapshot cloning.
• High-density deployment: Per-instance memory <5MB (CoW), enabling thousands of agents per node.
• True kernel-level isolation: Dedicated Guest OS kernel per agent eliminates escape risks.
• E2B SDK compatibility: Drop-in replacement, requiring only an environment variable change.
• Network security: eBPF-powered CubeVS enforces kernel-level network isolation and egress filtering.
• Production-ready: Validated at scale in Tencent Cloud production environments.

Maintenance & Community

Contributions welcome via GitHub Issues for bugs and GitHub Discussions for ideas. Community chat is available on Discord. The project acknowledges its reliance on open-source components like Cloud Hypervisor and Kata Containers.

Licensing & Compatibility

Released under the Apache License 2.0, permitting commercial use and integration with closed-source projects. It is designed as a drop-in replacement for the E2B SDK, facilitating migration.

Limitations & Caveats

Event-level snapshot rollback functionality is noted as "coming soon." The system requires a KVM-enabled x86_64 Linux environment, and initial image preparation/template building can be time-consuming.