[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-5664":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":17,"stars7d":18,"stars30d":19,"stars90d":16,"forks30d":16,"starsTrendScore":20,"compositeScore":21,"rankGlobal":10,"rankLanguage":10,"license":22,"archived":23,"fork":23,"defaultBranch":24,"hasWiki":25,"hasPages":25,"topics":26,"createdAt":10,"pushedAt":10,"updatedAt":27,"readmeContent":28,"aiSummary":29,"trendingCount":16,"starSnapshotCount":16,"syncStatus":30,"lastSyncTime":31,"discoverSource":32},5664,"OpenShell","NVIDIA\u002FOpenShell","NVIDIA","OpenShell is the safe, private runtime for autonomous AI agents.","https:\u002F\u002Fdocs.nvidia.com\u002Fopenshell\u002Flatest\u002F",null,"Rust",7031,844,21,196,0,28,284,1232,161,39.78,"Apache License 2.0",false,"main",true,[],"2026-06-12 02:01:13","# NVIDIA OpenShell\n\n[![License](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FLicense-Apache_2.0-blue)](https:\u002F\u002Fgithub.com\u002FNVIDIA\u002FOpenShell\u002Fblob\u002Fmain\u002FLICENSE)\n[![PyPI](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FPyPI-openshell-orange?logo=pypi)](https:\u002F\u002Fpypi.org\u002Fproject\u002Fopenshell\u002F)\n[![Security Policy](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FSecurity-Report%20a%20Vulnerability-red)](SECURITY.md)\n[![Documentation](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Fdocs-latest-brightgreen)](https:\u002F\u002Fdocs.nvidia.com\u002Fopenshell\u002Flatest\u002Findex.html)\n[![Project Status](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Fstatus-alpha-orange)](https:\u002F\u002Fdocs.nvidia.com\u002Fopenshell\u002Flatest\u002Fabout\u002Frelease-notes.html)\n\nOpenShell is the safe, private runtime for autonomous AI agents. It provides sandboxed execution environments that protect your data, credentials, and infrastructure — governed by declarative YAML policies that prevent unauthorized file access, data exfiltration, and uncontrolled network activity.\n\nOpenShell is built agent-first. The project ships with agent skills for everything from gateway troubleshooting to policy generation, and we expect contributors to use them.\n\n> **Alpha software — single-player mode.** OpenShell is proof-of-life: one developer, one environment, one gateway. We are building toward multi-tenant enterprise deployments, but the starting point is getting your own environment up and running. Expect rough edges. Bring your agent.\n\n## Quickstart\n\n### Prerequisites\n\n- **A supported host** — macOS, Windows with WSL 2, or Linux.\n- **A local runtime** — Docker, Podman, or host virtualization enabled for MicroVM-backed sandboxes.\n\n### Install\n\n**Binary (recommended):**\n\n```bash\ncurl -LsSf https:\u002F\u002Fraw.githubusercontent.com\u002FNVIDIA\u002FOpenShell\u002Fmain\u002Finstall.sh | sh\n```\n\n**From PyPI (requires [uv](https:\u002F\u002Fdocs.astral.sh\u002Fuv\u002F)):**\n\n```bash\nuv tool install -U openshell\n```\n\nBoth methods install the latest stable release by default. To install a specific version, set `OPENSHELL_VERSION` (binary) or pin the version with `uv tool install openshell==\u003Cversion>`. A [`dev` release](https:\u002F\u002Fgithub.com\u002FNVIDIA\u002FOpenShell\u002Freleases\u002Ftag\u002Fdev) is also available that tracks the latest commit on `main`.\n\n**Helm chart:**\n\n> **Experimental** — the Kubernetes deployment path is under active development. Expect rough edges and breaking changes.\n\nDeploy the OpenShell gateway into a Kubernetes cluster from the OCI chart published to GHCR:\n\n```bash\nhelm install openshell oci:\u002F\u002Fghcr.io\u002Fnvidia\u002Fopenshell\u002Fhelm-chart\n```\n\nSee [`deploy\u002Fhelm\u002Fopenshell\u002FREADME.md`](deploy\u002Fhelm\u002Fopenshell\u002FREADME.md) for available versions, dev tag conventions, and configuration.