[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-626":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":17,"stars7d":18,"stars30d":19,"stars90d":16,"forks30d":16,"starsTrendScore":20,"compositeScore":21,"rankGlobal":10,"rankLanguage":10,"license":22,"archived":23,"fork":23,"defaultBranch":24,"hasWiki":23,"hasPages":25,"topics":26,"createdAt":10,"pushedAt":10,"updatedAt":30,"readmeContent":31,"aiSummary":32,"trendingCount":16,"starSnapshotCount":16,"syncStatus":33,"lastSyncTime":34,"discoverSource":35},626,"CubeSandbox","TencentCloud\u002FCubeSandbox","TencentCloud","Instant, Concurrent, Secure & Lightweight Sandbox for AI Agents.","https:\u002F\u002Fdocs.cubesandbox.ai\u002F",null,"Rust",6299,499,28,56,0,26,178,930,121,39.1,"Other",false,"master",true,[27,28,29],"agents","container","sandbox","2026-06-12 02:00:16","\u003Cp align=\"center\">\n  \u003Cimg src=\"docs\u002Fassets\u002Fcube-sandbox-logo.png\" alt=\"Cube Sandbox Logo\" width=\"140\" \u002F>\n\u003C\u002Fp>\n\n\u003Ch1 align=\"center\">CubeSandbox\u003C\u002Fh1>\n\n\u003Cp align=\"center\">\n  \u003Cstrong>Instant, Concurrent, Secure & Lightweight Sandbox Service for AI Agents\u003C\u002Fstrong>\n\u003C\u002Fp>\n\n\u003Cp align=\"center\">\n  \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftencentcloud\u002FCubeSandbox\u002Fstargazers\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Ftencentcloud\u002Fcubesandbox?style=social\" alt=\"GitHub Stars\" \u002F>\u003C\u002Fa>\n  \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftencentcloud\u002FCubeSandbox\u002Fissues\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fissues\u002Ftencentcloud\u002Fcubesandbox\" alt=\"GitHub Issues\" \u002F>\u003C\u002Fa>\n  \u003Ca href=\".\u002FLICENSE\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FLicense-Apache_2.0-green\" alt=\"Apache 2.0 License\" \u002F>\u003C\u002Fa>\n  \u003Ca href=\".\u002FCONTRIBUTING.md\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FPRs-welcome-brightgreen\" alt=\"PRs Welcome\" \u002F>\u003C\u002Fa>\n\u003C\u002Fp>\n\n\u003Cp align=\"center\">\n  \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002F⚡_Startup-Tens_of_ms-blue\" alt=\"Fast startup\" \u002F>\n  \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002F🔒_Isolation-Hardware_Level-critical\" alt=\"Hardware-level isolation\" \u002F>\n  \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002F🔌_API-E2B_Compatible-blueviolet\" alt=\"E2B compatible\" \u002F>\n  \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002F📦_Deploy-High_Concurrency·High_Density-orange\" alt=\"High concurrency & high density\" \u002F>\n\u003C\u002Fp>\n\n\u003Cp align=\"center\">\n  \u003Ca href=\".\u002FREADME_zh.md\">\u003Cstrong>中文文档\u003C\u002Fstrong>\u003C\u002Fa> ·\n  \u003Ca href=\".\u002Fdocs\u002Fguide\u002Fquickstart.md\">\u003Cstrong>Quick Start\u003C\u002Fstrong>\u003C\u002Fa> ·\n  \u003Ca href=\".\u002Fdocs\u002Findex.md\">\u003Cstrong>Documentation\u003C\u002Fstrong>\u003C\u002Fa> ·\n  \u003Ca href=\".\u002Fdocs\u002Fchangelog.md\">\u003Cstrong>Changelog\u003C\u002Fstrong>\u003C\u002Fa>\n\u003C\u002Fp>\n\n---\n\nCube Sandbox is a high-performance, out-of-the-box secure sandbox service built on RustVMM and KVM. It supports both single-node deployment and can be easily scaled to a multi-node cluster. It is compatible with the E2B SDK, capable of creating a hardware-isolated sandbox environment with full service capabilities in under 60ms, while maintaining less than 5MB memory overhead.