Microsandbox: Virtual Machines that feel and perform like containers

1 month ago 2

——— easy secure execution of untrusted user/ai code ———

Ever needed to run code you don't fully trust? Whether it's AI-generated code, user submissions, or experimental code, the traditional options all have serious drawbacks:

Running locally - One malicious script and your entire system is compromised
Using containers - Shared kernels mean sophisticated attacks can still break out
Traditional VMs - Waiting 10+ seconds for a VM to boot kills productivity and performance
Cloud solutions - Not as flexible, at the whim of the cloud provider

microsandbox combines the best of all worlds:

• • •

Get started in few easy steps:

1 Start the Server

curl -sSL https://get.microsandbox.dev | sh

Tip

microsandbox server is also an MCP server, so it works directly with Claude, Agno and other MCP-enabled AI tools and agents.

For more information on setting up the server, see the self-hosting guide.

Optionally pull the environment image

msb pull microsandbox/python

2 Install the SDK

Note

There are SDKs for other languages as well! Join us in expanding support for your favorite language.

3 Execute the Code

microsandbox offers a growing list of sandbox environment types optimized for different execution requirements. Choose the appropriate sandbox (e.g., PythonSandbox or NodeSandbox) to run your code in a secure tailored environment.

import asyncio from microsandbox import PythonSandbox async def main(): async with PythonSandbox.create(name="test") as sb: exec = await sb.run("name = 'Python'") exec = await sb.run("print(f'Hello {name}!')") print(await exec.output()) # prints Hello Python! asyncio.run(main())

import { NodeSandbox } from "microsandbox"; async function main() { const sb = await NodeSandbox.create({ name: "test" }); try { let exec = await sb.run("var name = 'JavaScript'"); exec = await sb.run("console.log(`Hello ${name}!`)"); console.log(await exec.output()); // prints Hello JavaScript! } finally { await sb.stop(); } } main().catch(console.error);

use microsandbox::{SandboxOptions, PythonSandbox}; #[tokio::main] async fn main() -> Result<(), Box<dyn std::error::Error>> { let mut sb = PythonSandbox::create(SandboxOptions::builder().name("test").build()).await?; let exec = sb.run(r#"name = "Python""#).await?; let exec = sb.run(r#"print(f"Hello {name}!")"#).await?; println!("{}", exec.output().await?); // prints Hello Python! sb.stop().await?; Ok(()) }

Note

If you haven't pulled the environment image, the first run will take a while as it tries to download it. Executions will be much faster afterwards.

For more information on how to use the SDK, check out the SDK README.

Beyond the SDK, microsandbox supports project-based development with the familiar package-manager workflow devs are used to. Think of it like npm or cargo, but for sandboxes!

Create a Sandboxfile, define your environments, and manage your sandboxes with simple commands.

This creates a Sandboxfile in the current directory, which serves as the configuration manifest for your sandbox environments.

Add a Sandbox to the Project

msb add app \ --image python \ --cpus 1 \ --memory 1024 \ --start 'python -c "print(\"hello\")"'

The command above registers a new sandbox named app in your Sandboxfile, configured to use the python image.

You should now have a Sandboxfile containing a sandbox named app:

# Sandbox configurations sandboxes: app: image: python memory: 1024 cpus: 1 scripts: start: python -c "print(\"hello\")"

Tip

Run msb <subcommand> --help to see all the options available for a subcommand.

For example, msb add --help.

Run a Sandbox Defined in Your Project

This executes the default start script of your sandbox. For more control, you can directly specify which script to run — msr app~start.

When running project sandboxes, all file changes and installations made inside the sandbox are automatically persisted to the ./menv directory. This means you can stop and restart your sandbox any time without losing your work. Your development environment will be exactly as you left it.

For experimentation or one-off tasks, temporary sandboxes provide a clean environment that leaves no trace:

Temporary sandboxes are perfect for isolating programs you get from the internet. Once you exit the sandbox, all changes are completely discarded.

