# NVIDIA OpenShell

> OpenShell is a safe, private sandboxed runtime for autonomous AI agents, enforcing declarative YAML policies to prevent unauthorized file access, data exfiltration, and uncontrolled network activity.

OpenShell is NVIDIA's open-source, agent-first runtime that provides sandboxed execution environments for autonomous AI agents. It protects data, credentials, and infrastructure through declarative YAML policies enforced at the filesystem, network, process, and inference layers. Built primarily in Rust, OpenShell runs as a lightweight K3s Kubernetes cluster inside a single Docker container — no separate Kubernetes install required. It ships with built-in support for popular coding agents like Claude Code, Codex, OpenCode, and GitHub Copilot CLI.

- **Sandboxed Execution** — *Each agent runs in an isolated container with policy-enforced egress routing, preventing unauthorized access to host resources.*
- **Declarative YAML Policies** — *Define filesystem, network, process, and inference constraints in YAML; static sections lock at creation, dynamic sections hot-reload at runtime without restarting the sandbox.*
- **Privacy Router** — *Privacy-aware LLM routing strips caller credentials, injects backend credentials, and keeps sensitive context on sandbox compute.*
- **Multi-Layer Protection** — *Defense-in-depth across four domains: filesystem path restrictions, outbound network blocking, privilege escalation prevention, and inference API rerouting.*
- **Credential Providers** — *Named credential bundles are injected as environment variables at runtime; credentials never touch the sandbox filesystem.*
- **GPU Support (Experimental)** — *Pass host NVIDIA GPUs into sandboxes for local inference or fine-tuning workloads using CDI or Docker's NVIDIA GPU request path.*
- **Agent Skills** — *Built-in workflow automation skills for CLI usage, cluster debugging, policy generation, security review, and more, discoverable by any coding agent.*
- **Terminal UI** — *Real-time keyboard-driven dashboard (inspired by k9s) for monitoring gateways, sandboxes, and providers with auto-refresh every two seconds.*
- **Community Sandboxes & BYOC** — *Launch sandboxes from the OpenShell Community catalog, a local Dockerfile, or any container image registry using the `--from` flag.*
- **Easy Install** — *Install via a single `curl` command or from PyPI using `uv`, then run `openshell sandbox create -- claude` to spin up your first sandboxed agent.*

## Features
- Sandboxed container execution for AI agents
- Declarative YAML policy enforcement
- Hot-reloadable network and inference policies
- Privacy-aware LLM routing
- Filesystem, network, process, and inference protection layers
- Credential provider injection (no filesystem leakage)
- GPU passthrough support (experimental)
- Built-in agent skills for debugging and policy generation
- Real-time terminal UI (TUI) dashboard
- Community sandbox catalog and BYOC support
- K3s Kubernetes cluster inside a single Docker container
- Support for Claude Code, Codex, OpenCode, Copilot, Ollama

## Integrations
Claude Code, OpenCode, Codex (OpenAI), GitHub Copilot CLI, OpenClaw, Ollama, Docker, K3s / Kubernetes, NVIDIA Container Toolkit, PyPI, GitHub

## Platforms
WINDOWS, MACOS, LINUX, WEB, API, CLI

## Pricing
Open Source

## Version
v0.0.36

## Links
- Website: https://docs.nvidia.com/openshell/latest/
- Documentation: https://docs.nvidia.com/openshell/latest/index.html
- Repository: https://github.com/NVIDIA/OpenShell
- EveryDev.ai: https://www.everydev.ai/tools/nvidia-openshell