\n\n\n\u003Cp align=\"center\">\n  \u003Cimg src=\".\u002Fdocs\u002Fassets\u002Freadme_speed_en_1.png\" width=\"400\" \u002F>\n  \u003Cimg src=\".\u002Fdocs\u002Fassets\u002Freadme_overhead_en_1.png\" width=\"400\" \u002F>\n\u003C\u002Fp>\n\n\n## Demos\n\n\u003Ctable align=\"center\">\n  \u003Ctr align=\"center\" valign=\"middle\">\n    \u003Ctd width=\"33%\" valign=\"middle\">\n      \u003Cvideo src=\"https:\u002F\u002Fgithub.com\u002Fuser-attachments\u002Fassets\u002Ff87c409e-29fc-4e86-9eac-dbeaff2aca18\" controls=\"controls\" muted=\"muted\" style=\"max-width: 100%;\">\u003C\u002Fvideo>\n    \u003C\u002Ftd>\n    \u003Ctd width=\"33%\" valign=\"middle\">\n      \u003Cvideo src=\"https:\u002F\u002Fgithub.com\u002Fuser-attachments\u002Fassets\u002F50e7126e-bb73-4abc-aa85-677fdf2e8c67\" controls=\"controls\" muted=\"muted\" style=\"max-width: 100%;\">\u003C\u002Fvideo>\n    \u003C\u002Ftd>\n    \u003Ctd width=\"33%\" valign=\"middle\">\n      \u003Cvideo src=\"https:\u002F\u002Fgithub.com\u002Fuser-attachments\u002Fassets\u002F052e0e77-e2d9-409e-90b8-d13c28b80495\" controls=\"controls\" muted=\"muted\" style=\"max-width: 100%;\">\u003C\u002Fvideo>\n    \u003C\u002Ftd>\n  \u003C\u002Ftr>\n  \u003Ctr align=\"center\" valign=\"top\">\n    \u003Ctd>\n      \u003Cem>Installation & Demo\u003C\u002Fem>\n    \u003C\u002Ftd>\n    \u003Ctd>\n      \u003Cem>Performance Test\u003C\u002Fem>\n    \u003C\u002Ftd>\n    \u003Ctd>\n      \u003Cem>RL (SWE-Bench)\u003C\u002Fem>\n    \u003C\u002Ftd>\n  \u003C\u002Ftr>\n\u003C\u002Ftable>\n\n\n## Core Highlights\n\n- **Blazing-fast cold start:** Built on resource pool pre-provisioning and snapshot cloning technology, skipping time-consuming initialization entirely. Average end-to-end cold start time for a fully serviceable sandbox is \u003C 60ms.\n- **High-density deployment on a single node:** Extreme memory reuse via CoW technology combined with a Rust-rebuilt, aggressively trimmed runtime keeps per-instance memory overhead below 5MB — run thousands of Agents on a single machine.\n- **True kernel-level isolation:** No more unsafe Docker shared-kernel (Namespace) hacks. Each Agent runs with its own dedicated Guest OS kernel, eliminating container escape risks and enabling safe execution of any LLM-generated code.\n- **Zero-cost migration (E2B drop-in replacement):** Natively compatible with the E2B SDK interface. Just swap one URL environment variable — no business logic changes needed — to migrate from expensive closed-source sandboxes to free Cube Sandbox with better performance.\n- **Network security:** CubeVS, powered by eBPF, enforces strict inter-sandbox network isolation at the kernel level with fine-grained egress traffic filtering policies.\n- **Ready to use out of the box:** One-click deployment with support for both single-node and cluster setups.\n- **Event-level snapshot rollback (coming soon):** High-frequency snapshot rollback at millisecond granularity, enabling rapid fork-based exploration environments from any saved state.\n- **Production-ready:** Cube Sandbox has been validated at scale in Tencent Cloud production environments, proven stable and reliable.