MCPcopy Index your code
hub / github.com/opensandbox-group/OpenSandbox

github.com/opensandbox-group/OpenSandbox @main sqlite

repository ↗ · DeepWiki ↗
10,942 symbols 50,632 edges 1,168 files 3,787 documented · 35% 1 cross-repo links
README

OpenSandbox logo

OpenSandbox

<a href="https://trendshift.io/repositories/21828" target="_blank">
  <img src="https://trendshift.io/api/badge/repositories/21828" alt="alibaba%2FOpenSandbox | Trendshift" style="width: 320px; height: 70px;" width="320" height="70" />
</a>

Stars OpenSSF Best Practices CNCF Landscape Discord DingTalk E2E Status Kubernetes nightly build status


OpenSandbox is a general-purpose sandbox platform for AI applications, offering multi-language SDKs, unified sandbox APIs, and Docker/Kubernetes runtimes for scenarios like Coding Agents, GUI Agents, Agent Evaluation, AI Code Execution, and RL Training.

Features

  • 🧩 SDKs, CLI, and MCP: Provides multi-language SDKs, the osb CLI, and MCP server integration for sandbox creation, command execution, and file operations. See SDKs, CLI, and MCP.
  • 📜 Sandbox Protocol: Defines sandbox lifecycle management APIs and sandbox execution APIs so you can extend custom sandbox runtimes. See API specs.
  • 🚀 Sandbox Runtime: Built-in lifecycle management supporting Docker and high-performance Kubernetes runtime, enabling both local runs and large-scale distributed scheduling. See Kubernetes runtime.
  • 🖥️ Sandbox Environments: Built-in Command, Filesystem, and Code Interpreter implementations. Examples cover Coding Agents (e.g., Claude Code), browser automation (Chrome, Playwright), and desktop environments (VNC, VS Code).
  • 🚦 Network Policy: Unified ingress gateway with multiple routing strategies plus per-sandbox egress controls. See Ingress Gateway and egress controls.
  • 🔑 Credential Vault: Secure credential injection for sandbox outbound requests without exposing real secrets to workloads. See Credential Vault.
  • 🏰 Strong Isolation: Supports secure container runtimes like gVisor, Kata Containers, and Firecracker microVM for enhanced isolation between sandbox workloads and the host. See Secure Container Runtime Guide for details.

SDKs

Python:

pip install opensandbox

Java/Kotlin (Gradle Kotlin DSL):

dependencies {
    implementation("com.alibaba.opensandbox:sandbox:{latest_version}")
}

Java/Kotlin (Maven):

<dependency>
    <groupId>com.alibaba.opensandbox</groupId>
    <artifactId>sandbox</artifactId>
    <version>{latest_version}</version>
</dependency>

JavaScript/TypeScript:

npm install @alibaba-group/opensandbox

C#/.NET:

dotnet add package Alibaba.OpenSandbox

Go:

go get github.com/alibaba/OpenSandbox/sdks/sandbox/go

CLI

OpenSandbox also provides osb, a terminal CLI for the common sandbox workflow: create sandboxes, run commands, move files, inspect diagnostics, and manage runtime egress policy.

Install:

pip install opensandbox-cli
# or
uv tool install opensandbox-cli

Quick start:

osb config init
osb config set connection.domain localhost:8080
osb config set connection.protocol http
osb config set connection.api_key <your-api-key>
osb sandbox create --image python:3.12 --timeout 30m -o json
osb command run <sandbox-id> -o raw -- python -c "print(1 + 1)"

See the CLI README for the full command reference.

MCP

The OpenSandbox MCP server exposes sandbox creation, command execution, and text file operations to MCP-capable clients such as Claude Code and Cursor.

Install and run:

pip install opensandbox-mcp
opensandbox-mcp --domain localhost:8080 --protocol http

Minimal stdio config:

{
  "mcpServers": {
    "opensandbox": {
      "command": "opensandbox-mcp",
      "args": ["--domain", "localhost:8080", "--protocol", "http"]
    }
  }
}

See the MCP README for client-specific setup.