\n\n### Create a sandbox\n\n```bash\nopenshell sandbox create -- claude # or opencode, codex, copilot\n```\n\nThe sandbox container includes the following tools by default:\n\n| Category | Tools |\n| ---------- | -------------------------------------------------------- |\n| Agent | `claude`, `opencode`, `codex`, `copilot` |\n| Language | `python` (3.13), `node` (22) |\n| Developer | `gh`, `git`, `vim`, `nano` |\n| Networking | `ping`, `dig`, `nslookup`, `nc`, `traceroute`, `netstat` |\n\nFor more details see https:\u002F\u002Fgithub.com\u002FNVIDIA\u002FOpenShell-Community\u002Ftree\u002Fmain\u002Fsandboxes\u002Fbase.\n\n### See network policy in action\n\nEvery sandbox starts with **minimal outbound access**. You open additional access with a short YAML policy that the proxy enforces at the HTTP method and path level, without restarting anything.\n\n```bash\n# 1. Create a sandbox (starts with minimal outbound access)\nopenshell sandbox create\n\n# 2. Inside the sandbox — blocked\nsandbox$ curl -sS https:\u002F\u002Fapi.github.com\u002Fzen\ncurl: (56) Received HTTP code 403 from proxy after CONNECT\n\n# 3. Back on the host — apply a read-only GitHub API policy\nsandbox$ exit\nopenshell policy set demo --policy examples\u002Fsandbox-policy-quickstart\u002Fpolicy.yaml --wait\n\n# 4. Reconnect — GET allowed, POST blocked by L7\nopenshell sandbox connect demo\nsandbox$ curl -sS https:\u002F\u002Fapi.github.com\u002Fzen\nAnything added dilutes everything else.\n\nsandbox$ curl -sS -X POST https:\u002F\u002Fapi.github.com\u002Frepos\u002Foctocat\u002Fhello-world\u002Fissues -d '{\"title\":\"oops\"}'\n{\"error\":\"policy_denied\",\"detail\":\"POST \u002Frepos\u002Foctocat\u002Fhello-world\u002Fissues not permitted by policy\"}\n```\n\nSee the [full walkthrough](examples\u002Fsandbox-policy-quickstart\u002F) or run the automated demo:\n\n```bash\nbash examples\u002Fsandbox-policy-quickstart\u002Fdemo.sh\n```\n\n## How It Works\n\nOpenShell isolates each sandbox in its own container with policy-enforced egress routing. A lightweight gateway coordinates sandbox lifecycle, and every outbound connection is intercepted by the policy engine, which does one of three things:\n\n- **Allows** — the destination and binary match a policy block.\n- **Routes for inference** — strips caller credentials, injects backend credentials, and forwards to the managed model.\n- **Denies** — blocks the request and logs it.\n\n| Component | Role |\n| ------------------ | -------------------------------------------------------------------------------------------- |\n| **Gateway** | Control-plane API that coordinates sandbox lifecycle and acts as the auth boundary. |\n| **Sandbox** | Isolated runtime with container supervision and policy-enforced egress routing. |\n| **Policy Engine** | Enforces filesystem, network, and process constraints from application layer down to kernel. |\n| **Privacy Router** | Privacy-aware LLM routing that keeps sensitive context on sandbox compute. |\n\nOpenShell runs a gateway control plane that manages sandbox lifecycle through a configured compute driver. Supported compute platforms include Docker, Podman, MicroVM, and Kubernetes.\n\n## Protection Layers\n\nOpenShell applies defense in depth across four policy domains:\n\n| Layer | What it protects | When it applies |\n| ---------- | --------------------------------------------------- | --------------------------- |\n| Filesystem | Prevents reads\u002Fwrites outside allowed paths. | Locked at sandbox creation. |\n| Network | Blocks unauthorized outbound connections. | Hot-reloadable at runtime. |\n| Process | Blocks privilege escalation and dangerous syscalls. | Locked at sandbox creation. |\n| Inference | Reroutes model API calls to controlled backends. | Hot-reloadable at runtime. |\n\nPolicies are declarative YAML files. Static sections (filesystem, process) are locked at creation; dynamic sections (network, inference) can be hot-reloaded on a running sandbox with `openshell policy set`.