NVIDIA OpenShell
OpenShell is a safe, private sandboxed runtime for autonomous AI agents, enforcing declarative YAML policies to prevent unauthorized file access, data exfiltration, and uncontrolled network activity.
At a Glance
Fully free and open-source under the Apache License 2.0. Use, modify, and distribute freely.
Engagement
Available On
Listed May 2026
About NVIDIA OpenShell
OpenShell is NVIDIA's open-source, agent-first runtime that provides sandboxed execution environments for autonomous AI agents. It protects data, credentials, and infrastructure through declarative YAML policies enforced at the filesystem, network, process, and inference layers. Built primarily in Rust, OpenShell runs as a lightweight K3s Kubernetes cluster inside a single Docker container — no separate Kubernetes install required. It ships with built-in support for popular coding agents like Claude Code, Codex, OpenCode, and GitHub Copilot CLI.
- Sandboxed Execution — Each agent runs in an isolated container with policy-enforced egress routing, preventing unauthorized access to host resources.
- Declarative YAML Policies — Define filesystem, network, process, and inference constraints in YAML; static sections lock at creation, dynamic sections hot-reload at runtime without restarting the sandbox.
- Privacy Router — Privacy-aware LLM routing strips caller credentials, injects backend credentials, and keeps sensitive context on sandbox compute.
- Multi-Layer Protection — Defense-in-depth across four domains: filesystem path restrictions, outbound network blocking, privilege escalation prevention, and inference API rerouting.
- Credential Providers — Named credential bundles are injected as environment variables at runtime; credentials never touch the sandbox filesystem.
- GPU Support (Experimental) — Pass host NVIDIA GPUs into sandboxes for local inference or fine-tuning workloads using CDI or Docker's NVIDIA GPU request path.
- Agent Skills — Built-in workflow automation skills for CLI usage, cluster debugging, policy generation, security review, and more, discoverable by any coding agent.
- Terminal UI — Real-time keyboard-driven dashboard (inspired by k9s) for monitoring gateways, sandboxes, and providers with auto-refresh every two seconds.
- Community Sandboxes & BYOC — Launch sandboxes from the OpenShell Community catalog, a local Dockerfile, or any container image registry using the
--fromflag. - Easy Install — Install via a single
curlcommand or from PyPI usinguv, then runopenshell sandbox create -- claudeto spin up your first sandboxed agent.
Community Discussions
Be the first to start a conversation about NVIDIA OpenShell
Share your experience with NVIDIA OpenShell, ask questions, or help others learn from your insights.
Pricing
Open Source (Apache 2.0)
Fully free and open-source under the Apache License 2.0. Use, modify, and distribute freely.
- Sandboxed AI agent execution
- Declarative YAML policy enforcement
- Privacy-aware LLM routing
- GPU passthrough support (experimental)
- Community sandbox catalog
Capabilities
Key Features
- Sandboxed container execution for AI agents
- Declarative YAML policy enforcement
- Hot-reloadable network and inference policies
- Privacy-aware LLM routing
- Filesystem, network, process, and inference protection layers
- Credential provider injection (no filesystem leakage)
- GPU passthrough support (experimental)
- Built-in agent skills for debugging and policy generation
- Real-time terminal UI (TUI) dashboard
- Community sandbox catalog and BYOC support
- K3s Kubernetes cluster inside a single Docker container
- Support for Claude Code, Codex, OpenCode, Copilot, Ollama