Getting Started

Requirements:

  • Docker (required for local execution)
  • Python 3.10+ (required for examples and local runtime)

Install and Configure the Sandbox Server

uvx opensandbox-server init-config ~/.sandbox.toml --example docker

uvx opensandbox-server

# Show help
# uvx opensandbox-server -h

Create a Code Interpreter and Execute Commands/Codes

Install the Code Interpreter SDK

uv pip install opensandbox-code-interpreter

Create a sandbox and execute commands and codes.

import asyncio
from datetime import timedelta

from code_interpreter import CodeInterpreter, SupportedLanguage
from opensandbox import Sandbox
from opensandbox.models import WriteEntry

async def main() -> None:
    # 1. Create a sandbox
    sandbox = await Sandbox.create(
        "opensandbox/code-interpreter:v1.1.0",
        entrypoint=["/opt/code-interpreter/code-interpreter.sh"],
        env={"PYTHON_VERSION": "3.11"},
        timeout=timedelta(minutes=10),
    )

    async with sandbox:

        # 2. Execute a shell command
        execution = await sandbox.commands.run("echo 'Hello OpenSandbox!'")
        print(execution.logs.stdout[0].text)

        # 3. Write a file
        await sandbox.files.write_files([
            WriteEntry(path="/tmp/hello.txt", data="Hello World", mode=644)
        ])

        # 4. Read a file
        content = await sandbox.files.read_file("/tmp/hello.txt")
        print(f"Content: {content}") # Content: Hello World

        # 5. Create a code interpreter
        interpreter = await CodeInterpreter.create(sandbox)

        # 6. Execute Python code (single-run, pass language directly)
        result = await interpreter.codes.run(
              """
                  import sys
                  print(sys.version)
                  result = 2 + 2
                  result
              """,
              language=SupportedLanguage.PYTHON,
        )

        print(result.result[0].text) # 4
        print(result.logs.stdout[0].text) # 3.11.14

        # 7. Cleanup the sandbox
        await sandbox.kill()

if __name__ == "__main__":
    asyncio.run(main())

More Examples

OpenSandbox provides examples covering SDK usage, agent integrations, browser automation, and training workloads. All example code is located in the examples/ directory.

🎯 Basic Examples

🤖 Coding Agent Integrations

🌐 Browser and Desktop Environments

  • chrome - Chromium sandbox with VNC and DevTools access for automation and debugging.
  • playwright - Playwright + Chromium headless scraping and testing example.
  • desktop - Full desktop environment in a sandbox with VNC access.
  • vscode - code-server (VS Code Web) running inside a sandbox for remote dev.

🧠 Training and Evaluation

  • rl-training - DQN CartPole training in a sandbox with checkpoints and summary output.
  • harbor-evaluation - Run a Harbor agent evaluation on OpenSandbox, one sandbox per trial.

For more details, please refer to the examples documentation.

Project Structure

Directory Description
sdks/ Multi-language SDKs (Python, Java/Kotlin, TypeScript/JavaScript, C#/.NET)
specs/ OpenAPI specs and lifecycle specifications
server/ Python FastAPI sandbox lifecycle server
cli/ OpenSandbox command-line interface
kubernetes/ Kubernetes deployment and examples
components/execd/ Sandbox execution daemon (commands and file operations)
components/ingress/ Sandbox traffic ingress proxy
components/egress/ Sandbox network egress control
sandboxes/ Runtime sandbox implementations
examples/ Runnable example code
docs/examples/ Example documentation and use cases
oseps/ OpenSandbox Enhancement Proposals
docs/ Architecture and design documentation
tests/ Cross-component E2E tests
scripts/ Development and maintenance scripts

For detailed architecture, see Architecture.

Documentation

License

This project is open source under the Apache 2.0 License.

Roadmap

See ROADMAP.md for the current project roadmap, planning scope, and how roadmap items are managed.