The msb install command sets up a sandbox as a system-wide executable. It installs a slim launcher program that allows you to start your sandbox from anywhere in your system with a simple command.

msb install --image alpine

After installation, you can start your sandbox by simply typing its name in any terminal:

This makes frequently used sandboxes incredibly convenient to access — no need to navigate to specific directories or remember complex commands. Just type the sandbox name and it launches immediately with all your configured settings.

Tip

You can give your sandbox a descriptive, easy-to-remember name during installation:

msi alpine:20250108 slim-linux

This allows you to create multiple instances of the same sandbox image with different names and configurations. For example:

msi python python-data-science - A Python environment for data analysis
msi python python-web - A Python environment for web development

Installed sandboxes maintain their state between sessions, so you can pick up exactly where you left off each time you launch them.

• • •

Coding & Dev Environments

Let your AI agents build real apps with professional dev tools. When users ask their AI to create a web app, fix a bug, or build a prototype, it can handle everything from Git operations to dependency management to testing in a protected environment.

Your AI can create complete development environments in milliseconds and run programs with full system access. The fast startup means developers get instant feedback and can iterate quickly. This makes it perfect for AI pair programming, coding education platforms, and automated code generation where quick results matter.

Transform raw numbers into meaningful insights with AI that works for you. Your AI can process spreadsheets, create charts, and generate reports safely. Whether it's analyzing customer feedback, sales trends, or research data, everything happens in a protected environment that respects data privacy.

Microsandbox lets your AI work with powerful libraries like NumPy, Pandas, and TensorFlow while creating visualizations that bring insights to life. Perfect for financial analysis tools, privacy-focused data processing, medical research, and any situation where you need serious computing power with appropriate safeguards.

Build AI assistants that can browse the web for your users. Need to compare prices across stores, gather info from multiple news sites, or automate form submissions? Your AI can handle it all while staying in a contained environment.

With microsandbox, your AI can navigate websites, extract data, fill out forms, and handle logins. It can visit any site and deliver only the useful information back to your application. This makes it ideal for price comparison tools, research assistants, content aggregators, automated testing, and web automation workflows that would otherwise require complex setup.

Share working apps and demos in seconds without deployment headaches. When your AI creates a useful tool, calculator, visualization, or prototype, users can immediately access it through a simple link.

Zero-setup deployment means your AI-generated code can be immediately useful without complex configuration. Each app runs in its own protected space with appropriate resource limits, and everything cleans up automatically when no longer needed. Perfect for educational platforms hosting student projects, AI assistants creating live demos, and users needing immediate value.

• • •

flowchart TB %% ── Client side ────────────────────────── subgraph ClientProcess["process"] A["Your Business Logic"] B["microsandbox SDK"] A -->|calls| B end %% ── Server side ───────────────────────── subgraph ServerProcess["process"] C["microsandbox server"] end B -->|sends untrusted code to| C %% ── Branching hub ─────────────────────── D([ ]) C -->|runs code in| D %% ── Individual MicroVMs ──────────────── subgraph VM1["microVM"] VM1S["python environment"] end subgraph VM2["microVM"] VM2S["python environment"] end subgraph VM3["microVM"] VM3S["node environment"] end D --> VM1S D --> VM2S D --> VM3S %% ── Styling ───────────────────────────── style A fill:#D6EAF8,stroke:#2E86C1,stroke-width:2px,color:#000000 style B fill:#D6EAF8,stroke:#2E86C1,stroke-width:2px,color:#000000 style C fill:#D5F5E3,stroke:#28B463,stroke-width:2px,color:#000000 style D fill:#F4F6F6,stroke:#ABB2B9,stroke-width:2px,color:#000000 style VM1S fill:#FCF3CF,stroke:#F1C40F,stroke-width:2px,color:#000000 style VM2S fill:#FCF3CF,stroke:#F1C40F,stroke-width:2px,color:#000000 style VM3S fill:#FCF3CF,stroke:#F1C40F,stroke-width:2px,color:#000000

• • •

Interested in contributing to microsandbox? Check out our Development Guide for instructions on setting up your development environment, building the project, running tests, and creating releases.

For contribution guidelines, please refer to CONTRIBUTING.md.

• • •

This project is licensed under the Apache License 2.0.

• • •

Thanks for all the support!