\n\n## Providers\n\nAgents need credentials — API keys, tokens, service accounts. OpenShell manages these as **providers**: named credential bundles that are injected into sandboxes at creation. The CLI auto-discovers credentials for recognized agents (Claude, Codex, OpenCode, Copilot) from your shell environment, or you can create providers explicitly with `openshell provider create`. Credentials never leak into the sandbox filesystem; they are injected as environment variables at runtime.\n\n## GPU Support (Experimental)\n\n> **Experimental** — GPU passthrough works on supported hosts but is under active development. Expect rough edges and breaking changes.\n\nOpenShell can pass host GPUs into sandboxes for local inference, fine-tuning, or any GPU workload. Add `--gpu` when creating a sandbox:\n\n```bash\nopenshell sandbox create --gpu --from [gpu-enabled-sandbox] -- claude\n```\n\nDocker-backed GPU sandboxes auto-select CDI when available and otherwise fall back to Docker's NVIDIA GPU request path (`--gpus all`). GPU intent is also inferred automatically for community images with `gpu` in the name.\n\n**Requirements:** NVIDIA drivers and the [NVIDIA Container Toolkit](https:\u002F\u002Fdocs.nvidia.com\u002Fdatacenter\u002Fcloud-native\u002Fcontainer-toolkit\u002Flatest\u002Finstall-guide.html) must be installed on the host. The sandbox image itself must include the appropriate GPU drivers and libraries for your workload — the default `base` image does not. See the [BYOC example](https:\u002F\u002Fgithub.com\u002FNVIDIA\u002FOpenShell\u002Ftree\u002Fmain\u002Fexamples\u002Fbring-your-own-container) for building a custom sandbox image with GPU support.\n\n## Supported Agents\n\n| Agent | Source | Notes |\n| ------------------------------------------------------------- | -------------------------------------------------------------------------------- | ----------------------------------------------------------------------------- |\n| [Claude Code](https:\u002F\u002Fdocs.anthropic.com\u002Fen\u002Fdocs\u002Fclaude-code) | [`base`](https:\u002F\u002Fgithub.com\u002FNVIDIA\u002FOpenShell-Community\u002Ftree\u002Fmain\u002Fsandboxes\u002Fbase) | Works out of the box. Provider uses `ANTHROPIC_API_KEY`. |\n| [OpenCode](https:\u002F\u002Fopencode.ai\u002F) | [`base`](https:\u002F\u002Fgithub.com\u002FNVIDIA\u002FOpenShell-Community\u002Ftree\u002Fmain\u002Fsandboxes\u002Fbase) | Works out of the box. Provider uses `OPENAI_API_KEY` or `OPENROUTER_API_KEY`. |\n| [Codex](https:\u002F\u002Fdevelopers.openai.com\u002Fcodex) | [`base`](https:\u002F\u002Fgithub.com\u002FNVIDIA\u002FOpenShell-Community\u002Ftree\u002Fmain\u002Fsandboxes\u002Fbase) | Works out of the box. Provider uses `OPENAI_API_KEY`. |\n| [GitHub Copilot CLI](https:\u002F\u002Fdocs.github.com\u002Fen\u002Fcopilot\u002Fgithub-copilot-in-the-cli) | [`base`](https:\u002F\u002Fgithub.com\u002FNVIDIA\u002FOpenShell-Community\u002Ftree\u002Fmain\u002Fsandboxes\u002Fbase) | Works out of the box. Provider uses `GITHUB_TOKEN` or `COPILOT_GITHUB_TOKEN`. |\n| [OpenClaw](https:\u002F\u002Fopenclaw.ai\u002F) | [Community](https:\u002F\u002Fgithub.com\u002FNVIDIA\u002FOpenShell-Community) | Launch with `openshell sandbox create --from openclaw`. |\n| [Ollama](https:\u002F\u002Follama.com\u002F) | [Community](https:\u002F\u002Fgithub.com\u002FNVIDIA\u002FOpenShell-Community) | Launch