Contact and Discussion

  • Issues: Submit bugs, feature requests, or design discussions through GitHub Issues
  • Discord: Join the OpenSandbox Discord community
  • DingTalk: Join the [OpenSandbox technical discussion group](https://qr.dingtalk.com/a

Extension points exported contracts — how you extend this code

Provider (Interface)
Provider defines the interface for sandbox resource providers Implementations include BatchSandboxProvider, AgentSandbox [6 …
components/ingress/pkg/sandbox/provider.go
Algorithm (Interface)
Algorithm determines how available pods are distributed among sandbox requests. [11 implementers]
kubernetes/internal/controller/algorithm/interface.go
PoolsGetter (Interface)
PoolsGetter has a method to return a PoolInterface. A group's client should implement this interface. [4 implementers]
kubernetes/pkg/client/clientset/versioned/typed/sandbox/v1alpha1/pool.go
ExecdHealth (Interface)
(no doc) [8 implementers]
sdks/sandbox/javascript/src/services/execdHealth.ts
Logger (Interface)
Logger defines the minimal logging surface shared by components. - Formatted levels: Debugf/Infof/Warnf/Errorf - With: a [3 …
components/internal/logger/logger.go
Isolator (Interface)
Interface Isolator wraps an *exec.Cmd in a namespace-isolated execution environment. [3 implementers]
components/execd/pkg/isolation/isolator.go
Subscriber (Interface)
(no doc) [3 implementers]
components/egress/pkg/events/broadcaster.go
Codes (Interface)
(no doc) [2 implementers]
sdks/code-interpreter/javascript/src/services/codes.ts

Core symbols most depended-on inside this repo

Errorf
called by 985
components/internal/logger/logger.go
get
called by 984
sdks/sandbox/javascript/src/services/egress.ts
Run
called by 684
components/egress/pkg/startup/hook.go
Expect
called by 615
kubernetes/internal/utils/expectations/resource_version_expectation.go
run
called by 462
sdks/code-interpreter/javascript/src/services/codes.ts
expect
called by 405
components/execd/tests/smoke_api.py
info
called by 391
cli/src/opensandbox_cli/output.py
Error
called by 375
components/egress/pkg/iptables/redirect.go

Shape

Method 5,240
Function 4,025
Class 806
Struct 486
Interface 181
Route 146
TypeAlias 43
FuncType 15

Languages

Python57%
Go36%
TypeScript5%
Java2%

Modules by API surface

server/tests/test_docker_service.py171 symbols
server/tests/k8s/test_batchsandbox_provider.py122 symbols
server/tests/k8s/test_kubernetes_service.py116 symbols
cli/tests/test_commands.py112 symbols
server/tests/test_validators.py94 symbols
sdks/sandbox/go/opensandbox_test.go88 symbols
server/tests/test_config.py86 symbols
sdks/sandbox/go/types.go74 symbols
kubernetes/internal/controller/batchsandbox_pause_resume_test.go66 symbols
components/egress/pkg/credentialvault/vault.go66 symbols
server/tests/test_schema.py63 symbols
sdks/sandbox/python/src/opensandbox/models/sandboxes.py63 symbols

Used by 1 indexed graphs manifest dependencies, hub-wide

Dependencies from manifests, versioned

cel.dev/exprv0.25.1 · 1×
filippo.io/edwards25519v1.1.1 · 1×
github.com/alibaba/OpenSandbox/sandbox-k8sv0.0.0 · 1×
github.com/alibaba/OpenSandbox/sdks/sandbox/gov0.0.0 · 1×
github.com/alibaba/opensandbox/internalv0.0.0 · 1×
github.com/antlr4-go/antlr/v4v4.13.0 · 1×
github.com/beorn7/perksv1.0.1 · 1×
github.com/blang/semver/v4v4.0.0 · 1×
github.com/blendle/zapdriverv1.3.1 · 1×
github.com/bmatcuk/doublestar/v4v4.9.1 · 1×

For agents

$ claude mcp add OpenSandbox \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact