[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-73292":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":17,"stars7d":18,"stars30d":19,"stars90d":16,"forks30d":16,"starsTrendScore":20,"compositeScore":21,"rankGlobal":10,"rankLanguage":10,"license":22,"archived":23,"fork":23,"defaultBranch":24,"hasWiki":25,"hasPages":23,"topics":26,"createdAt":10,"pushedAt":10,"updatedAt":27,"readmeContent":28,"aiSummary":29,"trendingCount":16,"starSnapshotCount":16,"syncStatus":30,"lastSyncTime":31,"discoverSource":32},73292,"agent-sandbox","kubernetes-sigs\u002Fagent-sandbox","kubernetes-sigs","agent-sandbox enables easy management of isolated, stateful, singleton workloads, ideal for use cases like AI agent runtimes.","https:\u002F\u002Fagent-sandbox.sigs.k8s.io",null,"Go",2823,333,21,94,0,44,148,693,132,29.57,"Apache License 2.0",false,"main",true,[],"2026-06-12 02:03:11","\u003Cdiv align=\"center\">\n  \u003Cimg src=\"site\u002Fassets\u002Ficons\u002Fcolor_logo.svg\" alt=\"Agent Sandbox logo\" width=\"150\" \u002F>\n\n  \u003Ch1>Agent Sandbox\u003C\u002Fh1>\n\u003C\u002Fdiv>\n\n\n\u003Cp>\n  \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fkubernetes-sigs\u002Fagent-sandbox\u002Freleases\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fv\u002Frelease\u002Fkubernetes-sigs\u002Fagent-sandbox\" alt=\"GitHub release\">\u003C\u002Fa>\n  \u003Ca href=\"LICENSE\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FApache-2-blue.svg\" alt=\"Apache-2.0 license\">\u003C\u002Fa>\n  \u003Ca href=\"https:\u002F\u002Fgoreportcard.com\u002Freport\u002Fsigs.k8s.io\u002Fagent-sandbox\">\u003Cimg src=\"https:\u002F\u002Fgoreportcard.com\u002Fbadge\u002Fsigs.k8s.io\u002Fagent-sandbox\" alt=\"Go Report Card\">\u003C\u002Fa>\n\u003C\u002Fp>\n\n[Website](https:\u002F\u002Fagent-sandbox.sigs.k8s.io) · [Docs](https:\u002F\u002Fagent-sandbox.sigs.k8s.io\u002Fdocs\u002F) · [DeepWiki](https:\u002F\u002Fdeepwiki.com\u002Fkubernetes-sigs\u002Fagent-sandbox) · [Getting Started](https:\u002F\u002Fagent-sandbox.sigs.k8s.io\u002Fdocs\u002Fgetting_started\u002F) · [Examples](examples\u002F) · [Roadmap](roadmap.md)\n\n**agent-sandbox enables easy management of isolated, stateful, singleton workloads, ideal for use cases like AI agent runtimes.**\n\nThis project is developing a `Sandbox` Custom Resource Definition (CRD) and controller for Kubernetes, under the umbrella of [SIG Apps](https:\u002F\u002Fgithub.com\u002Fkubernetes\u002Fcommunity\u002Ftree\u002Fmaster\u002Fsig-apps). The goal is to provide a declarative, standardized API for managing workloads that require the characteristics of a long-running, stateful, singleton container with a stable identity, much like a lightweight, single-container VM experience built on Kubernetes primitives.\n\n## Overview\n\n### Core: Sandbox\n\nThe `Sandbox` CRD is the core of agent-sandbox. It provides a declarative API for managing a single, stateful pod with a stable identity and persistent storage. This is useful for workloads that don't fit well into the stateless, replicated model of Deployments or the numbered, stable model of StatefulSets.\n\nKey features of the `Sandbox` CRD include:\n\n*   **Stable Identity:** Each Sandbox has a stable hostname and network identity.\n*   **Persistent Storage:** Sandboxes can be configured with persistent storage that survives restarts.\n*   **Lifecycle Management:** The Sandbox controller manages the lifecycle of the pod, including creation, scheduled deletion, pausing and resuming.\n\n### Extensions\n\nThe `extensions` module provides additional CRDs and controllers that build on the core `Sandbox` API to provide more advanced features.\n\n*   `SandboxTemplate`: Provides a way to define reusable templates for creating Sandboxes, making it easier to manage large numbers of similar Sandboxes.\n*   `SandboxClaim`: Allows users to create Sandboxes from a template, abstracting away the details of the underlying Sandbox configuration.\n*   `SandboxWarmPool`: Manages a pool of pre-warmed Sandboxes that can be quickly allocated to users, reducing the time it takes to get a new Sandbox up and running.\n\n## Architecture\n\nagent-sandbox follows the Kubernetes controller pattern. Users create a Sandbox custom resource, and the controller manages the underlying runtime resources.\n\n### Architecture Diagram\n\n```mermaid\nflowchart LR\n\n    User[User]\n\n    Claim[SandboxClaim]\n    Template[SandboxTemplate]\n    Sandbox[Sandbox]\n\n    Pod[Pod]\n    Runtime[Sandbox Runtime]\n\n    WarmPool[SandboxWarmPool]\n\n    subgraph Extensions[Extensions]\n      Claim\n      Template\n      WarmPool\n    end\n\n    %% User paths\n    User -->|creates| Sandbox\n    User -->|creates| Claim\n\n    %% Claim workflow\n    Claim -->|references| Template\n    Claim -->|adopts| Sandbox\n\n    %% Pod handling\n    Claim -->|adopts sandboxes from| WarmPool\n    Sandbox -->|creates Pod| Pod\n\n    %% Runtime\n    Pod --> Runtime\n\n    %% Warm pool\n    WarmPool -->|pre-warms sandboxes| Sandbox\n```\n\n## Installation\n\n### Core Components & Extensions\n\nYou can install the agent-sandbox controller and its CRDs with the following command.\n\n```sh\n# Replace \"vX.Y.Z\" with a specific version tag (e.g., \"v0.1.0\") from\n# https:\u002F\u002Fgithub.com\u002Fkubernetes-sigs\u002Fagent-sandbox\u002Freleases\nexport VERSION=\"vX.Y.Z\"\n\n# To install only the core components:\nkubectl apply -f https:\u002F\u002Fgithub.com\u002Fkubernetes-sigs\u002Fagent-sandbox\u002Freleases\u002Fdownload\u002F${VERSION}\u002Fmanifest.yaml\n\n# To install the extensions components:\nkubectl apply -f https:\u002F\u002Fgithub.com\u002Fkubernetes-sigs\u002Fagent-sandbox\u002Freleases\u002Fdownload\u002F${VERSION}\u002Fextensions.yaml\n```\n\n### Python SDK\n\nTo interact with the agent-sandbox programmatically, you can use the Python SDK. This client library provides a high-level interface for creating and managing sandboxes.\n\nFor detailed installation and usage instructions, please refer to the [Python SDK README](clients\u002Fpython\u002Fagentic-sandbox-client\u002FREADME.md).\n\n## Configuration\n\nFor advanced scale and concurrency tuning (e.g., API QPS and worker counts), please see the [Configuration Guide](docs\u002Fconfiguration.md).\n\n## Getting Started\n\nOnce you have installed the controller, you can create a simple Sandbox by applying the following YAML to your cluster:\n\n```yaml\napiVersion: agents.x-k8s.io\u002Fv1alpha1\nkind: Sandbox\nmetadata:\n  name: my-sandbox\nspec:\n  podTemplate:\n    spec:\n      containers:\n      - name: my-container\n        image: \u003CIMAGE>\n```\n\nThis will create a new Sandbox named `my-sandbox` running the image you specify. You can then access the Sandbox using its stable hostname, `my-sandbox`.\n\nFor more complex examples, including how to use the extensions, please see the [examples\u002F](examples\u002F) and [extensions\u002Fexamples\u002F](extensions\u002Fexamples\u002F) directories.\n\n## Motivation\n\nKubernetes excels at managing stateless, replicated applications (Deployments) and stable, numbered sets of stateful pods (StatefulSets). However, there's a growing need for an abstraction to handle use cases such as:\n\n*   **Development Environments:** Isolated, persistent, network-accessible cloud environments for developers.\n*   **AI Agent Runtimes:** Isolated environments for executing untrusted, LLM-generated code.\n*   **Notebooks and Research Tools:** Persistent, single-container sessions for tools like Jupyter Notebooks.\n*   **Stateful Single-Pod Services:** Hosting single-instance applications (e.g., build agents, small databases) needing a stable identity without StatefulSet overhead.\n\nWhile these can be approximated by combining StatefulSets (size 1), Services, and PersistentVolumeClaims, this approach is cumbersome and lacks specialized lifecycle management like hibernation.\n\n## Desired Sandbox Characteristics\n\nWe aim for the Sandbox to be vendor-neutral, supporting various runtimes. Key characteristics include:\n\n*   **Strong Isolation:** Supporting different runtimes like gVisor or Kata Containers to provide enhanced security and isolation between the sandbox and the host, including both kernel and network isolation. This is crucial for running untrusted code or multi-tenant scenarios.