35 comments

[ 4.7 ms ] story [ 73.0 ms ] thread
Why is it a problem to use containers?
every syscall on containers run on the kernal with full privelages, so if needed one can break out of the container and get access to the host
(comment deleted)
We use a service but it is always nice to have a free option if you need it. Good stuff.
using sandboxes makes a lot of sense now a days, but this is nowhere near the prod sandboxes the market has, they have a lot of work and optimizations going on! but yeah its little fun side project! thanks for the compliments :)
This relies on the agent requesting a sandbox... which seems like the fox guarding the hen house, no?
tbh, this is kind of a gray area, i should have thought little bit more on how it should have been architectured,

for me this was the ideal scenario: a cloud model on web with its own sandbox (something like claude with read/write to files and run commands)

i dont really think this could be considered as a fox guarding the hen house, its not that ai wants to infect your computer with its commands, if ai is provided the mcp server, it will it instead of using the tools like bash in most cases [if in a local setup]. I feel its more of a lumberjack guarding his weapons.

Is this a common pattern to have an agent request a sandbox? I feel like I'd want the whole agent running in it's own sandbox to begin with. Firecracker does look like a decent solution for that.
When I started to design the system, I thought of creating a way for an agent on the cloud to have access to a filesystem, such that they can read, write files and run commands. I can't really say that the startups in the space's main source of income is this, most of them rely on sdks for other platforms. I could adjust the core to work as a sdk as well, but right now the main interface is just a mcp server that a client can use
Seems these thing pop up here ever so often. Either using firecracker or docker/containers. How is this different from the other sandboxes? BTW I love that you got LLM testimonials lol
Given that this is using Firecracker, is it Linux only?
yes, it is supposed to be hosted on bare metal linux machines; anyone on any machine can use it as a sandbox after adding the mcp server to the client
interesting is the idea the agent calls it or just alt to terminal bash etc tool calls hey your tool calls are all microvms, containers, isoshells, raw term, clawd/molt all credentials with weaker and weaker security demarcs?
my ideal scenario is a cloud web model getting access to a sandbox to run commands and read/write to files. but yeah it could be used as an alternative to bash and read write tools.

I did not get your second question exactly, but yeah microvms can be considered one of the secure ways to run your agent

Great idea that is already implemented as a feature by major AI providers, several well funded startups, countless unfunded startups, and trivially solved per-user with any handful of existing technologies.

Truly baffling its in the top 5 of the front page. My first thought was bot army upvoting but the total points are quite low. That means this is some mod's personal idea of an especially interesting submission?

Having testimonials attributed to Gemini 3 Pro and Claude 4.5 Opus is... interesting. I'm curious what prompt was used to get those quotes.
lol thanks for the compliments, generated both the testimonials after giving the mcp server to both opus and gemini and asked their feedback on it.

it is supposed to be directly used by agents, so they are kind of my end users, hence it made sense to get their testimonials :)

Congrats on launching, and great testimonials!

What problem does it solve compared to bazillion code execution sandboxing agents (and containers/VMs)?

Overall, a lot of people are building their own code execution sandboxing agents around containers/VMs. Curious to know what's missing that makes people DIY this?

Here's my list of code execution sandboxing agents launched in the last year alone:

1. E2B 2. AIO Sandbox 3. Sandboxer 4. AgentSphere 5. Yolobox 6. Exe.dev 7. yolo-cage 8. SkillFS ERA Jazzberry Computer Vibekit Daytona Modal Cognitora YepCode Run Compute CLI Fence Landrun Sprites pctx-sandbox pctx Sandbox Agent SDK Lima-devbox OpenServ Browser Agent Playground Flintlock Agent Quickstart Bouvet Sandbox Arrakis Cellmate (ceLLMate) AgentFence Tasker

Thanks for the compliments! I can't really say that it has a unique differentiator between all the other sandboxes out in the market, this was supposed to be a poc version on how i could be building a sandbox for agents, this had been haunting me since a few months, tried out what could happen!

the actual sandboxes in the market are doing a lot of work in optimizing the system end to end, and most of it is pretty hard. this project just scratches the surface

yes this is pretty busy market, but it is just pure infra/OS problem and many of it has already been solved in the past decades, right now its just who can fit everything together fastest
You built a voluntary sandbox and it also uses lots of tokens in the context to load in the MCP definition?

Just looking to understand if the sandbox can be bypassed?