with `openshell sandbox create --from ollama`. |\n\n## Key Commands\n\n| Command | Description |\n| ---------------------------------------------------------- | ----------------------------------------------- |\n| `openshell sandbox create -- \u003Cagent>` | Create a sandbox and launch an agent. |\n| `openshell sandbox connect [name]` | SSH into a running sandbox. |\n| `openshell sandbox list` | List all sandboxes. |\n| `openshell provider create --type [type]] --from-existing` | Create a credential provider from env vars. |\n| `openshell policy set \u003Cname> --policy file.yaml` | Apply or update a policy on a running sandbox. |\n| `openshell policy get \u003Cname>` | Show the active policy. |\n| `openshell inference set --provider \u003Cp> --model \u003Cm>` | Configure the `inference.local` endpoint. |\n| `openshell logs [name] --tail` | Stream sandbox logs. |\n| `openshell term` | Launch the real-time terminal UI for debugging. |\n\nSee the [full documentation](https:\u002F\u002Fdocs.nvidia.com\u002Fopenshell\u002Flatest) for command guides, tutorials, and reference material.\n\n## Terminal UI\n\nOpenShell includes a real-time terminal dashboard for monitoring gateways, sandboxes, and providers — inspired by [k9s](https:\u002F\u002Fk9scli.io\u002F).\n\n```bash\nopenshell term\n```\n\n\u003Cp align=\"center\">\n \u003Cimg src=\"fern\u002Fassets\u002Fimages\u002Fopenshell-terminal.png\" alt=\"OpenShell Terminal UI\">\n\u003C\u002Fp>\n\nThe TUI gives you a live, keyboard-driven view of your gateway and sandboxes. Navigate with `Tab` to switch panels, `j`\u002F`k` to move through lists, `Enter` to select, and `:` for command mode. Gateway health and sandbox status auto-refresh every two seconds.\n\n## Community Sandboxes and BYOC\n\nUse `--from` to create sandboxes from the [OpenShell Community](https:\u002F\u002Fgithub.com\u002FNVIDIA\u002FOpenShell-Community) catalog, a local directory, or a container image:\n\n```bash\nopenshell sandbox create --from openclaw # community catalog\nopenshell sandbox create --from .\u002Fmy-sandbox-dir # local Dockerfile\nopenshell sandbox create --from registry.io\u002Fimg:v1 # container image\n```\n\nSee the [community sandboxes](https:\u002F\u002Fdocs.nvidia.com\u002Fopenshell\u002Flatest\u002Fsandboxes\u002Fcommunity-sandboxes) catalog and the [BYOC example](https:\u002F\u002Fgithub.com\u002FNVIDIA\u002FOpenShell\u002Ftree\u002Fmain\u002Fexamples\u002Fbring-your-own-container) for details.\n\n## Explore with Your Agent\n\nClone the repo and point your coding agent at it. The project includes agent skills that can answer questions, walk you through workflows, and diagnose problems — no issue filing required.\n\n```bash\ngit clone https:\u002F\u002Fgithub.com\u002FNVIDIA\u002FOpenShell.git # or git@github.com:NVIDIA\u002FOpenShell.git\ncd OpenShell\n# Point your agent here — it will discover the skills in .agents\u002Fskills\u002F automatically\n```\n\nYour agent can load skills for CLI usage (`openshell-cli`), gateway troubleshooting (`debug-openshell-cluster`), inference troubleshooting (`debug-inference`), policy generation (`generate-sandbox-policy`), and more. See [CONTRIBUTING.md](CONTRIBUTING.md) for the full skills table.\n\n## Built With Agents\n\nOpenShell is developed using the same agent-driven workflows it enables. The `.agents\u002Fskills\u002F` directory contains workflow automation that powers the project's development cycle:\n\n- **Spike and build:** Investigate a problem with `create-spike`, then implement it with `build-from-issue` once a human approves.\n- **Triage and route:** Community issues are assessed with `triage-issue`, classified, and routed into the spike-build pipeline.