\n\n## Benchmarks\n\nIn the context of AI Agent code execution, CubeSandbox achieves the perfect balance of security and performance:\n\n| Metric | Docker Container | Traditional VM | CubeSandbox |\n|---|---|---|---|\n| **Isolation Level** | Low (Shared Kernel Namespaces) | High (Dedicated Kernel) | **Extreme (Dedicated Kernel + eBPF)** |\n| **Boot Speed** \u003Cbr>*Full-OS boot duration | 200ms | Seconds | **Sub-millisecond (\u003C60ms)** |\n| **Memory Overhead** | Low (Shared Kernel) | High (Full OS) | **Ultra-low (Aggressively stripped, \u003C5MB)** |\n| **Deployment Density** | High | Low | **Extreme (Thousands per node)** |\n| **E2B SDK Compatible** | \u002F | \u002F | **✅ Drop-in** |\n\n*   *Cold start benchmarked on bare-metal. 60ms at single concurrency; under 50 concurrent creations, avg 67ms, P95 90ms, P99 137ms — consistently sub-150ms.*\n*   *Memory overhead measured with sandbox specs ≤ 32GB. Larger configurations may see a marginal increase.*\n\nFor detailed metrics on startup latency and resource overhead, please refer to:\n\n\n\u003Ctable align=\"center\">\n  \u003Ctr align=\"center\" valign=\"middle\">\n    \u003Ctd width=\"33%\" valign=\"middle\">\n      \u003Cimg src=\".\u002Fdocs\u002Fassets\u002F1-concurrency-create.png\" \u002F>\n    \u003C\u002Ftd>\n    \u003Ctd width=\"33%\" valign=\"middle\">\n      \u003Cimg src=\".\u002Fdocs\u002Fassets\u002F50-concurrency-create.png\" \u002F>\n    \u003C\u002Ftd>\n    \u003Ctd width=\"33%\" valign=\"middle\">\n      \u003Cimg src=\".\u002Fdocs\u002Fassets\u002Fcube-sandbox-mem-overhead.png\" \u002F>\n    \u003C\u002Ftd>\n  \u003C\u002Ftr>\n  \u003Ctr align=\"center\" valign=\"top\">\n    \u003Ctd colspan=\"2\">\n      \u003Cem>Sub-150ms sandbox delivery under both single and high-concurrency workloads\u003C\u002Fem>\n    \u003C\u002Ftd>\n    \u003Ctd>\n      \u003Cem>CubeSandbox base memory footprint across various instance sizes\u003C\u002Fem>\u003Cbr>\n      \u003Csup>(*Blue: Sandbox specifications; Orange: Base memory overhead). Note that memory consumption increases only marginally as instance sizes scale up.\n\u003C\u002Fsup>\n    \u003C\u002Ftd>\n  \u003C\u002Ftr>\n\u003C\u002Ftable>\n\n\n\u003C\u002Fbr>\n\n## Quick Start\n\n\u003Cp align=\"center\">\n  \u003Ca href=\".\u002Fdocs\u002Fguide\u002Fquickstart.md\">\n    \u003Cimg src=\"docs\u002Fassets\u002Ffast-start.gif\" alt=\"Cube Sandbox fast start walkthrough\" width=\"720\" \u002F>\n  \u003C\u002Fa>\n\u003C\u002Fp>\n\n\u003Cp align=\"center\">\n  \u003Cem>⚡ Millisecond-level startup — watch the fast-start flow, then jump into the \u003Ca href=\".\u002Fdocs\u002Fguide\u002Fquickstart.md\" target=\"_blank\">Quick Start guide\u003C\u002Fa>.\u003C\u002Fem>\n\u003C\u002Fp>\n\n\n\n\nCube Sandbox requires a KVM-enabled x86_64 Linux environment — **WSL 2**, a **Linux physical machine**, or a **cloud bare-metal server** all work.\n\n> Don't have one yet?\n> - **Windows users**: run `wsl --install` in an admin PowerShell to set up WSL 2 (requires Windows 11 22H2+, with nested virtualization enabled in BIOS \u002F WSL).\n> - **Others**: grab an x86_64 Linux physical machine, or rent a bare-metal server from a cloud provider.\n\nOnce your environment is ready, launch your first sandbox in four steps:\n\n1. **Prepare the runtime environment** (skip this step if you already have an x86_64 bare-metal Linux server)\n\nRun the following on your WSL \u002F Linux machine:\n\n```bash\ngit clone https:\u002F\u002Fgithub.com\u002Ftencentcloud\u002FCubeSandbox.git\n# For faster access from mainland China, clone from the mirror instead:\n# git clone https:\u002F\u002Fcnb.cool\u002FCubeSandbox\u002FCubeSandbox\n\ncd CubeSandbox\u002Fdev-env\n.