# OpenSandbox

> A general-purpose, open-source sandbox platform for AI applications with multi-language SDKs, unified APIs, and Docker/Kubernetes runtimes.

OpenSandbox is a general-purpose sandbox platform for AI applications, offering multi-language SDKs, unified sandbox APIs, and Docker/Kubernetes runtimes. It supports scenarios like Coding Agents, GUI Agents, Agent Evaluation, AI Code Execution, and RL Training. Listed in the CNCF Landscape, it is built by Alibaba and licensed under Apache 2.0. OpenSandbox provides strong isolation via gVisor, Kata Containers, and Firecracker microVM, making it suitable for both local and large-scale distributed deployments.

- **Multi-language SDKs**: *Provides sandbox SDKs in Python, Java/Kotlin, JavaScript/TypeScript, C#/.NET, and Go — install via pip, npm, Maven, NuGet, or go get.*
- **Sandbox Protocol**: *Defines lifecycle management and execution APIs so you can extend custom sandbox runtimes beyond the built-in implementations.*
- **Sandbox Runtime**: *Built-in lifecycle management supporting Docker and high-performance Kubernetes runtime, enabling local runs and large-scale distributed scheduling.*
- **Sandbox Environments**: *Built-in Command, Filesystem, and Code Interpreter implementations; examples cover Coding Agents (Claude Code, Gemini CLI), browser automation (Chrome, Playwright), and desktop environments (VNC, VS Code).*
- **Network Policy**: *Unified Ingress Gateway with multiple routing strategies plus per-sandbox egress controls for fine-grained network management.*
- **Strong Isolation**: *Supports secure container runtimes like gVisor, Kata Containers, and Firecracker microVM for enhanced isolation between sandbox workloads and the host.*
- **CLI (`osb`)**: *A terminal CLI for common sandbox workflows — create sandboxes, run commands, move files, inspect diagnostics, and manage runtime egress policy; install via pip or uv.*
- **MCP Server**: *Exposes sandbox creation, command execution, and file operations to MCP-capable clients such as Claude Code and Cursor via the opensandbox-mcp package.*
- **Agent Integrations**: *Ready-made examples for LangGraph, Google ADK, Claude Code, Gemini CLI, OpenAI Codex CLI, Qwen Code, and Kimi CLI running inside sandboxes.*
- **ML and Training**: *Supports RL training workloads (e.g., DQN CartPole) inside sandboxes with checkpoints and summary output.*

## Features
- Multi-language SDKs (Python, Java/Kotlin, JavaScript/TypeScript, C#/.NET, Go)
- Unified Sandbox API with lifecycle management
- Docker and Kubernetes runtimes
- Built-in Code Interpreter
- Browser automation support (Chrome, Playwright)
- Desktop environment support (VNC, VS Code)
- Strong isolation via gVisor, Kata Containers, Firecracker microVM
- Ingress Gateway with multiple routing strategies
- Per-sandbox egress network controls
- CLI tool (osb) for sandbox management
- MCP server for Claude Code and Cursor integration
- Agent integrations (LangGraph, Google ADK, Claude Code, Gemini CLI, etc.)
- RL training workload support
- OpenAPI specs for sandbox lifecycle and execution APIs
- Kubernetes-native scheduling and deployment

## Integrations
Docker, Kubernetes, Claude Code, Gemini CLI, OpenAI Codex CLI, Qwen Code, Kimi CLI, LangGraph, Google ADK, Playwright, Chrome, VS Code, gVisor, Kata Containers, Firecracker microVM, OpenClaw

## Platforms
API, VSC_EXTENSION, DEVELOPER_SDK, CLI

## Pricing
Open Source

## Version
docker/egress/v1.0.10

## Links
- Website: https://open-sandbox.ai
- Documentation: https://open-sandbox.ai
- Repository: https://github.com/alibaba/OpenSandbox
- EveryDev.ai: https://www.everydev.ai/tools/opensandbox