\n- **Security review:** `review-security-issue` produces a severity assessment and remediation plan. `fix-security-issue` implements it.\n- **Policy authoring:** `generate-sandbox-policy` creates YAML policies from plain-language requirements or API documentation.\n\nAll implementation work is human-gated — agents propose plans, humans approve, agents build. See [AGENTS.md](AGENTS.md) for the full workflow chain documentation.\n\n## Getting Help\n\n- **Questions and discussion:** [GitHub Discussions](https:\u002F\u002Fgithub.com\u002FNVIDIA\u002FOpenShell\u002Fdiscussions)\n- **Bug reports:** [GitHub Issues](https:\u002F\u002Fgithub.com\u002FNVIDIA\u002FOpenShell\u002Fissues) — use the bug report template\n- **Security vulnerabilities:** See [SECURITY.md](SECURITY.md) — do not use GitHub Issues\n- **Agent-assisted help:** Clone the repo and use the agent skills in `.agents\u002Fskills\u002F` for self-service diagnostics\n\n## Learn More\n\n- [Full Documentation](https:\u002F\u002Fdocs.nvidia.com\u002Fopenshell\u002Flatest\u002Findex.html) — overview, architecture, tutorials, and reference\n- [Quickstart](https:\u002F\u002Fdocs.nvidia.com\u002Fopenshell\u002Flatest\u002Fget-started\u002Fquickstart) — detailed install and first sandbox walkthrough\n- [GitHub Sandbox Tutorial](https:\u002F\u002Fdocs.nvidia.com\u002Fopenshell\u002Flatest\u002Ftutorials\u002Fgithub-sandbox) — end-to-end scoped GitHub repo access\n- [Architecture](https:\u002F\u002Fgithub.com\u002FNVIDIA\u002FOpenShell\u002Ftree\u002Fmain\u002Farchitecture) — detailed architecture docs and design decisions\n- [Support Matrix](https:\u002F\u002Fdocs.nvidia.com\u002Fopenshell\u002Flatest\u002Freference\u002Fsupport-matrix) — platforms, versions, and kernel requirements\n- [Brev Launchable](https:\u002F\u002Fbrev.nvidia.com\u002Flaunchable\u002Fdeploy\u002Fnow?launchableID=env-3Ap3tL55zq4a8kew1AuW0FpSLsg) — try OpenShell on cloud compute without local setup\n- [Agent Instructions](AGENTS.md) — system prompt and workflow documentation for agent contributors\n\n## Contributing\n\nOpenShell is built agent-first — your agent is your first collaborator. Before opening issues or submitting code, point your agent at the repo and let it use the skills in `.agents\u002Fskills\u002F` to investigate, diagnose, and prototype. See [CONTRIBUTING.md](CONTRIBUTING.md) for the full agent skills table, contribution workflow, and development setup.\n\n## Notice and Disclaimer\n\nThis software automatically retrieves, accesses or interacts with external materials. Those retrieved materials are not distributed with this software and are governed solely by separate terms, conditions and licenses. You are solely responsible for finding, reviewing and complying with all applicable terms, conditions, and licenses, and for verifying the security, integrity and suitability of any retrieved materials for your specific use case. This software is provided \"AS IS\", without warranty of any kind. The author makes no representations or warranties regarding any retrieved materials, and assumes no liability for any losses, damages, liabilities or legal consequences from your use or inability to use this software or any retrieved materials. Use this software and the retrieved materials at your own risk.\n\n## License\n\nThis project is licensed under the [Apache License 2.0](https:\u002F\u002Fgithub.com\u002FNVIDIA\u002FOpenShell\u002Fblob\u002Fmain\u002FLICENSE).\n","NVIDIA OpenShell 是一个为自主AI代理设计的安全、私密运行时环境。它通过提供沙箱执行环境来保护用户的数据、凭证和基础设施,这些环境由声明式的YAML策略管理,防止未授权的文件访问、数据泄露以及不受控制的网络活动。该项目采用Rust语言编写,强调以代理为中心的设计理念,附带了从网关故障排除到策略生成等多种代理技能。适用于需要在确保安全与隐私的前提下开发或测试AI代理的场景,特别适合个人开发者或是小型团队使用。目前处于Alpha阶段,主要支持单用户模式下的开发工作。",2,"2026-06-11 03:04:36","top_language"]