\u002Fprepare_image.sh   # one-off: download and initialize the runtime image\n.\u002Frun_vm.sh          # boot the environment; keep this terminal open (Ctrl+a x to exit)\n```\n\nIn a second terminal, log into the environment you just prepared:\n\n```bash\ncd CubeSandbox\u002Fdev-env && .\u002Flogin.sh\n```\n\n> This drops you into a disposable Linux environment where all the subsequent installation happens, so your host stays clean. See [Development Environment](.\u002Fdocs\u002Fguide\u002Fdev-environment.md) for details.\n\n2. **Start the Cube Sandbox Service**\n\nInside the environment you entered via `login.sh` (or directly on your bare-metal server), run **one** of the following commands depending on your location:\n\n- **Global Users** (downloads from GitHub):\n\n  ```bash\n  curl -sL https:\u002F\u002Fgithub.com\u002Ftencentcloud\u002FCubeSandbox\u002Fraw\u002Fmaster\u002Fdeploy\u002Fone-click\u002Fonline-install.sh | bash\n  ```\n\n- **中国用户请执行这条命令 (Mainland China)**:\n\n  ```bash\n  curl -sL https:\u002F\u002Fcnb.cool\u002FCubeSandbox\u002FCubeSandbox\u002F-\u002Fgit\u002Fraw\u002Fmaster\u002Fdeploy\u002Fone-click\u002Fonline-install.sh | MIRROR=cn bash\n  ```\n\n> See [Quick Start — China mainland mirror](.\u002Fdocs\u002Fguide\u002Fquickstart.md#step-2-install) for details.\n\n3. **Create a Code Interpreter Sandbox Template**\n\nAfter installation, create a code interpreter template from the prebuilt image:\n\n```bash\ncubemastercli tpl create-from-image \\\n  --image ccr.ccs.tencentyun.com\u002Fags-image\u002Fsandbox-code:latest \\\n  --writable-layer-size 1G \\\n  --expose-port 49999 \\\n  --expose-port 49983 \\\n  --probe 49999\n```\n\nThen run the following command to monitor the build progress:\n\n```bash\ncubemastercli tpl watch --job-id \u003Cjob_id>\n```\n\n**⚠️ The image is fairly large** — downloading, extracting, and building the template may take a while; please be patient.\n\nWait for the command above to finish and the template status to reach `READY`. Note the **template ID** (`template_id`) from the output — you will need it in the next step.\n\n4. **Run Your First Agent Code**\n\nInstall the Python SDK:\n\n```bash\nyum install -y python3 python3-pip\npip install e2b-code-interpreter\n```\n\nSet environment variables:\n\n```bash\nexport E2B_API_URL=\"http:\u002F\u002F127.0.0.1:3000\"\nexport E2B_API_KEY=\"dummy\"\nexport CUBE_TEMPLATE_ID=\"\u003Cyour-template-id>\"  # template ID obtained from Step 3\nexport SSL_CERT_FILE=\"\u002Froot\u002F.local\u002Fshare\u002Fmkcert\u002FrootCA.pem\"\n```\n\nRun code inside an isolated sandbox:\n\n```python\nimport os\nfrom e2b_code_interpreter import Sandbox  # drop-in E2B SDK\n\n# Cube Sandbox transparently intercepts all requests\nwith Sandbox.create(template=os.environ[\"CUBE_TEMPLATE_ID\"]) as sandbox:\n    result = sandbox.run_code(\"print('Hello from Cube Sandbox, safely isolated!')\")\n    print(result)\n```\n\n> See [Quick Start — Step 4](.\u002Fdocs\u002Fguide\u002Fquickstart.md#step-4-run-your-first-agent) for the full variable reference and more examples.\n\nWant to explore more? Check out the 📂 [`examples\u002F`](.\u002Fexamples\u002F) directory, covering scenarios like: code execution, Shell commands, file operations, browser automation, network policies, pause\u002Fresume, OpenClaw integration, and RL training.\n\n### Deep Dive\n\n- 📖 [Documentation Home](.\u002Fdocs\u002Findex.md) - Complete guide and API reference\n- 🔧 [Template Concepts](.