\n*   **Deep hibernation:** Saving state to persistent storage and potentially archiving the Sandbox object.\n*   **Automatic resume:** Resuming a sandbox on network connection.\n*   **Efficient persistence:** Elastic and rapidly provisioned storage.\n*   **Memory sharing across sandboxes:** Exploring possibilities to share memory across Sandboxes on the same host, even if they are primarily non-homogeneous. This capability is a feature of the specific runtime, and users should select a runtime that aligns with their security and performance requirements.\n*   **Rich identity & connectivity:** Exploring dual user\u002Fsandbox identities and efficient traffic routing without per-sandbox Services.\n*   **Programmable:** Encouraging applications and agents to programmatically consume the Sandbox API.\n\n## Roadmap\n\nThe current Roadmap can be found at [roadmap.md](roadmap.md).\n\n## Community, Discussion, Contribution, and Support\n\nThis is a community-driven effort, and we welcome collaboration!\n\n**Note on PR Velocity:** To maintain high velocity and keep our queues clean, this project uses stale PR management (30-day auto-stale and 15-day auto-close for inactive PRs) and allows maintainers to fast-track or take over approved community PRs. Please read our [Contributing Guidelines](CONTRIBUTING.md) for our full code review and PR policies.\n\n### AI-Assisted Code Reviews (Experimental)\n\nTo help improve our review velocity, we are currently experimenting with AI-assisted code reviews, starting with GitHub Copilot as our automated first-pass reviewer. Here is the workflow:\n\n1. Copilot will be assigned as the first reviewer of all open PRs (skipping PRs without a signed CLA)\n1. After Copilot reviews are posted, the PR will be labeled `action-required: resolve-copilot-comments`\n   * **⚠️ Important Contribution Note:** If you receive a code suggestion from Copilot in your PR, please don't directly apply suggestions via the GitHub UI. It will set Copilot as co-author and break the Kubernetes CLA requirements. For more information, read our [Contributing Guidelines](CONTRIBUTING.md). \n1. After all of Copilot reviews are marked resolved, the PR will be labeled `ready-for-review`\n1. Maintainers will review `ready-for-review` PRs and provide final approval \n\nWe actively welcome your feedback on the quality, relevance, and helpfulness of these automated reviews! As we iterate on this process, we also plan to evaluate and test different AI review tools to find the best fit for our project's workflow.\n\n### Contact Us\n\nLearn how to engage with the Kubernetes community on the [community page](http:\u002F\u002Fkubernetes.io\u002Fcommunity\u002F).\n\nYou can reach the maintainers of this project at:\n\n- [#agent-sandbox Slack channel](https:\u002F\u002Fkubernetes.slack.com\u002Fmessages\u002Fagent-sandbox)\n  - If it's your first time joining the Kubernetes Slack, visit https:\u002F\u002Fslack.k8s.io\u002F to get an invitation.\n  - Log in to [Kubernetes Slack](https:\u002F\u002Fkubernetes.slack.com\u002F) first before joining the channel.\n- [#sig-apps Slack channel](https:\u002F\u002Fkubernetes.slack.com\u002Fmessages\u002Fsig-apps) for general sig-apps discussions\n- [SIG Apps Mailing List](https:\u002F\u002Fgroups.google.com\u002Fa\u002Fkubernetes.io\u002Fg\u002Fsig-apps)\n\nPlease feel free to open issues, suggest features, and contribute code!\n\n### Code of conduct\n\nParticipation in the Kubernetes community is governed by the [Kubernetes Code of Conduct](code-of-conduct.md).\n\n[owners]: https:\u002F\u002Fgit.k8s.io\u002Fcommunity\u002Fcontributors\u002Fguide\u002Fowners.md\n[Creative Commons 4.0]: https:\u002F\u002Fgit.k8s.io\u002Fwebsite\u002FLICENSE\n","agent-sandbox 是一个 Kubernetes 项目，旨在简化隔离的、有状态的、单例工作负载的管理，特别适用于 AI 代理运行时等场景。其核心功能是通过自定义资源定义（CRD）Sandbox 和控制器来实现对具有稳定身份和持久存储需求的工作负载的声明式管理。Sandbox 提供了稳定的主机名和网络标识、持久化存储以及生命周期管理等功能，适用于不适合无状态复制模型或编号稳定模型的应用程序。此外，该项目还提供了扩展模块，如 SandboxTemplate、SandboxClaim 和 SandboxWarmPool，以支持更高级的功能，比如模板复用、从模板创建 Sandbox 以及预热 Sandbox 池的管理，从而进一步提高效率和灵活性。",2,"2026-06-11 03:44:54","high_star"]