\u002Fdocs\u002Fguide\u002Ftemplates.md) - Image-to-Template concepts and workflows\n- 🌟 [Example Projects](.\u002Fdocs\u002Fguide\u002Ftutorials\u002Fexamples.md) - Hands-on examples demonstrating various Cube Sandbox use cases (Browser automation, OpenClaw integration, RL training workflows, etc.)\n- 💻 [Development Environment (QEMU VM)](.\u002Fdocs\u002Fguide\u002Fdev-environment.md) - No bare-metal? Spin up a disposable OpenCloudOS 9 VM and run Cube Sandbox inside it\n\n## Architecture\n\n\u003Cp align=\"center\">\n  \u003Cimg src=\"docs\u002Fassets\u002Fcube-sandbox-arch.png\" alt=\"Cube Sandbox Architecture\" \u002F>\n\u003C\u002Fp>\n\n| Component | Responsibility |\n|---|---|\n| **CubeAPI** | High-concurrency REST API Gateway (Rust), compatible with E2B. Swap the URL for seamless migration. |\n| **CubeMaster** | Cluster orchestrator. Receives API requests and dispatches them to corresponding Cubelets. Manages resource scheduling and cluster state. |\n| **CubeProxy** | Reverse proxy, compatible with the E2B protocol, routing requests to the appropriate sandbox instances. |\n| **Cubelet** | Compute node local scheduling component. Manages the complete lifecycle of all sandbox instances on the node. |\n| **CubeVS** | eBPF-based virtual switch, providing kernel-level network isolation and security policy enforcement. |\n| **CubeHypervisor & CubeShim** | Virtualization layer — CubeHypervisor manages KVM MicroVMs, CubeShim implements the containerd Shim v2 API to integrate sandboxes into the container runtime. |\n\n👉 For more details, please read the [Architecture Design Document](.\u002Fdocs\u002Farchitecture\u002Foverview.md) and [CubeVS Network Model](.\u002Fdocs\u002Farchitecture\u002Fnetwork.md).\n\n## Community & Contributing\n\nWe welcome contributions of all kinds—whether it’s a bug report, feature suggestion, documentation improvement, or code submission!\n\n- 🐞 **Found a Bug or have questions?** Submit an issue on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftencentcloud\u002FCubeSandbox\u002Fissues\" target=\"_blank\">GitHub Issues\u003C\u002Fa>.\n- 💡 **Have an Idea?** Join the conversation in \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftencentcloud\u002FCubeSandbox\u002Fdiscussions\" target=\"_blank\">GitHub Discussions\u003C\u002Fa>.\n- 🛠️ **Want to Code?** Check out our \u003Ca href=\".\u002FCONTRIBUTING.md\" target=\"_blank\">CONTRIBUTING.md\u003C\u002Fa> to learn how to submit a Pull Request.\n- 💬 **Want to Chat?** Join our \u003Ca href=\"https:\u002F\u002Fdiscord.gg\u002FkkapzDXShb\" target=\"_blank\">Discord\u003C\u002Fa>.\n\n## License\n\nCubeSandbox is released under the [Apache License 2.0](.\u002FLICENSE).\n\nThe birth of CubeSandbox stands on the shoulders of open-source giants. Special thanks to [Cloud Hypervisor](https:\u002F\u002Fgithub.com\u002Fcloud-hypervisor\u002Fcloud-hypervisor), [Kata Containers](https:\u002F\u002Fgithub.com\u002Fkata-containers\u002Fkata-containers), virtiofsd, containerd-shim-rs, ttrpc-rust, and others. We have made tailored modifications to some components to fit the CubeSandbox execution model, and the original in-file copyright notices are preserved.\n","CubeSandbox 是一个为AI代理设计的即时、并发、安全且轻量级的沙盒服务。该项目基于RustVMM和KVM技术构建，能够提供硬件级别的隔离，并在数十毫秒内启动具有完整服务能力的沙箱环境，同时保持较低的内存开销（小于5MB）。它支持单节点部署及多节点集群扩展，兼容E2B SDK，非常适合需要高性能与高安全性沙箱环境的应用场景，如在线代码执行平台、AI实验环境等。",2,"2026-06-11 02:38:13","CREATED_QUERY"]